Help
This topic is locked
Last night after I ran Super AntiSpyware, I restarted my computer but I got the Blue Screen that came up with "STOP: c000021a (Fatal System Error). The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down." I have a PC and I have tried starting in Safe mode and restoring from the last known good configuration but nothing works. The same Blue Screen comes up with everything I try and it doesn't allow me to even get to the logon screen. Any assistance would be greatly appreciated!
P.S. I don't have any of the Windows CD's or anything like that as I got this laptop from my friend about a year ago.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Fatal System Error
Back to top
#2
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 01 May 2011 - 05:18 PM
Hello and welcome to Bleeping Computer
My name is etavares and I will be working with you to fix your computer.
Please take note:
That sounds like a leftover from a Bamital infection. It patches windows system files that antiviruses often detect and remove...but windows can't boot without them. We can fix this.
To proceed, we need access to a bootable computer, and a USB flash drive. We'll verify the issue, then likely need to replace a file from the infected machine. So...please reply and let me know if you have a USB flash drive and another computer we can use to download and prep the USB drive.
Thanks,
-etavares
My name is etavares and I will be working with you to fix your computer.
Please take note:
- If you have since resolved the original problem you were having, we would appreciate you letting us know.
- If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
- Please tell us if you have your original Windows CD/DVD available.
- If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
- Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
- Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
- If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
- If you have already posted a log, please do so again as instructed below, as your situation may have changed.
- Use the 'Add Reply' and add the new log to this thread.
That sounds like a leftover from a Bamital infection. It patches windows system files that antiviruses often detect and remove...but windows can't boot without them. We can fix this.
To proceed, we need access to a bootable computer, and a USB flash drive. We'll verify the issue, then likely need to replace a file from the infected machine. So...please reply and let me know if you have a USB flash drive and another computer we can use to download and prep the USB drive.
Thanks,
-etavares
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#3
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 01 May 2011 - 05:50 PM
Yes I have access to a bootable computer and I have an external hard drive that I can use to download any files onto.
#4
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 01 May 2011 - 08:26 PM
An external hard drive won't work, unless you're willing to completely wipe it. That's why I suggested a USB flash drive. We need to format it and make it bootable and boot your computer from it to regain control. If you want to completely format the external HD that will work, but usually it's easier to use a smaller USB flash drive. Please let me know!
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#5
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 01 May 2011 - 10:51 PM
Ok I went and got a USB flash drive so I'm ready to go!
#6
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 02 May 2011 - 03:39 PM
Hello, nflskins12.
Great! We're going to create a bootable computer on your flash drive. By booting outside of Windows, we'll be able to see what's missing that is keeping windows from loading.
Try this please. You will need a USB drive.
Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
Please note - all text entries are case sensitive
Copy and paste the report.txt and filefind.txt for my review
etavares
Great! We're going to create a bootable computer on your flash drive. By booting outside of Windows, we'll be able to see what's missing that is keeping windows from loading.
Try this please. You will need a USB drive.
Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
- Insert your USB drive
- Press Start > My Computer > right click your USB drive > choose Format > Quick format
- Double click the unetbootin-xpud-windows-387.exe that you just downloaded
- Press Run then OK
- Select the DiskImage option then click the browse button located on the right side of the textbox field.
- Browse to and select the xpud-0.9.2.iso file you downloaded
- Verify the correct drive letter is selected for your USB device then click OK
- It will install a little bootable OS on your USB device
- Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
- After it has completed do not choose to reboot the clean computer simply close the installer
- Next download http://noahdfear.net/downloads/driver.sh to your USB
- Remove the USB and insert it in the sick computer
- Boot the Sick computer
- Press F12 and choose to boot from the USB
- Follow the prompts
- A Welcome to xPUD screen will appear
- Press File
- Expand mnt
- sda1,2...usually corresponds to your HDD
- sdb1 is likely your USB
- Click on the folder that represents your USB drive (sdb1 ?)
- Confirm that you see driver.sh that you downloaded there
- Press Tool at the top
- Choose Open Terminal
- Type bash driver.sh
- Press Enter
- After it has finished a report will be located on your USB drive named report.txt
- At this point, Type bash driver.sh -af and press Enter
- You will be prompted to input a filename.
- Type the following:
explorer.exe - Press Enter
- If successful, the script will search this file.
- When prompted again, type the bold text below to search and press Enter.
winlogon.exe - When prompted again, type the bold text below to end the script.
exit - After it has finished a report will be located in the USB drive as filefind.txt
- Remove the USB drive and insert back in your working computer and navigate to the two reports to post them here.
Please note - all text entries are case sensitive
Copy and paste the report.txt and filefind.txt for my review
etavares
This post has been edited by etavares: 02 May 2011 - 03:40 PM
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#7
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 02 May 2011 - 05:26 PM
Here is the report.txt file:
Mon May 2 18:15:58 UTC 2011
Driver report for /mnt/sda1/Qoobox/Quarantine/C/WINDOWS/system32/drivers
Driver report for /mnt/sda1/WINDOWS/system32/drivers
009927db8019c54477dabf6f9d795053 1394bus.sys
Microsoft Corporation
9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation
a10c7534f7223f4a73a948967d00e69b acpi.sys
Microsoft Corporation
1ee7b434ba961ef845de136224c30fec aec.sys
Microsoft Corporation
6a0397376853e604de8e1e7a87fc08ac afd.sys
Microsoft Corporation
c41a5740468d0b9cb46e6390a0e15ce3 AGRSM.sys
Agere Systems
dad16a9d5c873e7219e6b43802ed316a amdk6.sys
Microsoft Corporation
680ad1c1bb16239e28d8f33a54a7a3c7 amdk7.sys
Microsoft Corporation
f0d692b0bffb46e30eb3cea168bbc49f arp1394.sys
Microsoft Corporation
02000abf34af4c218c35d257024807d6 asyncmac.sys
Microsoft Corporation
cdfe4411a69c224bd1d11b2da92dac51 atapi.sys
Microsoft Corporation
ec88da854ab7d7752ec8be11a741bb7f atmarpc.sys
Microsoft Corporation
39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation
0128e78fe835f074e469f03db681ca9e atmlane.sys
Microsoft Corporation
e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation
d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation
ea22edadf90c0aba8319454b2a07b700 battc.sys
Microsoft Corporation
da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation
0d266f08aed52d9b17b3c61be01dd576 blankscr.sys
tHVS_VERSION_INFOaa?adStringFileInfo@bHCommentsNovellZENBlankScreenbCompanyNameNovellInc.VFileDescriptionScreenBlankingDrivervFileVersion,,,@InternalNamescreenblank.sysLegalCopyrightCopyright-NovellInc.,AllRightsreserved.(LegalTrademarksHOriginalFilenamescreenblank.sysPrivateBuildVProductNameZENworksRemoteManagement:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt@%
e4e6a0922e3d983728c9ad4e8d466954 bridge.sys
Microsoft Corporation
95ef6f3f386d93ee1e4d9ca45a50252a bthport.sys
Microsoft Corporation
90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation
6163ed60b684bab19d3352ab22fc48b2 CCDECODE.sys
Microsoft Corporation
c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation
cd7d5152df32b47f4e36f710b35aae02 cdfs.sys
Microsoft Corporation
bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions
2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions
7b53584d94e9d8716b2de91d5f1cb42d cdrom.sys
Microsoft Corporation
b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies
d86173b401470f06d9810f7962969ddf classpnp.sys
Microsoft Corporation
4266be808f85826aedf3c64c1e240203 CmBatt.sys
Microsoft Corporation
df1b1a24bf52d0ebc01ed4ece8979f50 compbatt.sys
Microsoft Corporation
0b2b1b3217cbc51cd06a30e28c8e5cad CPEb.sys
HVS_VERSION_INFO?TStringFileInfobComments.aCompanyNameCompalLFileDescriptionECDriverforAvFileVersion,,,InternalNameXLegalCopyrightCompalCopyright©(LegalTrademarks(OriginalFilenamePrivateBuildProductName$ProductVersionSpecialBuildDVarFileInfo$Translationt*
9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp
6af1684ccaac3f7ef4ee9ba65eb0677a crusoe.sys
Microsoft Corporation
566cca06fb1b98dff3e9eea563b6334e Darpan.sys
ttVS_VERSION_INFOaa?b$StringFileInfobComments:rCompanyNameNovell,Inc.l"FileDescriptionZENworksRemoteManagementdriverbFileVersion....aInternalNameDarpanLegalCopyrightCopyright-NovellInc.,Allrightsreserved.(LegalTrademarks>vOriginalFilenameDarpan.sysPrivateBuildXProductNameZENworksRemoteManagementbProductVersion...SpecialBuildDVarFileInfo$Translationt
d16c81677a9be399c63cd2ea486472a5 diskdump.sys
Microsoft Corporation
00ca44e4534865f8a3b64f7c0984bff0 disk.sys
Microsoft Corporation
c0fbb516e06e243f0cf31f597e7ebf7d dmboot.sys
Microsoft Corp
f5e7b358a732d09f4bcf2824b88b9e28 dmio.sys
Microsoft Corp
e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp
a6f881284ac1150e37d9ae47ff601267 DMusic.sys
Microsoft Corporation
1ed4dbbae9f5d558dbba4cc450e3eb2e drmkaud.sys
Microsoft Corporation
ff86422268de771d571e123eb7092c6a drmk.sys
Microsoft Corporation
fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation
d3dac8432110aad0b02a58b4459ab835 dxg.sys
Microsoft Corporation
a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation
01857b94bd3f8c99188862d026c925c0 EMS7SK.sys
?baStringFileInfoBHCompanyNameENETechnologyInc.x(FileDescriptionENEPCIMemoryStickCardReaderDriverRFileVersion..builtby:WinDDKvInternalNameEMSSK.sysv)LegalCopyrightENETechnologyInc.Allrightsreserved.>vOriginalFilenameEMSSK.sysp(ProductNameENEPCIMemoryStickCardReaderDriver@ProductVersion...DVarFileInfo$Translationt
80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation
5983f3f91487c2a2a514c17245a0e25d ESD7SK.sys
?baStringFileInfoBHCompanyNameENETechnologyInc.FileDescriptionENEPCISecureDigital/MMCCardReaderDriverRFileVersion..builtby:WinDDKvInternalNameESDSK.sysv)LegalCopyrightENETechnologyInc.Allrightsreserved.>vOriginalFilenameESDSK.sysProductNameENEPCISecureDigital/MMCCardReaderDriver@ProductVersion...DVarFileInfo$Translationt
3117f595e9615e04f05a54fc15a03b20 fastfat.sys
Microsoft Corporation
ced2e8396a8838e59d8fd529c680e02c fdc.sys
Microsoft Corporation
e153ab8a11de5452bcf5ac7652dbf3ed fips.sys
Microsoft Corporation
0dd1de43115b93f4d85e889d7a86f548 flpydisk.sys
Microsoft Corporation
3d234fb6d6ee875eb009864a299bea29 fltmgr.sys
Microsoft Corporation
3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation
455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation
6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation
5dc17164f66380cbfefd895c18467773 GEARAspiWDM.sys
GEAR Software
3fcc124b6e08ee0e9351f717dd136939 Hdaudbus.sys
Windows Server DDK provider
2a013e7530beab6e569faa83f517e836 Hdaudio.sys
Windows Server DDK provider
610ff50334eae591954dedd3617d25c3 hidclass.sys
Microsoft Corporation
5fff41cd5108e9051d255c37825af697 hidparse.sys
Microsoft Corporation
1de6783b918f540149aa69943bdfeba8 hidusb.sys
Microsoft Corporation
d03d10f7ded688fecf50f8fbf1ea9b8a HPZid412.sys
HP
89f41658929393487b6b7d13c8528ce3 HPZipr12.sys
HP
abcb05ccdbf03000354b9553820e39f8 HPZius12.sys
HP
9f8b0f4276f618964fd118be4289b7cd http.sys
Microsoft Corporation
5502b58eef7486ee6f93f3f164dcb808 i8042prt.sys
Microsoft Corporation
0f0194c4b635c10c3f785e4fee52d641 ialmnt5.sys
Intel Corporation
f8aa320c6a0409c0380e5d8a99d76ec6 imapi.sys
Microsoft Corporation
279fb78702454dff2bb445f238c048d2 intelppm.sys
Microsoft Corporation
4448006b6bc60e6c027932cfc38d6855 ip6fw.sys
Microsoft Corporation
731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation
e1ec7f5da720b640cd8fb8424f1b14bb ipinip.sys
Microsoft Corporation
d58ecd3b3969a670e68588f1640920b6 ipnat.sys
Microsoft Corporation
64537aa5c003a6afeee1df819062d0d1 ipsec.sys
Microsoft Corporation
50708daa1b1cbb7d6ac1cf8f56a24410 irenum.sys
Microsoft Corporation
e504f706ccb699c2596e9a3da1596e87 isapnp.sys
Microsoft Corporation
ebdee8a2ee5393890a1acee971c4c246 kbdclass.sys
Microsoft Corporation
e182fa8e49e8ee41b4adc53093f3c7e6 kbdhid.sys
Microsoft Corporation
ba5deda4d934e6288c2f66caf58d2562 kmixer.sys
Microsoft Corporation
1be7cc2535d760ae4d481576eb789f24 ksecdd.sys
Microsoft Corporation
b9540e258f952650de8dec68719a5c97 ks.sys
Microsoft Corporation
d9f3bb7c292f194f3b053ce295754eb8 lgusbbus.sys
tH*VS_VERSION_INFObb?`StringFileInfo<bCommentsHCompanyNameLGElectronicsInc.l"FileDescriptionLGCDMAUSBMultifunctionDrivernFileVersionVer...aInternalNameUSBBUSh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.BrOriginalFilenamelgusbbus.sysPrivateBuildd"ProductNameLGCDMAUSBMultifunctionDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt
c4f77da649f99fad116ea585376fc164 lgusbdiag.sys
tH`JVS_VERSION_INFObb?StringFileInfobCommentsHCompanyNameLGElectronicsInc.fFileDescriptionLGCDMAUSBDiagnosticsDrivernFileVersionVer..nInternalNameLGUSBDIAGh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.DOriginalFilenamelgusbdiag.sysPrivateBuild^ProductNameLGCDMAUSBDiagnosticsDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt*
c0613ce45e617bc671de8ebb1b30d175 lgusbmodem.sys
tHPVS_VERSION_INFObb?LStringFileInfo(bCommentsHCompanyNameLGElectronicsInc.ZFileDescriptionLGCDMAUSBModemDrivernFileVersionVer..vInternalNameLGUSBMODEMh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.FOriginalFilenamelgusbmodem.sysPrivateBuildRProductNameLGCDMAUSBModemDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt*
d68e165c3123aba3b1282eddb4213bd8 mbamswissarmy.sys
Malwarebytes Corporation
836e0e09ca9869be7eb39ef2cf3602c7 mbam.sys
Malwarebytes Corporation
d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation
729d83e56c29c510258a6e9e79ffddc3 mf.sys
Microsoft Corporation
4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation
6fc6f9d7acc36dca9b914565a3aeda05 modem.sys
Microsoft Corporation
34e1f0031153e491910e12551400192c mouclass.sys
Microsoft Corporation
b1c303e17fb9d46e87a98e4ba6769685 mouhid.sys
Microsoft Corporation
65653f3b4477f3c63e68a9659f85ee2e mountmgr.sys
Microsoft Corporation
eee50bf24caeedb515a8f3b22756d3bb mqac.sys
Microsoft Corporation
29414447eb5bde2f8397dc965dbb3156 mrxdav.sys
Microsoft Corporation
fb6c89bb3ce282b08bdb1e3c179e1c39 mrxsmb.sys
Microsoft Corporation
561b3a4333ca2dbdba28b5b956822519 msfs.sys
Microsoft Corporation
c0f1d4a21de5a415df8170616703debf msgpc.sys
Microsoft Corporation
ae431a8dd3c1d0d0610cdbac16057ad0 MSKSSRV.sys
Microsoft Corporation
13e75fef9dfeb08eeded9d0246e1f448 MSPCLOCK.sys
Microsoft Corporation
1988a33ff19242576c3d0ef9ce785da7 MSPQM.sys
Microsoft Corporation
469541f8bfd2b32659d5d463a6714bce mssmbios.sys
Microsoft Corporation
bf13612142995096ab084f2db7f40f77 MSTEE.sys
Microsoft Corporation
f66b6b1cddee6ca87cefc016eb7a0d8e mup.sys
Microsoft Corporation
5c8dc6429c43dc6177c1fa5b76290d1a NABTSFEC.sys
Microsoft Corporation
520ce427a8b298f54112857bcf6bde15 NdisIP.sys
Microsoft Corporation
558635d3af1c7546d26067d5d9b6959e ndis.sys
Microsoft Corporation
08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys
Microsoft Corporation
5146c3d286e66c72328f6ce6e4d983a8 ndisuio.sys
Microsoft Corporation
0b90e255a9490166ab368cd55a529893 ndiswan.sys
Microsoft Corporation
59fc3fb44d2669bc144fd87826bb571f ndproxy.sys
Microsoft Corporation
3a2aca8fc1d7786902ca434998d7ceb4 netbios.sys
Microsoft Corporation
0c80e410cd2f47134407ee7dd19cc86b netbt.sys
Microsoft Corporation
5c5c53db4fef16cf87b9911c7e8c6fbc nic1394.sys
Microsoft Corporation
c501404558ea82e8a875de6331f0748d nicm.sys
tHVS_VERSION_INFO?dStringFileInfo@E:rCompanyNameNovell,Inc.z)FileDescriptionNovellInterServiceCommunicationDriverbFileVersion...j#LegalCopyrightCopyright-Novell,Inc.:tOriginalFilenameNICM.SYSRProductNameNovellXTierforWindowsDProductVersionv.()DVarFileInfo$Translationt}
be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems
60cf8c7192b3614f240838ddbaa4a245 nmnt.sys
Microsoft Corporation
4f601bcb8f64ea3ac0994f98fed03f8e npfs.sys
Microsoft Corporation
19a811ef5f1ed5c926a028ce107ff1af ntfs.sys
Microsoft Corporation
73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation
b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation
c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation
79ea3fcda7067977625b3363a2657c80 nwlnkipx.sys
Microsoft Corporation
56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation
c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation
3f18d9365be71c7b2e43b7cf4a0c1a10 nwrdr.sys
Microsoft Corporation
fc128c3d7d5ad30a13742dc3737b9df7 ohci1394.sys
Microsoft Corporation
4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation
3e16eff2a6fed2d8d7f5a66dfe65d183 p3.sys
Microsoft Corporation
29744eb4ce659dfe3b4122deb45bc478 parport.sys
Microsoft Corporation
3334430c29dc338092f79c38ef7b4cd0 partmgr.sys
Microsoft Corporation
70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation
ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys
Microsoft Corporation
520b91ab011456b940d9b05fc91108ff pciidex.sys
Microsoft Corporation
8086d9979234b603ad5bc2f5d890b234 pci.sys
Microsoft Corporation
82a087207decec8456fbe8537947d579 pcmcia.sys
Microsoft Corporation
bc6b2bc69c1e009443e8b1fe2db96101 portcls.sys
Microsoft Corporation
0d97d88720a4087ec93af7dbb303b30a processr.sys
Microsoft Corporation
48671f327553dcf1d27f6197f622a668 psched.sys
Microsoft Corporation
80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies
d86b4a68565e444d76457f14172c875a pxhelp20.sys
Sonic Solutions
fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation
98faeb4a4dcf812ba1c6fca4aa3e115c rasl2tp.sys
Microsoft Corporation
7306eeed8895454cbed4669be9f79faa raspppoe.sys
Microsoft Corporation
1c5cc65aac0783c344f16353e60b72ac raspptp.sys
Microsoft Corporation
fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation
01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation
03b965b1ca47f6ef60eb5e51cb50e0af rdbss.sys
Microsoft Corporation
4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation
a2cae2c60bc37e0751ef9dda7ceaf4ad rdpdr.sys
Microsoft Corporation
b54cd38a9ebfbf2b3561426e3fe26f62 rdpwd.sys
Microsoft Corporation
b31b4588e4086d8d84adbf9845c2402b redbook.sys
Microsoft Corporation
a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems
0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems
d18208ed6c768663b08c972eaa7a8b60 rmcast.sys
Microsoft Corporation
7ce8b277f3207ea82d7d22ad348befc6 rndismp.sys
Microsoft Corporation
d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation
a3b23fb3f295694091f51865f98588b2 rspndr.sys
Microsoft Corporation
6bb86099e1b4f9994d4f733f0c9e4c22 Rtenicxp.sys
Realtek Semiconductor
71ae838a88b07268d732f596fc17ced5 RtkHDAud.Sys
Realtek Semiconductor
d7fd0ff761e28ac0ea35ad71e0cd67e9 scsiport.sys
Microsoft Corporation
02fc71b020ec8700ee8a46c58bc6f276 sdbus.sys
Microsoft Corporation
90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation
a2d868aeeff612e70e213c451a70cafb serenum.sys
Microsoft Corporation
cd9404d115a00d249f70a371b46d5a26 serial.sys
Microsoft Corporation
1d9f1bec651815741f088a8fb88e17ee sffdisk.sys
Microsoft Corporation
586499fd312ffd7f78553f408e71682e sffp_sd.sys
Microsoft Corporation
0d13b6df6e9e101013a7afb0ce629fe0 sfloppy.sys
Microsoft Corporation
5caeed86821fa2c6139e32e9e05ccdc9 SLIP.sys
Microsoft Corporation
017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation
5b6ad60d81530526cfe50dd46e0b5275 sncamd.sys
H`ZVS_VERSION_INFO?bStringFileInfopbCommentsCompanyNameXFileDescriptionUSB.PCCameradrivervFileVersion...bInternalNameusbcamd.sys$LegalCopyright(LegalTrademarks@bOriginalFilenameusbcamd.sysPrivateBuildPProductNameUSB.PCCameradriver:vProductVersion...SpecialBuildDVarFileInfo$Translationt*
9711ad901264ddf0bd960d8a626c1b2a snp2sxp.sys
H`VS_VERSION_INFObb?StringFileInfopbCommentsCompanyNameXFileDescriptionUSB.PCCameradrivervFileVersion,,,InternalNameBLegalCopyrightCopyright(LegalTrademarks(OriginalFilenamePrivateBuildPProductNameUSB.PCCameradriver:vProductVersion,,,bSpecialBuildCMNDVarFileInfo$Translationt*
addc9e4757a68ab60562ad3cb9c288d6 sonydcam.sys
Microsoft Corporation
a1eceeaa5c5e74b2499eb51d38185b84 SONYPVU1.SYS
Sony Corporation
0ce218578fff5f4f7e4201539c45c78f splitter.sys
Microsoft Corporation
e41b6d037d6cd08461470af04500dc24 sr.sys
Microsoft Corporation
7a4f147cc6b133f905f6e65e2f8669fb srv.sys
Microsoft Corporation
284c57df5dc7abca656bc2b96a667afb StreamIP.sys
Microsoft Corporation
c43356072eb3e88cd62958db10cead47 stream.sys
Microsoft Corporation
03c1bae4766e2450219d20b993d6e046 swenum.sys
Microsoft Corporation
94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys
Microsoft Corporation
043c5e72f171944405537a53a478f041 symdns.sys
Symantec Corporation
49b20b430a4f219173f823536944474a SYMEVENT.SYS
Symantec Corporation
1e2ed613337a0bcbd62e8fe7e0288cce symfw.sys
Symantec Corporation
62c9db9c052edd01c9404863efd2526c symids.sys
Symantec Corporation
a2ab34153b2ceca340ac4f28caaf8222 symndis.sys
Symantec Corporation
7de45dfebb51e56d7c795bd0c2d7aef5 symredrv.sys
Symantec Corporation
e1444c6095d67ca4ef6ba192cf7fa91a symtdi.sys
Symantec Corporation
ae4052fc36bd4c390cee45a38ec1199a SynTP.sys
Synaptics
650ad082d46bac0e64c9c0e0928492fd sysaudio.sys
Microsoft Corporation
a2a9ca0d1a9ac1ff54220aa0789fe5cf tape.sys
Microsoft Corporation
7dda159deda4fef8523eefc34e524013 tcpip6.sys
Microsoft Corporation
744e57c99232201ae98c49168b918f48 tcpip.sys
Microsoft Corporation
6891b74ab9a016064e82a419388d0601 tdi.sys
Microsoft Corporation
38d437cf2d98965f239b0abcd66dcb0f tdpipe.sys
Microsoft Corporation
ed0580af02502d00ad8c4c066b156be9 tdtcp.sys
Microsoft Corporation
a540a99c281d933f3d69d55e48727f47 termdd.sys
Microsoft Corporation
699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation
d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation
87a0e9e18c10a9e454238e3330e2a26d tunmp.sys
Microsoft Corporation
12f70256f140cd7d52c58c7048fde657 udfs.sys
Microsoft Corporation
ced744117e91bdc0beb810f7d8608183 update.sys
Microsoft Corporation
af090265ec388bab320f1ff7e7a7d5ea usb8023.sys
Microsoft Corporation
f340199e8cb097e1acd58a967c665919 usbaapl.sys
Apple
45a0d14b26c35497ad93bce7e15c9941 USBAUDIO.sys
Microsoft Corporation
61018ba9df6b63e51d9753c980e73ec2 usbcamd2.sys
Microsoft Corporation
2654eecc6fb13603ebddcd5c8ea943d1 usbcamd.sys
Microsoft Corporation
bffd9f120cc63bcbaa3d840f3eef9f79 usbccgp.sys
Microsoft Corporation
596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation
a45ea1550ea4b368c4fba7ca9d056bc9 usbehci.sys
Microsoft Corporation
6d46b1f89134892a862ac56b00ac11fe usbhub.sys
Microsoft Corporation
2853fd4c4489e0f8bfcf78efcdb7e998 usbintel.sys
Microsoft Corporation
af45d7f3ddf2e2c2edcdb7ca34202668 usbport.sys
Microsoft Corporation
a42369b7cd8886cd7c70f33da6fcbcf5 usbprint.sys
Microsoft Corporation
a6bc71402f4f7dd5b77fd7f4a8ddba85 usbscan.sys
Microsoft Corporation
6cd7b22193718f1d17a47a1cd6d37e75 USBSTOR.SYS
Microsoft Corporation
0ee1925590ba1abec14254d54d9870f4 usbuhci.sys
Microsoft Corporation
55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies
8a60edd72b4ea5aea8202daf0e427925 vga.sys
Microsoft Corporation
d5a9d123f5ed7c9965a481bd20cf66d8 videoprt.sys
Microsoft Corporation
ee4660083deba849ff6c485d944b379b volsnap.sys
Microsoft Corporation
c79918a5bd269035f3a34d157401b9df w39n51.sys
Intel Corporation
984ef0b9788abf89974cfed4bfbaacbc wanarp.sys
Microsoft Corporation
efd235ca22b57c81118c1aeb4798f1c1 wdmaud.sys
Microsoft Corporation
2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation
cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation
6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation
d5842484f05e12121c511aa93f6439ec WSTCODEC.SYS
Microsoft Corporation
f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation
28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation
57e95881e5f014816a8a53ad94ee0c48 WUSB20XP.sys
Cisco-Linksys
Mon May 2 18:15:58 UTC 2011
Driver report for /mnt/sda1/Qoobox/Quarantine/C/WINDOWS/system32/drivers
Driver report for /mnt/sda1/WINDOWS/system32/drivers
009927db8019c54477dabf6f9d795053 1394bus.sys
Microsoft Corporation
9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation
a10c7534f7223f4a73a948967d00e69b acpi.sys
Microsoft Corporation
1ee7b434ba961ef845de136224c30fec aec.sys
Microsoft Corporation
6a0397376853e604de8e1e7a87fc08ac afd.sys
Microsoft Corporation
c41a5740468d0b9cb46e6390a0e15ce3 AGRSM.sys
Agere Systems
dad16a9d5c873e7219e6b43802ed316a amdk6.sys
Microsoft Corporation
680ad1c1bb16239e28d8f33a54a7a3c7 amdk7.sys
Microsoft Corporation
f0d692b0bffb46e30eb3cea168bbc49f arp1394.sys
Microsoft Corporation
02000abf34af4c218c35d257024807d6 asyncmac.sys
Microsoft Corporation
cdfe4411a69c224bd1d11b2da92dac51 atapi.sys
Microsoft Corporation
ec88da854ab7d7752ec8be11a741bb7f atmarpc.sys
Microsoft Corporation
39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation
0128e78fe835f074e469f03db681ca9e atmlane.sys
Microsoft Corporation
e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation
d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation
ea22edadf90c0aba8319454b2a07b700 battc.sys
Microsoft Corporation
da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation
0d266f08aed52d9b17b3c61be01dd576 blankscr.sys
tHVS_VERSION_INFOaa?adStringFileInfo@bHCommentsNovellZENBlankScreenbCompanyNameNovellInc.VFileDescriptionScreenBlankingDrivervFileVersion,,,@InternalNamescreenblank.sysLegalCopyrightCopyright-NovellInc.,AllRightsreserved.(LegalTrademarksHOriginalFilenamescreenblank.sysPrivateBuildVProductNameZENworksRemoteManagement:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt@%
e4e6a0922e3d983728c9ad4e8d466954 bridge.sys
Microsoft Corporation
95ef6f3f386d93ee1e4d9ca45a50252a bthport.sys
Microsoft Corporation
90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation
6163ed60b684bab19d3352ab22fc48b2 CCDECODE.sys
Microsoft Corporation
c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation
cd7d5152df32b47f4e36f710b35aae02 cdfs.sys
Microsoft Corporation
bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions
2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions
7b53584d94e9d8716b2de91d5f1cb42d cdrom.sys
Microsoft Corporation
b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies
d86173b401470f06d9810f7962969ddf classpnp.sys
Microsoft Corporation
4266be808f85826aedf3c64c1e240203 CmBatt.sys
Microsoft Corporation
df1b1a24bf52d0ebc01ed4ece8979f50 compbatt.sys
Microsoft Corporation
0b2b1b3217cbc51cd06a30e28c8e5cad CPEb.sys
HVS_VERSION_INFO?TStringFileInfobComments.aCompanyNameCompalLFileDescriptionECDriverforAvFileVersion,,,InternalNameXLegalCopyrightCompalCopyright©(LegalTrademarks(OriginalFilenamePrivateBuildProductName$ProductVersionSpecialBuildDVarFileInfo$Translationt*
9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp
6af1684ccaac3f7ef4ee9ba65eb0677a crusoe.sys
Microsoft Corporation
566cca06fb1b98dff3e9eea563b6334e Darpan.sys
ttVS_VERSION_INFOaa?b$StringFileInfobComments:rCompanyNameNovell,Inc.l"FileDescriptionZENworksRemoteManagementdriverbFileVersion....aInternalNameDarpanLegalCopyrightCopyright-NovellInc.,Allrightsreserved.(LegalTrademarks>vOriginalFilenameDarpan.sysPrivateBuildXProductNameZENworksRemoteManagementbProductVersion...SpecialBuildDVarFileInfo$Translationt
d16c81677a9be399c63cd2ea486472a5 diskdump.sys
Microsoft Corporation
00ca44e4534865f8a3b64f7c0984bff0 disk.sys
Microsoft Corporation
c0fbb516e06e243f0cf31f597e7ebf7d dmboot.sys
Microsoft Corp
f5e7b358a732d09f4bcf2824b88b9e28 dmio.sys
Microsoft Corp
e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp
a6f881284ac1150e37d9ae47ff601267 DMusic.sys
Microsoft Corporation
1ed4dbbae9f5d558dbba4cc450e3eb2e drmkaud.sys
Microsoft Corporation
ff86422268de771d571e123eb7092c6a drmk.sys
Microsoft Corporation
fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation
d3dac8432110aad0b02a58b4459ab835 dxg.sys
Microsoft Corporation
a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation
01857b94bd3f8c99188862d026c925c0 EMS7SK.sys
?baStringFileInfoBHCompanyNameENETechnologyInc.x(FileDescriptionENEPCIMemoryStickCardReaderDriverRFileVersion..builtby:WinDDKvInternalNameEMSSK.sysv)LegalCopyrightENETechnologyInc.Allrightsreserved.>vOriginalFilenameEMSSK.sysp(ProductNameENEPCIMemoryStickCardReaderDriver@ProductVersion...DVarFileInfo$Translationt
80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation
5983f3f91487c2a2a514c17245a0e25d ESD7SK.sys
?baStringFileInfoBHCompanyNameENETechnologyInc.FileDescriptionENEPCISecureDigital/MMCCardReaderDriverRFileVersion..builtby:WinDDKvInternalNameESDSK.sysv)LegalCopyrightENETechnologyInc.Allrightsreserved.>vOriginalFilenameESDSK.sysProductNameENEPCISecureDigital/MMCCardReaderDriver@ProductVersion...DVarFileInfo$Translationt
3117f595e9615e04f05a54fc15a03b20 fastfat.sys
Microsoft Corporation
ced2e8396a8838e59d8fd529c680e02c fdc.sys
Microsoft Corporation
e153ab8a11de5452bcf5ac7652dbf3ed fips.sys
Microsoft Corporation
0dd1de43115b93f4d85e889d7a86f548 flpydisk.sys
Microsoft Corporation
3d234fb6d6ee875eb009864a299bea29 fltmgr.sys
Microsoft Corporation
3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation
455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation
6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation
5dc17164f66380cbfefd895c18467773 GEARAspiWDM.sys
GEAR Software
3fcc124b6e08ee0e9351f717dd136939 Hdaudbus.sys
Windows Server DDK provider
2a013e7530beab6e569faa83f517e836 Hdaudio.sys
Windows Server DDK provider
610ff50334eae591954dedd3617d25c3 hidclass.sys
Microsoft Corporation
5fff41cd5108e9051d255c37825af697 hidparse.sys
Microsoft Corporation
1de6783b918f540149aa69943bdfeba8 hidusb.sys
Microsoft Corporation
d03d10f7ded688fecf50f8fbf1ea9b8a HPZid412.sys
HP
89f41658929393487b6b7d13c8528ce3 HPZipr12.sys
HP
abcb05ccdbf03000354b9553820e39f8 HPZius12.sys
HP
9f8b0f4276f618964fd118be4289b7cd http.sys
Microsoft Corporation
5502b58eef7486ee6f93f3f164dcb808 i8042prt.sys
Microsoft Corporation
0f0194c4b635c10c3f785e4fee52d641 ialmnt5.sys
Intel Corporation
f8aa320c6a0409c0380e5d8a99d76ec6 imapi.sys
Microsoft Corporation
279fb78702454dff2bb445f238c048d2 intelppm.sys
Microsoft Corporation
4448006b6bc60e6c027932cfc38d6855 ip6fw.sys
Microsoft Corporation
731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation
e1ec7f5da720b640cd8fb8424f1b14bb ipinip.sys
Microsoft Corporation
d58ecd3b3969a670e68588f1640920b6 ipnat.sys
Microsoft Corporation
64537aa5c003a6afeee1df819062d0d1 ipsec.sys
Microsoft Corporation
50708daa1b1cbb7d6ac1cf8f56a24410 irenum.sys
Microsoft Corporation
e504f706ccb699c2596e9a3da1596e87 isapnp.sys
Microsoft Corporation
ebdee8a2ee5393890a1acee971c4c246 kbdclass.sys
Microsoft Corporation
e182fa8e49e8ee41b4adc53093f3c7e6 kbdhid.sys
Microsoft Corporation
ba5deda4d934e6288c2f66caf58d2562 kmixer.sys
Microsoft Corporation
1be7cc2535d760ae4d481576eb789f24 ksecdd.sys
Microsoft Corporation
b9540e258f952650de8dec68719a5c97 ks.sys
Microsoft Corporation
d9f3bb7c292f194f3b053ce295754eb8 lgusbbus.sys
tH*VS_VERSION_INFObb?`StringFileInfo<bCommentsHCompanyNameLGElectronicsInc.l"FileDescriptionLGCDMAUSBMultifunctionDrivernFileVersionVer...aInternalNameUSBBUSh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.BrOriginalFilenamelgusbbus.sysPrivateBuildd"ProductNameLGCDMAUSBMultifunctionDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt
c4f77da649f99fad116ea585376fc164 lgusbdiag.sys
tH`JVS_VERSION_INFObb?StringFileInfobCommentsHCompanyNameLGElectronicsInc.fFileDescriptionLGCDMAUSBDiagnosticsDrivernFileVersionVer..nInternalNameLGUSBDIAGh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.DOriginalFilenamelgusbdiag.sysPrivateBuild^ProductNameLGCDMAUSBDiagnosticsDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt*
c0613ce45e617bc671de8ebb1b30d175 lgusbmodem.sys
tHPVS_VERSION_INFObb?LStringFileInfo(bCommentsHCompanyNameLGElectronicsInc.ZFileDescriptionLGCDMAUSBModemDrivernFileVersionVer..vInternalNameLGUSBMODEMh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.FOriginalFilenamelgusbmodem.sysPrivateBuildRProductNameLGCDMAUSBModemDrivernProductVersionVer..SpecialBuildDVarFileInfo$Translationt*
d68e165c3123aba3b1282eddb4213bd8 mbamswissarmy.sys
Malwarebytes Corporation
836e0e09ca9869be7eb39ef2cf3602c7 mbam.sys
Malwarebytes Corporation
d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation
729d83e56c29c510258a6e9e79ffddc3 mf.sys
Microsoft Corporation
4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation
6fc6f9d7acc36dca9b914565a3aeda05 modem.sys
Microsoft Corporation
34e1f0031153e491910e12551400192c mouclass.sys
Microsoft Corporation
b1c303e17fb9d46e87a98e4ba6769685 mouhid.sys
Microsoft Corporation
65653f3b4477f3c63e68a9659f85ee2e mountmgr.sys
Microsoft Corporation
eee50bf24caeedb515a8f3b22756d3bb mqac.sys
Microsoft Corporation
29414447eb5bde2f8397dc965dbb3156 mrxdav.sys
Microsoft Corporation
fb6c89bb3ce282b08bdb1e3c179e1c39 mrxsmb.sys
Microsoft Corporation
561b3a4333ca2dbdba28b5b956822519 msfs.sys
Microsoft Corporation
c0f1d4a21de5a415df8170616703debf msgpc.sys
Microsoft Corporation
ae431a8dd3c1d0d0610cdbac16057ad0 MSKSSRV.sys
Microsoft Corporation
13e75fef9dfeb08eeded9d0246e1f448 MSPCLOCK.sys
Microsoft Corporation
1988a33ff19242576c3d0ef9ce785da7 MSPQM.sys
Microsoft Corporation
469541f8bfd2b32659d5d463a6714bce mssmbios.sys
Microsoft Corporation
bf13612142995096ab084f2db7f40f77 MSTEE.sys
Microsoft Corporation
f66b6b1cddee6ca87cefc016eb7a0d8e mup.sys
Microsoft Corporation
5c8dc6429c43dc6177c1fa5b76290d1a NABTSFEC.sys
Microsoft Corporation
520ce427a8b298f54112857bcf6bde15 NdisIP.sys
Microsoft Corporation
558635d3af1c7546d26067d5d9b6959e ndis.sys
Microsoft Corporation
08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys
Microsoft Corporation
5146c3d286e66c72328f6ce6e4d983a8 ndisuio.sys
Microsoft Corporation
0b90e255a9490166ab368cd55a529893 ndiswan.sys
Microsoft Corporation
59fc3fb44d2669bc144fd87826bb571f ndproxy.sys
Microsoft Corporation
3a2aca8fc1d7786902ca434998d7ceb4 netbios.sys
Microsoft Corporation
0c80e410cd2f47134407ee7dd19cc86b netbt.sys
Microsoft Corporation
5c5c53db4fef16cf87b9911c7e8c6fbc nic1394.sys
Microsoft Corporation
c501404558ea82e8a875de6331f0748d nicm.sys
tHVS_VERSION_INFO?dStringFileInfo@E:rCompanyNameNovell,Inc.z)FileDescriptionNovellInterServiceCommunicationDriverbFileVersion...j#LegalCopyrightCopyright-Novell,Inc.:tOriginalFilenameNICM.SYSRProductNameNovellXTierforWindowsDProductVersionv.()DVarFileInfo$Translationt}
be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems
60cf8c7192b3614f240838ddbaa4a245 nmnt.sys
Microsoft Corporation
4f601bcb8f64ea3ac0994f98fed03f8e npfs.sys
Microsoft Corporation
19a811ef5f1ed5c926a028ce107ff1af ntfs.sys
Microsoft Corporation
73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation
b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation
c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation
79ea3fcda7067977625b3363a2657c80 nwlnkipx.sys
Microsoft Corporation
56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation
c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation
3f18d9365be71c7b2e43b7cf4a0c1a10 nwrdr.sys
Microsoft Corporation
fc128c3d7d5ad30a13742dc3737b9df7 ohci1394.sys
Microsoft Corporation
4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation
3e16eff2a6fed2d8d7f5a66dfe65d183 p3.sys
Microsoft Corporation
29744eb4ce659dfe3b4122deb45bc478 parport.sys
Microsoft Corporation
3334430c29dc338092f79c38ef7b4cd0 partmgr.sys
Microsoft Corporation
70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation
ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys
Microsoft Corporation
520b91ab011456b940d9b05fc91108ff pciidex.sys
Microsoft Corporation
8086d9979234b603ad5bc2f5d890b234 pci.sys
Microsoft Corporation
82a087207decec8456fbe8537947d579 pcmcia.sys
Microsoft Corporation
bc6b2bc69c1e009443e8b1fe2db96101 portcls.sys
Microsoft Corporation
0d97d88720a4087ec93af7dbb303b30a processr.sys
Microsoft Corporation
48671f327553dcf1d27f6197f622a668 psched.sys
Microsoft Corporation
80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies
d86b4a68565e444d76457f14172c875a pxhelp20.sys
Sonic Solutions
fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation
98faeb4a4dcf812ba1c6fca4aa3e115c rasl2tp.sys
Microsoft Corporation
7306eeed8895454cbed4669be9f79faa raspppoe.sys
Microsoft Corporation
1c5cc65aac0783c344f16353e60b72ac raspptp.sys
Microsoft Corporation
fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation
01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation
03b965b1ca47f6ef60eb5e51cb50e0af rdbss.sys
Microsoft Corporation
4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation
a2cae2c60bc37e0751ef9dda7ceaf4ad rdpdr.sys
Microsoft Corporation
b54cd38a9ebfbf2b3561426e3fe26f62 rdpwd.sys
Microsoft Corporation
b31b4588e4086d8d84adbf9845c2402b redbook.sys
Microsoft Corporation
a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems
0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems
d18208ed6c768663b08c972eaa7a8b60 rmcast.sys
Microsoft Corporation
7ce8b277f3207ea82d7d22ad348befc6 rndismp.sys
Microsoft Corporation
d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation
a3b23fb3f295694091f51865f98588b2 rspndr.sys
Microsoft Corporation
6bb86099e1b4f9994d4f733f0c9e4c22 Rtenicxp.sys
Realtek Semiconductor
71ae838a88b07268d732f596fc17ced5 RtkHDAud.Sys
Realtek Semiconductor
d7fd0ff761e28ac0ea35ad71e0cd67e9 scsiport.sys
Microsoft Corporation
02fc71b020ec8700ee8a46c58bc6f276 sdbus.sys
Microsoft Corporation
90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation
a2d868aeeff612e70e213c451a70cafb serenum.sys
Microsoft Corporation
cd9404d115a00d249f70a371b46d5a26 serial.sys
Microsoft Corporation
1d9f1bec651815741f088a8fb88e17ee sffdisk.sys
Microsoft Corporation
586499fd312ffd7f78553f408e71682e sffp_sd.sys
Microsoft Corporation
0d13b6df6e9e101013a7afb0ce629fe0 sfloppy.sys
Microsoft Corporation
5caeed86821fa2c6139e32e9e05ccdc9 SLIP.sys
Microsoft Corporation
017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation
5b6ad60d81530526cfe50dd46e0b5275 sncamd.sys
H`ZVS_VERSION_INFO?bStringFileInfopbCommentsCompanyNameXFileDescriptionUSB.PCCameradrivervFileVersion...bInternalNameusbcamd.sys$LegalCopyright(LegalTrademarks@bOriginalFilenameusbcamd.sysPrivateBuildPProductNameUSB.PCCameradriver:vProductVersion...SpecialBuildDVarFileInfo$Translationt*
9711ad901264ddf0bd960d8a626c1b2a snp2sxp.sys
H`VS_VERSION_INFObb?StringFileInfopbCommentsCompanyNameXFileDescriptionUSB.PCCameradrivervFileVersion,,,InternalNameBLegalCopyrightCopyright(LegalTrademarks(OriginalFilenamePrivateBuildPProductNameUSB.PCCameradriver:vProductVersion,,,bSpecialBuildCMNDVarFileInfo$Translationt*
addc9e4757a68ab60562ad3cb9c288d6 sonydcam.sys
Microsoft Corporation
a1eceeaa5c5e74b2499eb51d38185b84 SONYPVU1.SYS
Sony Corporation
0ce218578fff5f4f7e4201539c45c78f splitter.sys
Microsoft Corporation
e41b6d037d6cd08461470af04500dc24 sr.sys
Microsoft Corporation
7a4f147cc6b133f905f6e65e2f8669fb srv.sys
Microsoft Corporation
284c57df5dc7abca656bc2b96a667afb StreamIP.sys
Microsoft Corporation
c43356072eb3e88cd62958db10cead47 stream.sys
Microsoft Corporation
03c1bae4766e2450219d20b993d6e046 swenum.sys
Microsoft Corporation
94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys
Microsoft Corporation
043c5e72f171944405537a53a478f041 symdns.sys
Symantec Corporation
49b20b430a4f219173f823536944474a SYMEVENT.SYS
Symantec Corporation
1e2ed613337a0bcbd62e8fe7e0288cce symfw.sys
Symantec Corporation
62c9db9c052edd01c9404863efd2526c symids.sys
Symantec Corporation
a2ab34153b2ceca340ac4f28caaf8222 symndis.sys
Symantec Corporation
7de45dfebb51e56d7c795bd0c2d7aef5 symredrv.sys
Symantec Corporation
e1444c6095d67ca4ef6ba192cf7fa91a symtdi.sys
Symantec Corporation
ae4052fc36bd4c390cee45a38ec1199a SynTP.sys
Synaptics
650ad082d46bac0e64c9c0e0928492fd sysaudio.sys
Microsoft Corporation
a2a9ca0d1a9ac1ff54220aa0789fe5cf tape.sys
Microsoft Corporation
7dda159deda4fef8523eefc34e524013 tcpip6.sys
Microsoft Corporation
744e57c99232201ae98c49168b918f48 tcpip.sys
Microsoft Corporation
6891b74ab9a016064e82a419388d0601 tdi.sys
Microsoft Corporation
38d437cf2d98965f239b0abcd66dcb0f tdpipe.sys
Microsoft Corporation
ed0580af02502d00ad8c4c066b156be9 tdtcp.sys
Microsoft Corporation
a540a99c281d933f3d69d55e48727f47 termdd.sys
Microsoft Corporation
699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation
d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation
87a0e9e18c10a9e454238e3330e2a26d tunmp.sys
Microsoft Corporation
12f70256f140cd7d52c58c7048fde657 udfs.sys
Microsoft Corporation
ced744117e91bdc0beb810f7d8608183 update.sys
Microsoft Corporation
af090265ec388bab320f1ff7e7a7d5ea usb8023.sys
Microsoft Corporation
f340199e8cb097e1acd58a967c665919 usbaapl.sys
Apple
45a0d14b26c35497ad93bce7e15c9941 USBAUDIO.sys
Microsoft Corporation
61018ba9df6b63e51d9753c980e73ec2 usbcamd2.sys
Microsoft Corporation
2654eecc6fb13603ebddcd5c8ea943d1 usbcamd.sys
Microsoft Corporation
bffd9f120cc63bcbaa3d840f3eef9f79 usbccgp.sys
Microsoft Corporation
596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation
a45ea1550ea4b368c4fba7ca9d056bc9 usbehci.sys
Microsoft Corporation
6d46b1f89134892a862ac56b00ac11fe usbhub.sys
Microsoft Corporation
2853fd4c4489e0f8bfcf78efcdb7e998 usbintel.sys
Microsoft Corporation
af45d7f3ddf2e2c2edcdb7ca34202668 usbport.sys
Microsoft Corporation
a42369b7cd8886cd7c70f33da6fcbcf5 usbprint.sys
Microsoft Corporation
a6bc71402f4f7dd5b77fd7f4a8ddba85 usbscan.sys
Microsoft Corporation
6cd7b22193718f1d17a47a1cd6d37e75 USBSTOR.SYS
Microsoft Corporation
0ee1925590ba1abec14254d54d9870f4 usbuhci.sys
Microsoft Corporation
55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies
8a60edd72b4ea5aea8202daf0e427925 vga.sys
Microsoft Corporation
d5a9d123f5ed7c9965a481bd20cf66d8 videoprt.sys
Microsoft Corporation
ee4660083deba849ff6c485d944b379b volsnap.sys
Microsoft Corporation
c79918a5bd269035f3a34d157401b9df w39n51.sys
Intel Corporation
984ef0b9788abf89974cfed4bfbaacbc wanarp.sys
Microsoft Corporation
efd235ca22b57c81118c1aeb4798f1c1 wdmaud.sys
Microsoft Corporation
2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation
cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation
6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation
d5842484f05e12121c511aa93f6439ec WSTCODEC.SYS
Microsoft Corporation
f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation
28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation
57e95881e5f014816a8a53ad94ee0c48 WUSB20XP.sys
Cisco-Linksys
#8
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 02 May 2011 - 05:27 PM
And here is the filefind.txt file:
Search results for explorer.exe
a7c21e19302a3caf11dbe5cb0b02432d /mnt/sda1/WINDOWS/system32/dllcache/explorer.exe
1009.0K Jun 13 2007
a0732187050030ae399b241436565e64 /mnt/sda1/WINDOWS/$NtUninstallKB884883$/explorer.exe
1008.0K Aug 4 2004
7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda1/WINDOWS/ERDNT/cache/explorer.exe
1009.0K Jun 13 2007
a7c21e19302a3caf11dbe5cb0b02432d /mnt/sda1/WINDOWS/explorer.exe
1009.0K Jun 13 2007
45757077a47c68a603a79b03a1a836ab /mnt/sda1/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Apr 7 2005
Search results for winlogon.exe
c2022165fdcbe1f8cdb7c76c948ae2f7 /mnt/sda1/WINDOWS/system32/dllcache/winlogon.exe
490.5K Aug 4 2004
c2022165fdcbe1f8cdb7c76c948ae2f7 /mnt/sda1/WINDOWS/system32/winlogon.exe
490.5K Aug 4 2004
01c3346c241652f43aed8e2149881bfe /mnt/sda1/WINDOWS/ERDNT/cache/winlogon.exe
490.5K Aug 4 2004
Search results for explorer.exe
a7c21e19302a3caf11dbe5cb0b02432d /mnt/sda1/WINDOWS/system32/dllcache/explorer.exe
1009.0K Jun 13 2007
a0732187050030ae399b241436565e64 /mnt/sda1/WINDOWS/$NtUninstallKB884883$/explorer.exe
1008.0K Aug 4 2004
7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda1/WINDOWS/ERDNT/cache/explorer.exe
1009.0K Jun 13 2007
a7c21e19302a3caf11dbe5cb0b02432d /mnt/sda1/WINDOWS/explorer.exe
1009.0K Jun 13 2007
45757077a47c68a603a79b03a1a836ab /mnt/sda1/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Apr 7 2005
Search results for winlogon.exe
c2022165fdcbe1f8cdb7c76c948ae2f7 /mnt/sda1/WINDOWS/system32/dllcache/winlogon.exe
490.5K Aug 4 2004
c2022165fdcbe1f8cdb7c76c948ae2f7 /mnt/sda1/WINDOWS/system32/winlogon.exe
490.5K Aug 4 2004
01c3346c241652f43aed8e2149881bfe /mnt/sda1/WINDOWS/ERDNT/cache/winlogon.exe
490.5K Aug 4 2004
#9
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 02 May 2011 - 05:59 PM
OK, you have two infected files. Please boot back into xPud.
Once there, use the File menu like before. Go to:
/mnt/sda1/WINDOWS/
Right-click explorer.exe there and rename it to explorer.old.
Next, navigate to
/mnt/sda1/WINDOWS/$NtUninstallKB884883$/
and right-click explorer.exe in that folder and select copy. Go back to
/mnt/sda1/WINDOWS/
and right-click in the background and select paste. You should see explorer.exe appear there. That's good.
Now...the issue is that I don't see a clean version of winlogon. Do you have access to your CD? Or can you get a copy from the same version of Windows you have on the infected machine?
Once there, use the File menu like before. Go to:
/mnt/sda1/WINDOWS/
Right-click explorer.exe there and rename it to explorer.old.
Next, navigate to
/mnt/sda1/WINDOWS/$NtUninstallKB884883$/
and right-click explorer.exe in that folder and select copy. Go back to
/mnt/sda1/WINDOWS/
and right-click in the background and select paste. You should see explorer.exe appear there. That's good.
Now...the issue is that I don't see a clean version of winlogon. Do you have access to your CD? Or can you get a copy from the same version of Windows you have on the infected machine?
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#10
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 02 May 2011 - 08:57 PM
Ok I did all the steps you outlined in the above post but unfortunately I do not have the CD or any copy of that version of Windows as this was my friend's computer. I know that the infected computer is running Windows Vista if that is of any help. Thanks.
#11
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 03 May 2011 - 05:02 PM
That's OK, we can download a Service Pack from Microsoft to get the necessary file. That being said...is it a 32bit or a 64 bit version of Windows? And do they know what service pack they are running? (None, Service Pack 1 or Service Pack 2).
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#12
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 03 May 2011 - 07:50 PM
I'm pretty sure it's a 32 bit version of Windows with Service Pack 2
#13
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 04 May 2011 - 05:32 PM
Thanks, helpful. I'm not sure my trick will work with Vista. I'll research it a bit more. Do you have access to a computer running a Vista that we can snag that file from?
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
#14
- Member
-
- Group: Members
- Posts: 33
- Joined: 04-June 10
Posted 04 May 2011 - 06:23 PM
No I don't have access to another computer that runs Vista. The computer I'm using now runs Windows 7. Thanks
#15
- Bleepin' Remover
-
- Group: Malware Response Team
- Posts: 10,743
- Joined: 16-August 08
- Gender:Male
Posted 05 May 2011 - 05:32 PM
Please boot back into xPud.
Once there, use the File menu like before. Go to:
/mnt/sda1/WINDOWS/system32/
Right-click winlogon.exe there and rename it to winlogon.old
Next, navigate to
/mnt/sda1/WINDOWS/ERDNT/cache/
and right-click winlogon.exe in that folder and select copy. Go back to
/mnt/sda1/WINDOWS/system32/
and right-click in the background and select paste. You should see winlogon.exe appear there. That's good.
Next, reboot into Windows. Are you able to boot now?
Once there, use the File menu like before. Go to:
/mnt/sda1/WINDOWS/system32/
Right-click winlogon.exe there and rename it to winlogon.old
Next, navigate to
/mnt/sda1/WINDOWS/ERDNT/cache/
and right-click winlogon.exe in that folder and select copy. Go back to
/mnt/sda1/WINDOWS/system32/
and right-click in the background and select paste. You should see winlogon.exe appear there. That's good.
Next, reboot into Windows. Are you able to boot now?
If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.
Unified Network of Instructors and Trusted Eliminators
