BleepingComputer.com: Google redirect & Rootkit Problem

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Google redirect & Rootkit Problem I can't remove the problem

#1 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 26 May 2011 - 02:30 PM

Hi

I have the google redirect virus and my expired version of Hitman Pro detects possible variant of the TDL3 (alias Alureon) rootkit and Master Boot Record (Section 0) root kit.

I have run Malware bytes and Spybot but they do not find anything. The computer does not allow me to update microsoft security essentials anti virus definitions or run windows updates.

When I tried to run GMER the computer crashed twice (blue screen).

On start up a box flashes up saying windows system 32/command but then disappears.

I am running Windows XP home.

Any help would be very gratefully received as this is beyond my limited capabilities to sort out.

Regards

Martha


DDS (Ver_11-03-05.01) - NTFSx86
Run by Philip Kingdom at 18:03:08.64 on 26/05/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.347 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Philip Kingdom\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uWindow Title = Internet Explorer Provided by blueyonder
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: H - No File
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\ueqcqmzr\tiguaqqn.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ISS] "c:\documents and settings\all users\application data\e3132c\ISe31_289.exe" /s
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB6.6; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.myfootballgames.co.uk/game/141/3D-Penalty.html"
uRunOnce: [SpybotDeletingB9681] command.com /c del "c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [NPSStartup]
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Hiyo] c:\program files\hiyo\bin\HiYo.exe /RunFromStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\philip kingdom\start menu\programs\startup\tiguaqqn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueyo~1.lnk - c:\program files\blueyonder ist\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Search - ?p=ZJxdm405YYGB
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141157775703
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli w3xlpaps.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl4eabe654;MpKsl4eabe654;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKsl4eabe654.sys [2011-5-26 28752]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-30 233472]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-7-3 2560]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-30 36608]
S0 ekqy;ekqy;c:\windows\system32\drivers\ufjvbx.sys --> c:\windows\system32\drivers\ufjvbx.sys [?]
S0 tsdmyvbe;tsdmyvbe;c:\windows\system32\drivers\chbfmxb.sys --> c:\windows\system32\drivers\chbfmxb.sys [?]
S1 emhjlrru;emhjlrru;\??\c:\windows\system32\drivers\emhjlrru.sys --> c:\windows\system32\drivers\emhjlrru.sys [?]
S1 jtlgxnix;jtlgxnix;\??\c:\windows\system32\drivers\jtlgxnix.sys --> c:\windows\system32\drivers\jtlgxnix.sys [?]
S1 jzcytmaf;jzcytmaf;\??\c:\windows\system32\drivers\jzcytmaf.sys --> c:\windows\system32\drivers\jzcytmaf.sys [?]
S1 luieaqhs;luieaqhs;\??\c:\windows\system32\drivers\luieaqhs.sys --> c:\windows\system32\drivers\luieaqhs.sys [?]
S1 MpKslca9cff56;MpKslca9cff56;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbb0d96f-6ef3-46a1-82c0-615cbc7e0b24}\mpkslca9cff56.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbb0d96f-6ef3-46a1-82c0-615cbc7e0b24}\MpKslca9cff56.sys [?]
S1 MpKslf62bd51b;MpKslf62bd51b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\mpkslf62bd51b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKslf62bd51b.sys [?]
S1 wyhlvtkv;wyhlvtkv;\??\c:\windows\system32\drivers\wyhlvtkv.sys --> c:\windows\system32\drivers\wyhlvtkv.sys [?]
S2 gupdate1ca1a9b77d9d2a;Google Update Service (gupdate1ca1a9b77d9d2a);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-30 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-30 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-30 121856]
.
=============== Created Last 30 ================
.
2011-05-26 16:59:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKsl4eabe654.sys
2011-05-11 19:07:41 -------- d-----w- c:\program files\Cobian Backup 9
2011-05-02 15:42:50 -------- d-----w- c:\program files\Bonjour
2011-05-02 15:36:52 80873256 ----a-w- C:\iTunesSetup.exe
2011-05-02 11:32:11 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKslc33b3e09.sys
2011-05-02 08:08:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKsla5fb14be.sys
2011-05-01 14:03:49 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\MpKsl1b47f702.sys
2011-04-30 19:18:43 -------- d-----w- c:\docume~1\philip~1\applic~1\SoftwareDetectionScripts
2011-04-30 18:31:58 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7214b6d5-e37c-488c-b0b6-014a780fb9ab}\mpengine.dll
2011-04-30 18:30:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 18:30:23 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 18:23:28 -------- d-----w- c:\program files\Virgin Broadband
2011-04-30 13:18:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\gP31000LcOeE31000
.
==================== Find3M ====================
.
2011-05-26 16:59:44 865 --sha-w- c:\windows\system32\mmf.sys
2011-05-01 14:22:52 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-30 16:56:22 865 --sha-w- c:\windows\system32\mmf(20)(3).sys
2011-04-30 16:46:02 865 --sha-w- c:\windows\system32\mmf(69)(2).sys
2011-04-30 16:06:18 865 ----a-w- c:\windows\system32\mmf(67)(2).sys
2011-04-30 16:06:18 865 ----a-w- c:\windows\system32\mmf(3)(3).sys
2011-04-30 16:06:18 865 ----a-w- c:\windows\system32\mmf(3)(2).sys
2011-04-30 13:50:03 865 --sha-w- c:\windows\system32\mmf(66)(2).sys
2011-04-30 13:50:03 865 --sha-w- c:\windows\system32\mmf(4)(3).sys
2011-04-30 13:50:03 865 --sha-w- c:\windows\system32\mmf(4)(2).sys
2011-04-30 13:45:08 865 --sha-w- c:\windows\system32\mmf(65)(2).sys
2011-04-30 13:45:08 865 --sha-w- c:\windows\system32\mmf(5)(3).sys
2011-04-30 13:45:08 865 --sha-w- c:\windows\system32\mmf(5)(2).sys
2011-04-30 13:40:24 865 --sha-w- c:\windows\system32\mmf(64)(2).sys
2011-04-30 13:40:24 865 --sha-w- c:\windows\system32\mmf(6)(3).sys
2011-04-30 13:40:24 865 --sha-w- c:\windows\system32\mmf(6)(2).sys
2011-04-30 13:34:07 865 --sha-w- c:\windows\system32\mmf(7)(3).sys
2011-04-30 13:34:07 865 --sha-w- c:\windows\system32\mmf(7)(2).sys
2011-04-30 13:34:07 865 --sha-w- c:\windows\system32\mmf(63)(2).sys
2011-04-30 13:09:54 865 --sha-w- c:\windows\system32\mmf(8)(3).sys
2011-04-30 13:09:54 865 --sha-w- c:\windows\system32\mmf(8)(2).sys
2011-04-30 13:09:54 865 --sha-w- c:\windows\system32\mmf(62)(2).sys
2011-04-30 08:02:05 865 --sha-w- c:\windows\system32\mmf(9)(3).sys
2011-04-30 08:02:05 865 --sha-w- c:\windows\system32\mmf(9)(2).sys
2011-04-30 08:02:05 865 --sha-w- c:\windows\system32\mmf(61)(2).sys
2011-04-29 08:12:17 865 --sha-w- c:\windows\system32\mmf(60)(2).sys
2011-04-29 08:12:17 865 --sha-w- c:\windows\system32\mmf(10)(3).sys
2011-04-29 08:12:17 865 --sha-w- c:\windows\system32\mmf(10)(2).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(59)(2).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(50)(2).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(20)(2).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(2)(6).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(2)(4).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(11)(3).sys
2011-04-27 18:53:53 865 --sha-w- c:\windows\system32\mmf(11)(2).sys
2011-04-26 15:19:33 865 --sha-w- c:\windows\system32\mmf(58)(2).sys
2011-04-26 15:19:33 865 --sha-w- c:\windows\system32\mmf(12)(3).sys
2011-04-26 15:19:33 865 --sha-w- c:\windows\system32\mmf(12)(2).sys
2011-04-26 08:17:38 865 --sha-w- c:\windows\system32\mmf(57)(2).sys
2011-04-26 08:17:38 865 --sha-w- c:\windows\system32\mmf(13)(3).sys
2011-04-26 08:17:38 865 --sha-w- c:\windows\system32\mmf(13)(2).sys
2011-04-25 15:05:53 865 --sha-w- c:\windows\system32\mmf(56)(2).sys
2011-04-25 15:05:53 865 --sha-w- c:\windows\system32\mmf(14)(3).sys
2011-04-25 15:05:53 865 --sha-w- c:\windows\system32\mmf(14)(2).sys
2011-04-23 09:41:45 865 --sha-w- c:\windows\system32\mmf(55)(2).sys
2011-04-23 09:41:45 865 --sha-w- c:\windows\system32\mmf(15)(3).sys
2011-04-23 09:41:45 865 --sha-w- c:\windows\system32\mmf(15)(2).sys
2011-04-22 13:00:29 865 --sha-w- c:\windows\system32\mmf(54)(2).sys
2011-04-22 13:00:29 865 --sha-w- c:\windows\system32\mmf(16)(3).sys
2011-04-22 13:00:29 865 --sha-w- c:\windows\system32\mmf(16)(2).sys
2011-04-22 09:08:02 865 --sha-w- c:\windows\system32\mmf(53)(2).sys
2011-04-22 09:08:02 865 --sha-w- c:\windows\system32\mmf(17)(3).sys
2011-04-22 09:08:02 865 --sha-w- c:\windows\system32\mmf(17)(2).sys
2011-04-21 09:33:50 865 --sha-w- c:\windows\system32\mmf(52)(2).sys
2011-04-21 09:33:50 865 --sha-w- c:\windows\system32\mmf(18)(3).sys
2011-04-21 09:33:50 865 --sha-w- c:\windows\system32\mmf(18)(2).sys
2011-04-20 09:29:34 865 --sha-w- c:\windows\system32\mmf(51)(2).sys
2011-04-20 09:29:34 865 --sha-w- c:\windows\system32\mmf(19)(3).sys
2011-04-20 09:29:34 865 --sha-w- c:\windows\system32\mmf(19)(2).sys
2011-04-19 09:31:23 865 --sha-w- c:\windows\system32\mmf(2)(7).sys
2011-04-19 09:31:23 865 --sha-w- c:\windows\system32\mmf(2)(2).sys
2011-04-18 19:17:22 865 --sha-w- c:\windows\system32\mmf(21)(2).sys
2011-04-18 09:27:44 865 --sha-w- c:\windows\system32\mmf(22)(2).sys
2011-04-17 07:53:02 865 --sha-w- c:\windows\system32\mmf(23)(2).sys
2011-04-15 12:10:19 865 --sha-w- c:\windows\system32\mmf(24)(2).sys
2011-04-14 15:21:19 865 --sha-w- c:\windows\system32\mmf(25)(2).sys
2011-04-13 12:22:50 865 --sha-w- c:\windows\system32\mmf(26)(2).sys
2011-04-12 18:48:47 865 --sha-w- c:\windows\system32\mmf(27)(2).sys
2011-04-11 15:56:17 865 --sha-w- c:\windows\system32\mmf(28)(2).sys
2011-04-10 17:27:30 865 --sha-w- c:\windows\system32\mmf(29)(2).sys
2011-04-10 09:48:35 865 --sha-w- c:\windows\system32\mmf(30)(2).sys
2011-04-09 19:31:06 865 --sha-w- c:\windows\system32\mmf(31)(2).sys
2011-04-09 15:53:38 865 --sha-w- c:\windows\system32\mmf(32)(2).sys
2011-04-09 07:50:36 865 --sha-w- c:\windows\system32\mmf(33)(2).sys
2011-04-08 19:31:09 865 --sha-w- c:\windows\system32\mmf(34)(2).sys
2011-04-08 13:29:15 865 --sha-w- c:\windows\system32\mmf(35)(2).sys
2011-04-07 17:10:15 865 --sha-w- c:\windows\system32\mmf(36)(2).sys
2011-04-06 19:23:53 865 --sha-w- c:\windows\system32\mmf(37)(2).sys
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 19:41:57 865 --sha-w- c:\windows\system32\mmf(38)(2).sys
2011-04-05 15:56:51 865 --sha-w- c:\windows\system32\mmf(39)(2).sys
2011-04-04 19:22:08 865 --sha-w- c:\windows\system32\mmf(40)(2).sys
2011-04-04 15:46:59 865 --sha-w- c:\windows\system32\mmf(41)(2).sys
2011-04-03 18:21:18 865 --sha-w- c:\windows\system32\mmf(42)(2).sys
2011-04-03 15:55:26 865 --sha-w- c:\windows\system32\mmf(43)(2).sys
2011-04-03 14:06:51 865 --sha-w- c:\windows\system32\mmf(44)(2).sys
2011-04-03 11:56:47 865 --sha-w- c:\windows\system32\mmf(45)(2).sys
2011-04-02 18:49:43 865 --sha-w- c:\windows\system32\mmf(46)(2).sys
2011-04-02 14:22:36 865 --sha-w- c:\windows\system32\mmf(47)(2).sys
2011-04-01 17:18:58 865 --sha-w- c:\windows\system32\mmf(48)(2).sys
2011-03-30 05:52:11 865 --sha-w- c:\windows\system32\mmf(49)(2).sys
2011-03-29 17:23:31 865 --sha-w- c:\windows\system32\mmf(2)(3).sys
2011-03-25 20:34:17 214592 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-02 19:03:42 865 --sha-w- c:\windows\system32\mmf(2)(5).sys
.
============= FINISH: 18:05:18.68 ===============

Attached File(s)


#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 May 2011 - 11:47 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.



We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply






Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 31 May 2011 - 10:42 AM

Hi Gringo

Thanks for taking my case. I have a new problem. When I tried to turn the computer on to do the scans you asked for I now cannot get into the computer. It turns on and I get a welcome to windows screen (blue). It then has a users log on screen which I don't usually get. If I click on either user it starts saying "loading user settings" then says "logging off user". The only thing it will let you do is turn off. It does not make any difference if you try starting in "safe mode".


I can't access the computer at all. Any ideas gratefully received.

Regards

Martha

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 31 May 2011 - 02:18 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 02 June 2011 - 11:15 AM

Hi Gringo

Sorry had a bit of a problem the first couple of times I tried this but worked the third time once I'd redownloaded everything. the report is as follows:




hu Jun 2 17:02:24 UTC 2011
Driver report for /mnt/sda2/i386/SP1/Windows/System32/Drivers /mnt/sda2/i386/SP1/Windows/System32/Drivers/mrxsmb.sys has NO Company Name! /mnt/sda2/i386/SP1/Windows/System32/Drivers/rdbss.sys has NO Company Name! /mnt/sda2/i386/SP1/Windows/System32/Drivers/srv.sys has NO Company Name!

7f09b37065b61ddbc6116f612e6183d1 /mnt/sda2/i386/SP1/Windows/System32/Drivers/mrxsmb.sys
Microsoft Corporation

1fd256b6025449dca3670574c0229d65 /mnt/sda2/i386/SP1/Windows/System32/Drivers/rdbss.sys
Microsoft Corporation

20fb95da0093f45825b6d0d74e1ffb9f /mnt/sda2/i386/SP1/Windows/System32/Drivers/srv.sys
Microsoft Corporation

Driver report for /mnt/sda2/i386/SP2/Windows/System32/Drivers /mnt/sda2/i386/SP2/Windows/System32/Drivers/mrxsmb.sys has NO Company Name! /mnt/sda2/i386/SP2/Windows/System32/Drivers/srv.sys has NO Company Name!

7b195060ff456fa65954c72c5c1640ff /mnt/sda2/i386/SP2/Windows/System32/Drivers/mrxsmb.sys
Microsoft Corporation

54e79b08d0abc9c551d0fe69cc2f87ec /mnt/sda2/i386/SP2/Windows/System32/Drivers/srv.sys
Microsoft Corporation

Driver report for /mnt/sda2/WINDOWS/system32/drivers
60de0d719dd083a8beb476da616d2811 hitmanpro35.sys has NO Company Name!
5c20da8a3690bfeb76b5be805890069d PnkBstrK.sys has NO Company Name!
306521935042fc0a6988d528643619b3 StarOpen.sys has NO Company Name!

c1536905ad2067812a238bce998f4bff 1394bus.sys
Microsoft Corporation

914a9709fc3bf419ad2f85547f2a4832 61883.sys
Microsoft Corporation

6abb91494fe6c59089b9336452ab2ea3 ABP480N5.SYS
Microsoft Corporation

9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation

8fd99680a539792a30e97944fdaecf17 acpi.sys
Microsoft Corporation

9a11864873da202c996558b2106b0bbc adpu160m.sys
Microsoft Corporation

8bed39e3c35d6a489438b8141717a557 aec.sys
Microsoft Corporation

7e775010ef291da96ad17ca4b17137d7 afd.sys
Microsoft Corporation

08fd04aa961bdc77fb983f328334e3d7 agp440.sys
Microsoft Corporation

03a7e0922acfe1b07d5db2eeb0773063 agpcpq.sys
Microsoft Corporation

c23ea9b5f46c7f7910db3eab648ff013 aha154x.sys
Microsoft Corporation

19dd0fb48b0c18892f70e2e7d61a1529 aic78u2.sys
Microsoft Corporation

b7fe594a7468aa0132deb03fb8e34326 aic78xx.sys
Microsoft Corporation

1140ab9938809700b46bb88e46d72a96 aliide.sys
Acer Laboratories

cb08aed0de2dd889a8a820cd8082d83c alim1541.sys
Microsoft Corporation

95b4fb835e28aa1336ceeb07fd5b9398 amdagp.sys
Advanced Micro Devices

d7701d7e72243286cc88c9973d891057 amdk6.sys
Microsoft Corporation

8fce268cdbdd83b23419d1f35f42c7b1 amdk7.sys
Microsoft Corporation

79f5add8d24bd6893f2903a3e2f3fad6 amsint.sys
Microsoft Corporation

b5b8a80875c1dededa8b02765642c32f arp1394.sys
Microsoft Corporation

69eb0cc7714b32896ccbfd5edcbea447 asc3350p.sys
Microsoft Corporation

5d8de112aa0254b907861e9e9c31d597 asc3550.sys
Advanced System Products

62d318e9a0c8fc9b780008e724283707 asc.sys
Advanced System Products

d880831279ed91f9a4190a2db9539ea9 asctrm.sys
Windows DDK provider

b153affac761e7f5fcfa822b9c4e97bc asyncmac.sys
Microsoft Corporation

9f3a2f5aa6875c72bf062c712cfa2674 atapi.sys
Microsoft Corporation

d649c57da6fa762c64013747e5d7d2d6 ati1btxx.sys
ATI Technologies

60b6aa2dc1521da343f781b70eb7895a ati1mdxx.sys
ATI Technologies

6fdc61e8e8e17f6ecc2d9a10fa8df347 ati1pdxx.sys
ATI Technologies

9d318099bf3876a4af4bc75966d27603 ati1raxx.sys
ATI Technologies

bcaf267b10620f8c93f6e87ab726e145 ati1rvxx.sys
ATI Technologies

dac7d785cf62f5bd41441e9d6f5a6efe ati1snxx.sys
ATI Technologies

f7706dae7d101f1b19ce552d772ebfce ati1ttxx.sys
ATI Technologies

6f714b4720dd80ffa9f8d2731594ea4c ati1tuxx.sys
ATI Technologies

67ffbc158dd4d27ba3fc92c6acd87f73 ati1xbxx.sys
ATI Technologies

0d8cab1f08f7d3c4de228b49e12e596a ati1xsxx.sys
ATI Technologies

2d030c2f6b036ca0bc243e1b16d924d1 ati2mtaa.sys
ATI Technologies

03621f7f968ff63713943405deb777f9 ati2mtag.sys
ATI Technologies

993e7bd6438fe989e328c6b4bca246a9 atinbtxx.sys
ATI Technologies

ed4c2bf8403f4437987c0ba09cf48716 atinmdxx.sys
ATI Technologies

e90ac2b14e98f1a4372e5891b4278784 atinpdxx.sys
ATI Technologies

da36687d701c833430605a298731410b atinraxx.sys
ATI Technologies

a7a01b907db63898d40b0a14248ff9a2 atinrvxx.sys
ATI Technologies

ceddee2e0591894d19654d458fd3b9be atinsnxx.sys
ATI Technologies

d80a8f6c0a717446496c3a06d33b0d9c atinttxx.sys
ATI Technologies

edd66332608d27f4fd5069bcd0bc5164 atintuxx.sys
ATI Technologies

3e7d485cbd0b0d9f6ea2ad9442411831 atinxbxx.sys
ATI Technologies

77b575d7aab35d5908ae6ce681608d62 atinxsxx.sys
ATI Technologies

9916c1225104ba14794209cfa8012159 atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation

ae76348a2605fb197fa8ff1d6f547836 atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

f8e6956a614f15a0860474c5e2a7de6b avc.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

f934d1b230f84e1d19dd00ac5a7a83ed bridge.sys
Microsoft Corporation

b279426e3c0c344893ed78a613a73bde bthenum.sys
Microsoft Corporation

fca6f069597b62d42495191ace3fc6c1 bthmodem.sys
Microsoft Corporation

80602b8746d3738f5886ce3d67ef06b6 bthpan.sys
Microsoft Corporation

662bfd909447dd9cc15b1a1c366583b4 bthport.sys
Microsoft Corporation

bb68cebffd181e18a26112d1b9f90f3d bthprint.sys
Microsoft Corporation

61364cd71ef63b0f038b7e9df00f1efa bthusb.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

0be5aef125be881c4f854c554f2b025c ccdecode.sys
Microsoft Corporation

f3ec03299634490e97bbce94cd2954c7 cd20xrnt.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

c885b02847f5d2fd45a24e219ed93b32 cdfs.sys
Microsoft Corporation

1f4260cc5b42272d71f79e570a27a4fe cdrom.sys
Microsoft Corporation

b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies

fe47dd8fe6d7768ff94ebec6c74b2719 classpnp.sys
Microsoft Corporation

e5dcb56c533014ecbc556a8357c929d5 cmdide.sys
CMD Technology

3ee529119eed34cd212a215e8c40d4b6 cpqarray.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp

f50d9bdbb25cce075e514dc07472a22f crusoe.sys
Microsoft Corporation

1e41b8a10b9d78240c8bfacc269db155 ctac32k.sys
Creative Technology

9bf1aa0eac9c7d33ce4d8a152e151f60 ctaud2k.sys
Creative Technology

29f78d59b053cb8778f8426e4e24099c ctdvda2k.sys
Creative Technology

bfc40092329cf4ab838cc4a6f2fad659 CTGAME.SYS
Creative Technology

c52548b920482db03af8b49babd9fc48 ctoss2k.sys
Creative Technology

a6f4c70da545230d001915d8eb08d881 ctprxy2k.sys
Creative Technology

b39e55c1c5e28e016ee3848f2e34c205 ctsfm2k.sys
Creative Technology

e550e7418984b65a78299d248f0a7f36 dac2w2k.sys
Mylex Corporation

683789caa3864eb46125ae86ff677d34 dac960nt.sys
Microsoft Corporation

e65e2353a5d74ea89971cb918eeeb2f6 diskdump.sys
Microsoft Corporation

044452051f3e02e7963599fc8f4f3e25 disk.sys
Microsoft Corporation

d992fe1274bde0f84ad826acae022a41 dmboot.sys
Microsoft Corp

7c824cf7bbde77d95c08005717a95f6f dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45 dmusic.sys
Microsoft Corporation

40f3b93b4e5b0126f2f5c0a7a5e22660 dpti2o.sys
Microsoft Corporation

8f5fcff8e8848afac920905fbd9d33c8 drmkaud.sys
Microsoft Corporation

6cb08593487f5701d2d2254e693eafce drmk.sys
Microsoft Corporation

96bc8f872f0270c10edc3931f1c03776 drvmcdb.sys
Sonic Solutions

5afbec7a6ac61b211633dfdb1d9e0c89 drvnddm.sys
Sonic Solutions

dfeabb7cfffadea4a912ab95bdc3177a dsunidrv.sys
rH`||VS_VERSION_INFObb?StringFileInfodbCommentsvCompanyNameGtekoLtd.>vFileDescriptionGUniDriverbFileVersion,,,vInternalNameGUniDrivern%LegalCopyrightCopyright©-GtekoLtd.(LegalTrademarksFOriginalFilenameGUniDriver.sysPrivateBuildDProductNameGtekoDiagnostics<bProductVersion,,,SpecialBuildDVarFileInfo$Translationr*

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

ac7280566a7bb85cb3291f04ddc1198e dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

95974e66d3de4951d29e28e8bc0b644c e100b325.sys
Intel Corporation

5d70013d7e6602ec0a482f2985558c2d emupia2k.sys
Creative Technology

80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation

38d332a6d56af32635675f132548343e fastfat.sys
Microsoft Corporation

92cdd60b6730b9f50f6a1a0c1f8cdc81 fdc.sys
Microsoft Corporation

d45926117eb9fa946a6af572fbe1caa3 fips.sys
Microsoft Corporation

9d27e7b80bfcdf1cdd9b555862d5e7f0 flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0 fltmgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation

3a74c423cf6bcca6982715878f450a3b gagp30kx.sys
Microsoft Corporation

065639773d8b03f33577f6cdaea21063 gameenum.sys
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

7ec50a84b89dae3458cb0308739b80de ha10kx2k.sys
Creative Technology

02a6bad64177c56d8b86b198b38db361 haP16v2k.sys
Creative Technology

573c7d0a32852b48f3058cfd8026f511 hdaudbus.sys
Windows Server DDK provider

9131ede087af04a7d80f7ebadc164254 Hdaudio.sys
Windows Server DDK provider

7bd2de4c85eb4241eed57672b16a7d8d hidbth.sys
Microsoft Corporation

1af592532532a402ed7c060f6954004f hidclass.sys
Microsoft Corporation

bb1a6fb7d35a91e599973fa74a619056 hidir.sys
Microsoft Corporation

96eccf28fdbf1b2cc12725818a63628d hidparse.sys
Microsoft Corporation

ccf82c5ec8a7326c3066de870c06daf1 hidusb.sys
Microsoft Corporation

60de0d719dd083a8beb476da616d2811 hitmanpro35.sys

b028377dea0546a5fcfba928a8aefae0 hpn.sys
Microsoft Corporation

970178e8e003eb1481293830069624b9 hsfbs2s2.sys
Conexant

f59ed5a43b988a18ef582bb07b2327a7 HSF_CNXT.sys
Conexant

1225ebea76aac3c84df6c54fe5e5d8be hsfcxts2.sys
Conexant

ebb354438a4c5a3327fb97306260714a hsfdpsp2.sys
Conexant

60e1604729a15ef4a3b05f298427b3b1 HSF_DP.sys
Conexant

77e4ff0b73bc0aeaaf39bf0c8104231f HSFHWBS2.sys
Conexant

f80a415ef82cd06ffaf0d971528ead38 http.sys
Microsoft Corporation

9368670bd426ebea5e8b18a62416ec28 i2omgmt.sys
Microsoft Corporation

f10863bf1ccc290babd1a09188ae49e0 i2omp.sys
Microsoft Corporation

4a0b06aa8943c1e332520f7440c0aa30 i8042prt.sys
Microsoft Corporation

d593517879e65167df35f6015814ac59 iaStor.sys
Intel Corporation

083a052659f5310dd8b6a6cb05edcf8e imapi.sys
Microsoft Corporation

4a40e045faee58631fd8d91afc620719 ini910u.sys
Microsoft Corporation

b5466a9250342a7aa0cd1fba13420678 intelide.sys
Microsoft Corporation

8c953733d8f36eb2133f5bb58808b66b intelppm.sys
Microsoft Corporation

3bb22519a194418d5fec05d800a19ad0 ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

b87ab476dcf76e72010632b5550955f5 ipinip.sys
Microsoft Corporation

cc748ea12c6effde940ee98098bf96bb ipnat.sys
Microsoft Corporation

23c74d75e36e7158768dd63d92789a91 ipsec.sys
Microsoft Corporation

9121d8ffff773c66bbf4955e4f7aac23 iqvw32.sys
Intel Corporation

c93c9ff7b04d772627a3646d89f7bf89 irenum.sys
Microsoft Corporation

05a299ec56e52649b1cf2fc52d20f2d7 isapnp.sys
Microsoft Corporation

58e61ef6103adaae6cef20ef28fe5a42 janbvzhu.sys
Microsoft Corporation

463c1ec80cd17420a542b7f36a36f128 kbdclass.sys
Microsoft Corporation

9ef487a186dea361aa06913a75b3fa99 kbdhid.sys
Microsoft Corporation

692bcf44383d056aed41b045a323d378 kmixer.sys
Microsoft Corporation

b467646c54cc746128904e1654c750c1 ksecdd.sys
Microsoft Corporation

0753515f78df7f271a5e61c20bcd36a1 ks.sys
Microsoft Corporation

d68e165c3123aba3b1282eddb4213bd8 mbamswissarmy.sys
Malwarebytes Corporation

836e0e09ca9869be7eb39ef2cf3602c7 mbam.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

eeaea6514ba7c9d273b5e87c4e1aab30 mdmxsdk.sys
Conexant

a7da20ab18a1bdae28b0f349e57da0d1 mf.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

1992e0d143b09653ab0f9c5e04b0fd65 MODEMCSA.sys
Microsoft Corporation

dfcbad3cec1c5f964962ae10e0bcc8e1 modem.sys
Microsoft Corporation

35c9e97194c8cfb8430125f8dbc34d04 mouclass.sys
Microsoft Corporation

b1c303e17fb9d46e87a98e4ba6769685 mouhid.sys
Microsoft Corporation

a80b9a0bad1b73637dbcbba7df72d3fd mountmgr.sys
Microsoft Corporation

7e34bfa1a7b60bba1da03d677f16cd63 MpFilter.sys
Microsoft Corporation

3f4bb95e5a44f3be34824e8e7caf0737 mraid35x.sys
American Megatrends

11d42bb6206f33fbb3ba0288d3ef81bd mrxdav.sys
Microsoft Corporation

f3aefb11abc521122b67095044169e98 mrxsmb.sys
Microsoft Corporation

1477849772712bac69c144dcf2c9ce81 msdv.sys
Microsoft Corporation

c941ea2454ba8350021d774daf0f1027 msfs.sys
Microsoft Corporation

0a02c63c8b144bd8c86b103dee7c86a2 msgpc.sys
Microsoft Corporation

d1575e71568f4d9e14ca56b7b0453bf1 mskssrv.sys
Microsoft Corporation

325bb26842fc7ccc1fcce2c457317f3e mspclock.sys
Microsoft Corporation

bad59648ba099da4a17680b39730cb3d mspqm.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136 mssmbios.sys
Microsoft Corporation

e53736a9e30c45fa9e7b5eac55056d1d mstee.sys
Microsoft Corporation

c53775780148884ac87c455489a0c070 mtlmnt5.sys
Smart Link

54886a652bf5685192141df304e923fd mtlstrm.sys
Smart Link

6dda78a0be692b61b668fab860f276cf mtxparhm.sys
Matrox Graphics

2f625d11385b1a94360bfc70aaefdee1 mup.sys
Microsoft Corporation

b538dcd9816ea35fa4f637cfc261aaa8 mutohpen.sys
Microsoft Corporation

5b50f1b2a2ed47d560577b221da734db nabtsfec.sys
Microsoft Corporation

7ff1f1fd8609c149aa432f95a8163d97 ndisip.sys
Microsoft Corporation

1df7f42665c94b825322fae71721130d ndis.sys
Microsoft Corporation

1ab3d00c991ab086e69db84b6c0ed78f ndistapi.sys
Microsoft Corporation

f927a4434c5028758a842943ef1a3849 ndisuio.sys
Microsoft Corporation

edc1531a49c80614b2cfda43ca8659ab ndiswan.sys
Microsoft Corporation

9282bd12dfb069d3889eb3fcc1000a9b ndproxy.sys
Microsoft Corporation

5d81cf9a2f1a3a756b66cf684911cdf0 netbios.sys
Microsoft Corporation

74b2b2f5bea5e9a3dc021d685551bd3d netbt.sys
Microsoft Corporation

e9e47cfb2d461fa0fc75b7a74c6383ea nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

1e421a6bcf2203cc61b821ada9de878b nmnt.sys
Microsoft Corporation

58e61ef6103adaae6cef20ef28fe5a42 nmxymaeo.sys
Microsoft Corporation

3182d64ae053d6fb034f44b6def8034a npfs.sys
Microsoft Corporation

78a08dd6a8d65e697c18e1db01c5cdca ntfs.sys
Microsoft Corporation

576b34ceae5b7e5d9fd2775e93b3db53 ntmtlfax.sys
Smart Link

73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation

2b298519edbfcf451d43e0f1e8f1006d nv4_mini.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

8b8b1be2dba4025da6786c645f77f123 nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

58e61ef6103adaae6cef20ef28fe5a42 nzuijilj.sys
Microsoft Corporation

ca33832df41afb202ee7aeb05145922f ohci1394.sys
Microsoft Corporation

53d5f1278d9edb21689bbbcecc09108d omci.sys
Dell Computer Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

c90018bafdc7098619a4a95b046b30f3 p3.sys
Microsoft Corporation

5575faf8f97ce5e713d108c2a58d7c7c parport.sys
Microsoft Corporation

beb3ba25197665d82ec7065b724171c6 partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation

175cc28dcf819f78caa3fbd44ad9e52a pccsmcfd.sys
tH`NVS_VERSION_INFOU?StringFileInfob,CompanyNameNokiafFileDescriptionPCCSModeChangeFilterDrivertFileVersion...:rInternalNamepccsmcfd.sysLegalCopyrightCopyright©,.Nokia.Allrightsreserved.BrOriginalFilenamepccsmcfd.sysDVarFileInfo$Translationt*

ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys
Microsoft Corporation

52e60f29221d0d1ac16737e8dbf7c3e9 pciidex.sys
Microsoft Corporation

a219903ccf74233761d92bef471a07b1 pci.sys
Microsoft Corporation

9e89ef60e9ee05e3f2eef2da7397f1c1 pcmcia.sys
Microsoft Corporation

f50f7c27f131afe7beba13e14a3b9416 perc2hib.sys
Microsoft Corporation

6c14b9c19ba84f73d3a86dba11133101 perc2.sys
Microsoft Corporation

fefc8ebc170615068c3305dbee2667dd pfmodnt.sys
Creative Technology

5c20da8a3690bfeb76b5be805890069d PnkBstrK.sys

e82a496c3961efc6828b508c310ce98f portcls.sys
Microsoft Corporation

a32bebaf723557681bfc6bd93e98bd26 processr.sys
Microsoft Corporation

09298ec810b07e5d582cb3a3f9255424 psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

7c81ae3c9b82ba2da437ed4d31bc56cf pxhelp20.sys
Sonic Solutions

0a63fb54039eb5662433caba3b26dba7 ql1080.sys
QLogic Corporation

6503449e1d43a0ff0201ad5cb1b8c706 ql10wnt.sys
Microsoft Corporation

156ed0ef20c15114ca097a34a30d8a01 ql12160.sys
QLogic Corporation

70f016bebde6d29e864c1230a07cc5e6 ql1240.sys
Microsoft Corporation

907f0aeea6bc451011611e732bd31fcf ql1280.sys
QLogic Corporation

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation

11b4a627bc9614b885c4969bfa5ff8a6 rasl2tp.sys
Microsoft Corporation

5bc962f2654137c9909c3d4603587dee raspppoe.sys
Microsoft Corporation

efeec01b1d3cf84f16ddd24d9d9d8f99 raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

7ad224ad1a1437fe28d89cf22b17780a rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1 rdpdr.sys
Microsoft Corporation

6728e45b66f93c08f11de2e316fc70dd rdpwd.sys
Microsoft Corporation

e9aaa0092d74a9d371659c4c38882e12 recagent.sys
Smart Link

f828dd7e1419b6653894a8f97a0094c5 redbook.sys
Microsoft Corporation

851c30df2807fcfa21e4c681a7d6440e rfcomm.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

96f7a9a7bf0c9c0440a967440065d33c rmcast.sys
Microsoft Corporation

601844cbcf617ff8c868130ca5b2039d rndismp.sys
Microsoft Corporation

726548542afeca56257ff01eb13bb6d7 rndismpx.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

0dbcc071a268e0340a2ba6bdd98bace4 s3gnbm.sys
SGraphics

76c465f570e90c28942d52ccb2580a10 scsiport.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

0f29512ccd6bead730039fb4bd2c85ce serenum.sys
Microsoft Corporation

cca207a8896d4c6a0c9ce29a4ae411a7 serial.sys
Microsoft Corporation

0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys
Microsoft Corporation

d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac sffp_sd.sys
Microsoft Corporation

8e6b8c671615d126fdc553d1e2de5562 sfloppy.sys
Microsoft Corporation

6b33d0ebd30db32e27d1d78fe946a754 sisagp.sys
Silicon Integrated Systems

866d538ebe33709a5c9f5c62b73b7d14 slip.sys
Microsoft Corporation

d9673011648a71ed1e1f77b831bc85e6 slnt7554.sys
Smart Link

2c1779c0feb1f4a6033600305eba623a slntamr.sys
Smart Link

f9b8e30e82ee95cf3e1d3e495599b99c slnthal.sys
Smart Link

db56bb2c55723815cf549d7fc50cfceb slwdmsup.sys
Smart Link

895be38a993b9bd5abbe570d63d88a2e smbali.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

489703624dac94ed943c2abda022a1cd sonydcam.sys
Microsoft Corporation

83c0f71f86d3bdaf915685f3d568b20e sparrow.sys
Adaptec

ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys
Microsoft Corporation

76bb022c2fb6902fd5bdd4f78fc13a5d sr.sys
Microsoft Corporation

0f6aefad3641a657e18081f52d0c15af srv.sys
Microsoft Corporation

eaa66218cd39f5bb1b4853a78c67c787 ss_bbus.sys
MCCI SAMSUNG

f8a771c5a63dc641772b7a3b05af173f ss_bcmnt.sys
MCCI SAMSUNG

f8a771c5a63dc641772b7a3b05af173f ss_bcm.sys
MCCI SAMSUNG

91765f99914ed8693d8bc76524f21581 ss_bmdfl.sys
MCCI SAMSUNG

840e7b738b03c10ee91d9b7d3d6eff15 ss_bmdm.sys
MCCI SAMSUNG

29b73d03ae6edabb88e50364b066a6ca ss_bwhnt.sys
MCCI SAMSUNG

29b73d03ae6edabb88e50364b066a6ca ss_bwh.sys
MCCI SAMSUNG

98625722ad52b40305e74aaa83c93086 sscdbhk5.sys
Sonic Solutions

d79412e3942c8a257253487536d5a994 ssrtln.sys
Sonic Solutions

306521935042fc0a6988d528643619b3 StarOpen.sys

1c9ee2c640b6f899cc3d84bcd1ea526f StMp3Rec.sys
tHVS_VERSION_INFO'?tStringFileInfobCommentsbCompanyNameGenericdFileDescriptionGenericMPPlayerUSBDriver>FileVersion,,,:rInternalNameStMpRec.sysNLegalCopyrightAllrightsreserved.(LegalTrademarksBrOriginalFilenameStMpRec.sysPrivateBuildFProductNameGenericMPPlayerBProductVersion,,,SpecialBuildDVarFileInfo$Translationtdhlp

77813007ba6265c4b6098187e6ed79d2 streamip.sys
Microsoft Corporation

3e5d89099ded9e86e5639f411693218f stream.sys
Microsoft Corporation

3941d127aef12e93addf6fe6ee027e0f swenum.sys
Microsoft Corporation

8ce882bcc6cf8a62f2b2323d95cb3d01 swmidi.sys
Microsoft Corporation

1ff3217614018630d0a6758630fc698c symc810.sys
Symbios Logic

070e001d95cf725186ef8b20335f933c symc8xx.sys
LSI Logic

80ac1c4abbe2df3b738bf15517a51f2c sym_hi.sys
LSI Logic

bf4fab949a382a8e105f46ebb4937058 sym_u3.sys
LSI Logic

8b83f3ed0f1688b4958f77cd6d2bf290 sysaudio.sys
Microsoft Corporation

fd6093e3decd925f1cffc8a0dd539d72 tape.sys
Microsoft Corporation

4e53bbcc4be37d7a4bd6ef1098c89ff7 tcpip6.sys
Microsoft Corporation

9aefa14bd6b182d61e3119fa5f436d3d tcpip.sys
Microsoft Corporation

0539d5e53587f82d1b4fd74c5be205cf tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397 tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

f2790f6af01321b172aa62f8e1e187d9 toside.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation

8f861eda21c05857eb8197300a92501c tunmp.sys
Microsoft Corporation

d85938f272d1bcf3db3a31fc0a048928 uagp35.sys
Microsoft Corporation

5787b80c2e3c5e2f56c2a233d91fa2c9 udfs.sys
Microsoft Corporation

1b698a51cd528d8da4ffaed66dfc51b9 ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

402ddc88356b1bac0ee3dd1580c76a31 update.sys
Microsoft Corporation

bee793d4a059caea55d6ac20e19b3a8f usb8023.sys
Microsoft Corporation

b6cc50279d6cd28e090a5d33244adc9a usb8023x.sys
Microsoft Corporation

4b8a9c16b6d9258ed99c512aecb8c555 usbaapl.sys
Apple

ce97845d2e3f0d274b8bac1ed07c6149 usbcamd2.sys
Microsoft Corporation

1c1a47b40c23358245aa8d0443b6935e usbcamd.sys
Microsoft Corporation

173f317ce0db8e21322e71b7e60a27e8 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

65dcf09d0e37d4c6b11b5b0b76d470a7 usbehci.sys
Microsoft Corporation

1ab3cdde553b6e064d2e754efe20285c usbhub.sys
Microsoft Corporation

290913dc4f1125e5a82de52579a44c43 usbintel.sys
Microsoft Corporation

791912e524cc2cc6f50b5f2b52d1eb71 usbport.sys
Microsoft Corporation

a717c8721046828520c9edf31288fc00 usbprint.sys
Microsoft Corporation

a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys
Microsoft Corporation

a32426d9b14a089eaa1d922e0c5801a9 usbstor.sys
Microsoft Corporation

26496f9dee2d787fc3e61ad54821ffe6 usbuhci.sys
Microsoft Corporation

63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

0d3a8fafceacd8b7625cd549757a7df1 vga.sys
Microsoft Corporation

754292ce5848b3738281b4f3607eaef4 viaagp.sys
Microsoft Corporation

3b3efcda263b8ac14fdf9cbdd0791b2e viaide.sys
Microsoft Corporation

e28726b72c46821a28830e077d39a55b videoprt.sys
Microsoft Corporation

4c8fcb5cc53aab716d810740fe59d025 volsnap.sys
Microsoft Corporation

aced8c149b30f8496c237bcba3727b48 wacompen.sys
Microsoft Corporation

0308aef61941e4af478fa1a0f83812f5 wadv07nt.sys
Intel Corporation

714038a8aa5de08e12062202cd7eaeb5 wadv08nt.sys
Intel Corporation

7bb3aa595e4507a788de1cdc63f4c8c4 wadv09nt.sys
Intel Corporation

36e6c405b6143d09687f4056fd9a0d10 wadv11nt.sys
Intel Corporation

e20b95baedb550f32dd489265c1da1f6 wanarp.sys
Microsoft Corporation

0a716c08cb13c3a8f4f51e882dbf7416 wanatw4.sys
America Online

352fa0e98bc461ce1ce5d41f64db558d watv06nt.sys
Intel Corporation

791cc45de6e50445be72e8ad6401ff45 watv10nt.sys
Intel Corporation

6768acf64b18196494413695f0c3a00f wdmaud.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

c98b39829c2bbd34e454150633c62c78 wstcodec.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation


Thanks

Martha

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 June 2011 - 01:45 PM

  • Boot the computer with the USB drive again.
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:
    explorer.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:
    wininit.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:
    winlogon.exe

  • Press Enter
  • After the search is completed type Exit
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Please post it for my review

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 03 June 2011 - 09:48 AM

Hi

Filefind.txt is below:


Search results for explorer.exe

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda2/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda2/WINDOWS/ServicePackFiles/i386/explorer.exe
1009.5K Apr 14 2008

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda2/WINDOWS/explorer.exe
1009.5K Apr 14 2008

97bd6515465659ff8f3b7be375b2ea87 /mnt/sda2/WINDOWS/$NtServicePackUninstall$/explorer.exe
1009.0K Jun 13 2007


Search results for wininit.exe


Search results for winlogon.exe

01c3346c241652f43aed8e2149881bfe /mnt/sda2/i386/winlogon.exe
490.5K Aug 4 2004

ed0ef0a136dec83df69f04118870003e /mnt/sda2/WINDOWS/system32/winlogon.exe
496.0K Apr 14 2008

ed0ef0a136dec83df69f04118870003e /mnt/sda2/WINDOWS/ServicePackFiles/i386/winlogon.exe
496.0K Apr 14 2008

01c3346c241652f43aed8e2149881bfe /mnt/sda2/WINDOWS/$NtServicePackUninstall$/winlogon.exe
490.5K Aug 4 2004

Thanks

Martha

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 03 June 2011 - 01:26 PM

Download http://noahdfear.net/downloads/rst.sh to the USB drive
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it


Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 June 2011 - 03:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#10 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 06 June 2011 - 11:01 AM

Hi

Sorry for the delay in replying. Whenever I download reports onto the USB the next time I try and use it to do the next step it is not shown in the mnt. I have to clear the USB and download XPUD again. It then seems to work fine. I thought it was because I was using an old USB but I got a new one and it happened the same way. The Enum.log is attached

Thanks

Martha

Attached File(s)

  • Attached File  enum.log (4.8K)
    Number of downloads: 4

#11 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 June 2011 - 01:11 PM

Hello

if you have the problem of seeing the USB again, remove it and plug it back in

Let's see if there is an available registry backup we can use to help get your computer booting properly
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Type 110
  • Press Enter
  • After it has finished a report will be located at sdb1 named restore.log
  • Please try to boot into normal Windows now and indicate if you were successful


Please note - all text entries are case sensitive

Copy and paste the restore.log from your USB drive for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#12 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 06 June 2011 - 01:38 PM

Hi

I have done the steps above. When I try and start windows I get the following message:

Your computer cannot be restored to 6 June 2011. The restoration is incomplete. It was interrupted by an improper shutdown. You should undo this restore or choose another restore point. To choose another restore point restart System Restore.

Restore log below:


SOFTWARE hive restored from RP110
SYSTEM hive restored from RP110
SECURITY hive restored from RP110
SAM hive restored from RP110


Thanks

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 June 2011 - 01:46 PM

try the same thing but use 116


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   Martha Lace 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 11-May 11

Posted 06 June 2011 - 02:49 PM

Hi

Computer started fine this time.

Log File as follows:

SOFTWARE hive restored from RP116
SYSTEM hive restored from RP116
SECURITY hive restored from RP116
SAM hive restored from RP116


Martha

#15 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 June 2011 - 03:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users