Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

am I infected ? elves, trolls, or what ? ?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Copeland

Copeland

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 22 December 2009 - 08:00 PM

Hello, its been awhile since I was on here (Merry Christmas & Happy New Year) so the trouble started out (with the pc) as just slowing down, then went to jumping around when clicking backwards (on sites) on a page. Instead of going back one page it might go back 2 (or more) .. And the screen on the monitor would go black as well sometimes. Also ran into some weird suff trying to get to links on/from google, while looking over the fourm here that seems to be going around, wonder if thats where whatever this is came from ? Then it went to just taking forever to get online then to other sites, still doing that for the most part. What I'm running is windows xp home service pak 3... Since this has started I've downloaded SuperSpyware, MBAM, And have AVG free version 9.0 I've run all three and found some things but the pc.s still not going from site to site any faster... AND THIS PART is weird to me I CAN"T reboot in ANY SAFE MODE F8, useless.... tried Safe with Network, nada, tried Safe with Command Prompt same thing all it will do is loop back around on its self... I also reset internet explorer which seemed to help... at first... now its back to slowwww mode.....Here are some logs that I've gotten trying to get this figured out, and I'm Still NOT into (or know that much about what I'm doing..lol)
Thanks in advance, ya'll are a GREAT bunck of folks here ! :thumbsup:
Robert

SuperSpyware logs :
Quarantine-12-18-2009
Adware.Tracking Cookie
Trojan.Smitfraud Variant/IE <------ below is what SuperSpyware said about this one
HKUS\.DEFAULT\software\microsoft\windows\CURRENTVERSION\EXT\STATS\{9034A523-D068-4BE8-A284-9DF278BE776E}

HKUS\S-1-5-18 software\mirosoftware\windows\CURRENTVERSION\EXT\STATS\{9034A532-D068-4BE8-A284-9Df278BE776}

Here are the logs from MBAM :




12/14/2009 4:06:17 PM
mbam-log-2009-12-14 (16-06-17).txt

Scan type: Quick Scan
Objects scanned: 156960
Time elapsed: 16 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\hDac.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\hDac.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\Y9FP13VS\eHdac48398V0100f070006R55c914c2102T91e12d15201l0409K9cb0a29730dP000601080[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\raidmg.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2009 4:23:33 PM
mbam-log-2009-12-15 (16-23-33).txt

Scan type: Quick Scan
Objects scanned: 155668
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.42
Database version: 3387
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2009 3:13:06 PM
mbam-log-2009-12-18 (15-13-06).txt

Scan type: Quick Scan
Objects scanned: 161128
Time elapsed: 19 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\DCic.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\DCic.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\YDHL5KO5\eHdac48398V0100f070006R8758a193102T91effe63201l0409K5b30414430dP000601080[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YDHL5KO5\eHdac48398V0100f070006R8758a193102T91effe63201l0409K5b30414430dP000601080[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\D9.tmp (Malware.Packer) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.42
Database version: 3409
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2009 12:16:50 PM
mbam-log-2009-12-22 (12-16-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 282964
Time elapsed: 1 hour(s), 22 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Copeland, 23 December 2009 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 December 2009 - 12:50 PM

Still hoping for some help here, I'm not a wiz at this stuff, not by a long shot....... Thanks and happy holidays

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:00 PM

Posted 24 December 2009 - 01:05 PM

You said no safe mode, correct? Do not attempt the safe boot option in msconfig

:flowers:

Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.[/list]
===============================

:thumbsup:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 December 2009 - 01:27 PM

You said no safe mode, correct? Do not attempt the safe boot option in msconfig

:flowers:

Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.[/list]
===============================

:thumbsup:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.



Hi Mark, thank you for the reply... I'll give this a shot and let you know what happens. I really don't know how miscofig even works (scares me...lol) so I wouldn't have bothered with it ...lol

#5 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 December 2009 - 03:29 PM

Hi Mark, heres what I got out of the scan...... And I forgot to say a couple of other things have been going on with the pc, (been a lot on my mind lately..sorry) one is that if anyone (this is a shared pc) lets it just sit idle online but not doing anything, windows will go back to the log on page, (never did that till now) and whoevers online will have to log back on before being able to do anything... Anyway hope this helps you with finding out whats up with this pc... And again a big thank you..... Just tried it out (pc) no changes after that scan, still slowwwer than all get out....

Scanning Report
Thursday, December 24, 2009 12:39:51 - 13:19:43
Computer name: USER-19FECF8315
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

15 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Adrevolver (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
Trojan.Agent.ALNW (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
Rootkit:W32/TDSS.gen!D (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Trojan.Agent.ALNW (virus)
C:\WINDOWS\SYSTEM32\RAIDMG(2)(2).DLL (Not cleaned)
Trojan.Agent.ALNW (virus)
C:\WINDOWS\SYSTEM32\RAIDMG(3)(2).DLL (Not cleaned)
Rootkit:W32/TDSS.gen!D (virus)
C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS (Not cleaned & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31197
System: 3474
Not scanned: 6
Actions:
Disinfected: 12
Renamed: 0
Deleted: 0
Not cleaned: 3
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Edited by Copeland, 24 December 2009 - 03:47 PM.


#6 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 December 2009 - 05:31 PM

Hi Mark, whatever this is seems to be triggered by using google, I got curious because it was redirecting (google) earlier, before I started trying to fix whatever was wrong... So after all the scans I've done, I went back to google to see if would misdirect me again, and sure enough it did. This time AVG kicked in, and stopped it. But on going back to google a second time no AVG warning.... Hope this helps
Thanks,
Robert

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:00 PM

Posted 24 December 2009 - 06:43 PM

Rootkit:W32/TDSS.gen!D (virus)

It looks like you have a rootkit getting ready to bite you in the kiester


:inlove:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
==================

:flowers:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
========================

:trumpet:
USE THIS ONE

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:thumbsup: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 December 2009 - 02:22 PM

Hi Mark and Merry Christmas, Here are the reports you asked for, There was only 2 logs you wanted right ? It looked like 3 ..... Hope I got it right if not I'm sure you'll let me know... lol
Thanks for the help again Mark... :thumbsup:

Robert

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/25 12:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7441000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF5005000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF7620000 Size: 57344 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xEE701000 Size: 14336 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73F9000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BFF000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF4EF5000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7828000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF53F7000 Size: 353920 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7AA6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7980000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6D62000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7630000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75B0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75A0000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7740000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4BEF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF5757000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7CB4000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEE31E000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7900000 Size: 27392 File Visible: - Signed: -
Status: -

Name: fetnd5b.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
Address: 0xF7670000 Size: 42496 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7790000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7948000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73D9000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AA4000 Size: 7936 File Visible: - Signed: -
Status: -

Name: fssfltr_tdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xF6D72000 Size: 48768 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7411000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gagp30kx.sys
Image Path: gagp30kx.sys
Address: 0xF75C0000 Size: 46464 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6FBD000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF6DE6000 Size: 675840 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF6E8B000 Size: 1041152 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF6F8A000 Size: 207616 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEE929000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7690000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7660000 Size: 42112 File Visible: - Signed: -
Status: -

Name: InCDFs.sys
Image Path: C:\WINDOWS\system32\drivers\InCDFs.sys
Address: 0xF54BA000 Size: 112384 File Visible: - Signed: -
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\system32\drivers\InCDPass.sys
Address: 0xF78E0000 Size: 31360 File Visible: - Signed: -
Status: -

Name: InCDrec.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Address: 0xF7A14000 Size: 10624 File Visible: - Signed: -
Status: -

Name: InCDRm.sys
Image Path: C:\WINDOWS\system32\drivers\InCDRm.sys
Address: 0xF7650000 Size: 33792 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xEF4DC000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF53D1000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF54A7000 Size: 75264 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irda.sys
Address: 0xEF971000 Size: 88192 File Visible: - Signed: -
Status: -

Name: irenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irenum.sys
Address: 0xF7A58000 Size: 11264 File Visible: - Signed: -
Status: -

Name: irsir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irsir.sys
Address: 0xF7908000 Size: 18688 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7570000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7918000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A70000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF7009000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73B0000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xEF855000 Size: 9920 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7AA8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78F8000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7910000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7580000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEF534000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF4F45000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7960000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76D0000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF79F4000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72C9000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72E3000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A64000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEFAA7000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6DBB000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76F0000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7770000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF5027000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7968000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7310000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C70000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6DD2000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77F8000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AFA000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7430000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B38000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77F0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF5763000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6DAA000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7930000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7A18000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Address: 0xF7920000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76A0000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76B0000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76C0000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7938000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF4FB5000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7AAA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xEE992000 Size: 139520 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7640000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE606000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF5787000 Size: 4415488 File Visible: - Signed: -
Status: -

Name: S3gIGP.dll
Image Path: C:\WINDOWS\System32\S3gIGP.dll
Address: 0xBF012000 Size: 647168 File Visible: - Signed: -
Status: -

Name: S3gIGPm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
Address: 0xF7040000 Size: 630784 File Visible: - Signed: -
Status: -

Name: s3ginv.dll
Image Path: C:\WINDOWS\System32\s3ginv.dll
Address: 0xBF0B0000 Size: 2875392 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7970000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF7890000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF4FE0000 Size: 151552 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A54000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7680000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73C7000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEF32A000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF77D0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A9A000 Size: 4352 File Visible: - Signed: -
Status: -

Name: symlcbrd.sys
Image Path: C:\WINDOWS\system32\drivers\symlcbrd.sys
Address: 0xF7878000 Size: 24576 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEF3D4000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF544E000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7928000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF7940000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76E0000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6C84000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xF77E0000 Size: 60032 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7978000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A9C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78F0000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7730000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6FE5000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7848000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF7A38000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF4DF6000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78E8000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7958000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A74000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF702C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7590000 Size: 52352 File Visible: - Signed: -
Status: -

Name: VX3000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX3000.sys
Address: 0xF4C07000 Size: 1959296 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7760000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7880000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEF185000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A72000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF739D000 Size: 77568 File Visible: - Signed: -
Status: -



Volume in drive C has no label.
Volume Serial Number is 6CA0-80CA

Directory of C:\WINDOWS\$NtServicePackUninstall$

02/28/2006 05:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

02/28/2006 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

02/28/2006 05:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 55,770,394,624 bytes free

#9 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 December 2009 - 02:33 PM

Hi Mark, I hope this isn't as confusing to you as it was to me, I went into Rootrepeal Settings and under options and checked other box's that weren't checked the first time.....

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/25 12:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7441000 Size: 187776 File Visible: - Signed: Yes
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF5005000 Size: 138496 File Visible: - Signed: Yes
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF7620000 Size: 57344 File Visible: - Signed: Yes
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xEE701000 Size: 14336 File Visible: - Signed: Yes
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73F9000 Size: 96512 File Visible: - Signed: No
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: Yes
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BFF000 Size: 3072 File Visible: - Signed: Yes
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF4EF5000 Size: 326528 File Visible: - Signed: Yes
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7828000 Size: 21760 File Visible: - Signed: Yes
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF53F7000 Size: 353920 File Visible: - Signed: Yes
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7AA6000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7980000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6D62000 Size: 63744 File Visible: - Signed: Yes
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7630000 Size: 62976 File Visible: - Signed: Yes
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75B0000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75A0000 Size: 36352 File Visible: - Signed: Yes
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7740000 Size: 61440 File Visible: - Signed: Yes
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4BEF000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC2000 Size: 8192 File Visible: No Signed: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF5757000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: Yes
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7CB4000 Size: 4096 File Visible: - Signed: Yes
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEE31E000 Size: 143744 File Visible: - Signed: Yes
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7900000 Size: 27392 File Visible: - Signed: Yes
Status: -

Name: fetnd5b.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
Address: 0xF7670000 Size: 42496 File Visible: - Signed: Yes
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7790000 Size: 44544 File Visible: - Signed: Yes
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7948000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73D9000 Size: 129792 File Visible: - Signed: Yes
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AA4000 Size: 7936 File Visible: - Signed: Yes
Status: -

Name: fssfltr_tdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xF6D72000 Size: 48768 File Visible: - Signed: Yes
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7411000 Size: 125056 File Visible: - Signed: Yes
Status: -

Name: gagp30kx.sys
Image Path: gagp30kx.sys
Address: 0xF75C0000 Size: 46464 File Visible: - Signed: Yes
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: Yes
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6FBD000 Size: 163840 File Visible: - Signed: Yes
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF6DE6000 Size: 675840 File Visible: - Signed: Yes
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF6E8B000 Size: 1041152 File Visible: - Signed: Yes
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF6F8A000 Size: 207616 File Visible: - Signed: Yes
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEE929000 Size: 265728 File Visible: - Signed: Yes
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7690000 Size: 52480 File Visible: - Signed: Yes
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7660000 Size: 42112 File Visible: - Signed: Yes
Status: -

Name: InCDFs.sys
Image Path: C:\WINDOWS\system32\drivers\InCDFs.sys
Address: 0xF54BA000 Size: 112384 File Visible: - Signed: No
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\system32\drivers\InCDPass.sys
Address: 0xF78E0000 Size: 31360 File Visible: - Signed: No
Status: -

Name: InCDrec.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Address: 0xF7A14000 Size: 10624 File Visible: - Signed: No
Status: -

Name: InCDRm.sys
Image Path: C:\WINDOWS\system32\drivers\InCDRm.sys
Address: 0xF7650000 Size: 33792 File Visible: - Signed: No
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xEF4DC000 Size: 32896 File Visible: - Signed: Yes
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF53D1000 Size: 152832 File Visible: - Signed: Yes
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF54A7000 Size: 75264 File Visible: - Signed: Yes
Status: -

Name: irda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irda.sys
Address: 0xEF971000 Size: 88192 File Visible: - Signed: Yes
Status: -

Name: irenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irenum.sys
Address: 0xF7A58000 Size: 11264 File Visible: - Signed: Yes
Status: -

Name: irsir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irsir.sys
Address: 0xF7908000 Size: 18688 File Visible: - Signed: Yes
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7570000 Size: 37248 File Visible: - Signed: Yes
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7918000 Size: 24576 File Visible: - Signed: Yes
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A70000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xED3DA000 Size: 172416 File Visible: - Signed: Yes
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF7009000 Size: 143360 File Visible: - Signed: Yes
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73B0000 Size: 92928 File Visible: - Signed: Yes
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xEF855000 Size: 9920 File Visible: - Signed: Yes
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7AA8000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78F8000 Size: 30080 File Visible: - Signed: Yes
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7910000 Size: 23040 File Visible: - Signed: Yes
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7580000 Size: 42368 File Visible: - Signed: Yes
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEF534000 Size: 180608 File Visible: - Signed: Yes
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF4F45000 Size: 455296 File Visible: - Signed: Yes
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7960000 Size: 19072 File Visible: - Signed: Yes
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76D0000 Size: 35072 File Visible: - Signed: Yes
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF79F4000 Size: 15488 File Visible: - Signed: Yes
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72C9000 Size: 105344 File Visible: - Signed: Yes
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72E3000 Size: 182656 File Visible: - Signed: Yes
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A64000 Size: 10112 File Visible: - Signed: Yes
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEFAA7000 Size: 14592 File Visible: - Signed: Yes
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6DBB000 Size: 91520 File Visible: - Signed: Yes
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76F0000 Size: 40576 File Visible: - Signed: Yes
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7770000 Size: 34688 File Visible: - Signed: Yes
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF5027000 Size: 162816 File Visible: - Signed: Yes
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7968000 Size: 30848 File Visible: - Signed: Yes
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7310000 Size: 574976 File Visible: - Signed: Yes
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C70000 Size: 2944 File Visible: - Signed: Yes
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6DD2000 Size: 80128 File Visible: - Signed: Yes
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77F8000 Size: 19712 File Visible: - Signed: Yes
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AFA000 Size: 6784 File Visible: - Signed: Yes
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7430000 Size: 68224 File Visible: - Signed: Yes
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B38000 Size: 3328 File Visible: - Signed: Yes
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77F0000 Size: 28672 File Visible: - Signed: Yes
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF5763000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6DAA000 Size: 69120 File Visible: - Signed: Yes
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7930000 Size: 17792 File Visible: - Signed: Yes
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7A18000 Size: 8832 File Visible: - Signed: Yes
Status: -

Name: rasirda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Address: 0xF7920000 Size: 19584 File Visible: - Signed: Yes
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76A0000 Size: 51328 File Visible: - Signed: Yes
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76B0000 Size: 41472 File Visible: - Signed: Yes
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76C0000 Size: 48384 File Visible: - Signed: Yes
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7938000 Size: 16512 File Visible: - Signed: Yes
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF4FB5000 Size: 175744 File Visible: - Signed: Yes
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7AAA000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xEE992000 Size: 139520 File Visible: - Signed: Yes
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7640000 Size: 57600 File Visible: - Signed: Yes
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE606000 Size: 49152 File Visible: No Signed: No
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF5787000 Size: 4415488 File Visible: - Signed: Yes
Status: -

Name: S3gIGP.dll
Image Path: C:\WINDOWS\System32\S3gIGP.dll
Address: 0xBF012000 Size: 647168 File Visible: - Signed: Yes
Status: -

Name: S3gIGPm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
Address: 0xF7040000 Size: 630784 File Visible: - Signed: Yes
Status: -

Name: s3ginv.dll
Image Path: C:\WINDOWS\System32\s3ginv.dll
Address: 0xBF0B0000 Size: 2875392 File Visible: - Signed: Yes
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7970000 Size: 24576 File Visible: - Signed: Yes
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF7890000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF4FE0000 Size: 151552 File Visible: - Signed: Yes
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A54000 Size: 15744 File Visible: - Signed: Yes
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7680000 Size: 64512 File Visible: - Signed: Yes
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73C7000 Size: 73472 File Visible: - Signed: Yes
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEF32A000 Size: 333952 File Visible: - Signed: Yes
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF77D0000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A9A000 Size: 4352 File Visible: - Signed: Yes
Status: -

Name: symlcbrd.sys
Image Path: C:\WINDOWS\system32\drivers\symlcbrd.sys
Address: 0xF7878000 Size: 24576 File Visible: - Signed: Yes
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEF3D4000 Size: 60800 File Visible: - Signed: Yes
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF544E000 Size: 361600 File Visible: - Signed: Yes
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7928000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF7940000 Size: 21760 File Visible: - Signed: Yes
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76E0000 Size: 40704 File Visible: - Signed: Yes
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6C84000 Size: 384768 File Visible: - Signed: Yes
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xF77E0000 Size: 60032 File Visible: - Signed: Yes
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7978000 Size: 32128 File Visible: - Signed: Yes
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A9C000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78F0000 Size: 30208 File Visible: - Signed: Yes
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7730000 Size: 59520 File Visible: - Signed: Yes
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6FE5000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7848000 Size: 25856 File Visible: - Signed: Yes
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF7A38000 Size: 15104 File Visible: - Signed: Yes
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF4DF6000 Size: 26368 File Visible: - Signed: Yes
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78E8000 Size: 20608 File Visible: - Signed: Yes
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7958000 Size: 20992 File Visible: - Signed: Yes
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A74000 Size: 5376 File Visible: - Signed: Yes
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF702C000 Size: 81920 File Visible: - Signed: Yes
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7590000 Size: 52352 File Visible: - Signed: Yes
Status: -

Name: VX3000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX3000.sys
Address: 0xF4C07000 Size: 1959296 File Visible: - Signed: Yes
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7760000 Size: 34560 File Visible: - Signed: Yes
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7880000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEF185000 Size: 83072 File Visible: - Signed: Yes
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: Yes
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: Yes
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A72000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: Yes
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF739D000 Size: 77568 File Visible: - Signed: Yes
Status: -

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:00 PM

Posted 26 December 2009 - 02:58 PM

I am going to recommend that you submit a DDS / HJT log

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log. Use the one you just ran

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 Copeland

Copeland
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 26 December 2009 - 03:47 PM

I am going to recommend that you submit a DDS / HJT log

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log. Use the one you just ran

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck



Ok and thanks again for all your help ! , garmanma/Mark

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,948 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:00 PM

Posted 26 December 2009 - 08:21 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/281714/possible-rootkit32tddsgen-d/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users