BleepingComputer.com: Google redirect and iexplore.exe issue

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Google redirect and iexplore.exe issue Unsure how to remove

#1 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 26 October 2011 - 09:59 AM

I have been having trouble with the google redirect / iexplore.exe malware that I have seen posted in other threads. The primary symptoms are: 1) When I do a google search, pressing a link in the results opens an advertisement page. The links do work from time to time. 2) Audio commercials play on my computer. If I kill the iexplore.exe process, the commercials stop. 3) I get messages saying that Internet Explorer was closed and is attempting to restart. 4) An iexplore.exe process starts by itself, even if I am not running Internet Explorer.

I tried following the posts on the other topics, and the problem is not fixed. I have tried running Malwarebytes, HijackThis, Spybot S&D, SuperAntiSpyware and Windows Defender, and nothing has fixed the problem. Below are the logs from DDS and GMER. When I ran GMER, it only let me choose Services, Registry and Files because the other options were grayed out. I also attached the attach.txt file.

Thanks in advance for your help.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29
Run by Jonathan at 9:49:22 on 2011-10-26
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.659 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\pnusbvirtualhubwssrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\pnssosvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jonathan\Desktop\gmer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Jonathan\Desktop\gmer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=us&.done=http%3A%2F%2Fwww.yahoo.com%2F
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc1.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{62254B73-AF28-4AF5-9CEC-99CC03612753} : DhcpNameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{E0F900BE-74EB-4B91-AFAC-42CDFB8B0ADB} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jonathan\appdata\roaming\mozilla\firefox\profiles\k3c9mxby.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg1.mail.yahoo.com%2Fdc%2Flaunch%3F.rand%3D7hlm7u337ql3b
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\jonathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-2 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-12 366152]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-3-25 223088]
R2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\drivers\pnpnptool.sys [2010-6-16 33488]
R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe [2010-6-16 398832]
R3 fwlcrkow;fwlcrkow;c:\users\jonathan\appdata\local\temp\fwlcrkow.sys [2011-10-26 100864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-12 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-4-8 161144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 pnusbd;Quest RDP USB Driver;c:\windows\system32\drivers\pnusbd.sys [2010-6-16 19920]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-12-2 16896]
S4 OracleJobSchedulerDBJCZA;OracleJobSchedulerDBJCZA;c:\oracle\product\10.2.0\db_1\bin\extjob.exe dbjcza --> c:\oracle\product\10.2.0\db_1\bin\extjob.exe DBJCZA [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\bin\tnslsnr --> c:\oracle\product\10.2.0\db_1\bin\TNSLSNR [?]
S4 OracleServiceDBJCZA;OracleServiceDBJCZA;c:\oracle\product\10.2.0\db_1\bin\oracle.exe dbjcza --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE DBJCZA [?]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
.
=============== Created Last 30 ================
.
2011-10-26 12:56:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{73ee83f9-7046-4f0b-a8ba-a746f455692a}\offreg.dll
2011-10-26 12:17:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-25 12:57:38 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{73ee83f9-7046-4f0b-a8ba-a746f455692a}\mpengine.dll
2011-10-19 19:56:25 -------- d-----w- c:\program files\CCleaner
2011-10-19 19:52:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-19 19:52:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-19 19:49:33 -------- d-----w- c:\users\jonathan\appdata\roaming\SUPERAntiSpyware.com
2011-10-19 19:48:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-19 19:48:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 19:09:17 -------- d-----w- c:\program files\ESET
2011-10-19 19:02:20 388096 ----a-r- c:\users\jonathan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-19 19:02:16 -------- d-----w- c:\program files\Trend Micro
2011-10-19 18:46:30 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-19 18:46:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-19 18:07:05 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-19 16:58:54 -------- d-----w- C:\ComboFix
2011-10-19 15:49:38 -------- d-----w- c:\users\jonathan\appdata\local\temp
2011-10-19 14:48:15 98816 ----a-w- c:\windows\sed.exe
2011-10-19 14:48:15 518144 ----a-w- c:\windows\SWREG.exe
2011-10-19 14:48:15 256000 ----a-w- c:\windows\PEV.exe
2011-10-19 14:48:15 208896 ----a-w- c:\windows\MBR.exe
2011-10-19 12:10:41 -------- d-----w- c:\windows\pss
2011-10-14 02:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-10-14 02:22:02 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-10-14 02:22:02 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-10-14 02:20:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-14 02:18:56 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 02:18:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 02:18:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-14 02:18:56 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 12:34:43 -------- d-----w- c:\users\jonathan\appdata\roaming\Malwarebytes
2011-10-12 12:34:22 -------- d-----w- c:\programdata\Malwarebytes
2011-10-12 12:34:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 12:34:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 22:11:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-02 22:11:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-02 22:11:25 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-02 22:11:25 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-02 22:11:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-02 22:11:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-02 22:11:25 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-02 22:11:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 9:56:06.80 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-26 10:56:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwlcrkow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Usage@HandWritingFiles 1062926988
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Jonathan\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report113cc5cf

---- EOF - GMER 1.0.15 ----

Attached File(s)


#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 October 2011 - 09:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 30 October 2011 - 06:06 PM

I ran comboxfix and still have the same problem. Here is the log:

ComboFix 11-10-30.03 - Jonathan 10/30/2011 15:30:33.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.1135 [GMT -4:00]
Running from: c:\users\Jonathan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 20:13 . 2011-10-30 20:13 -------- d-----w- c:\users\Tracey\AppData\Local\temp
2011-10-30 20:13 . 2011-10-30 20:13 -------- d-----w- c:\users\Tracey.Jonathan-PC\AppData\Local\temp
2011-10-30 20:13 . 2011-10-30 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 18:54 . 2011-10-30 18:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25808A8D-CB79-4051-AC02-B5CAFC2E1F7E}\offreg.dll
2011-10-28 12:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25808A8D-CB79-4051-AC02-B5CAFC2E1F7E}\mpengine.dll
2011-10-26 12:17 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-20 14:18 . 2011-10-20 14:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-19 19:56 . 2011-10-19 19:56 -------- d-----w- c:\program files\CCleaner
2011-10-19 19:52 . 2011-10-26 13:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-19 19:52 . 2011-10-19 19:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-19 19:49 . 2011-10-19 19:49 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
2011-10-19 19:48 . 2011-10-19 19:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 19:48 . 2011-10-19 19:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-19 19:09 . 2011-10-19 19:09 -------- d-----w- c:\program files\ESET
2011-10-19 19:02 . 2011-10-19 19:02 388096 ----a-r- c:\users\Jonathan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 19:02 . 2011-10-19 19:02 -------- d-----w- c:\program files\Trend Micro
2011-10-19 18:46 . 2011-10-03 09:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-19 18:46 . 2011-10-03 09:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-19 15:49 . 2011-10-30 20:15 -------- d-----w- c:\users\Jonathan\AppData\Local\temp
2011-10-14 02:22 . 2011-09-30 23:06 916480 ----a-w- c:\windows\system32\wininet.dll
2011-10-14 02:22 . 2011-09-30 23:05 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-10-14 02:22 . 2011-09-30 23:01 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-10-14 02:20 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-14 02:18 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 02:18 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 02:18 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 02:18 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 12:34 . 2011-10-12 12:34 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2011-10-12 12:34 . 2011-10-12 12:34 -------- d-----w- c:\programdata\Malwarebytes
2011-10-12 12:34 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 12:34 . 2011-10-12 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 22:11 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-02 22:11 . 2011-09-29 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-02 22:11 . 2011-09-29 06:53 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-02 22:11 . 2011-09-29 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-02 22:11 . 2011-09-29 06:53 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-02 22:11 . 2011-09-29 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-02 22:11 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-02 22:11 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 04:35 . 2011-08-31 04:35 489672 ----a-w- c:\users\Tracey.Jonathan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2010-03-11 05:01 . 2010-03-11 05:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 05:40 . 2010-03-11 05:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 05:02 . 2010-03-11 05:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 05:01 . 2010-03-11 05:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 05:01 . 2010-03-11 05:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 05:00 . 2010-03-11 05:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 05:01 . 2010-03-11 05:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 05:01 . 2010-03-11 05:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 18:49 . 2009-10-05 18:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 05:02 . 2010-03-11 05:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-09-29 06:53 . 2011-10-02 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-25 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-9-25 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2011-04-08 15:46 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-07-11 23:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-21 19:33 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-11 05:21 300400 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 15:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 21:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnusbclitray]
2009-07-06 04:34 66896 ----a-w- c:\windows\System32\PNUSBCLITRAY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-11-20 17:51 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 23:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe Start=service [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys [2010-06-16 19920]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-18 16896]
R4 OracleJobSchedulerDBJCZA;OracleJobSchedulerDBJCZA;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe DBJCZA [x]
R4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x]
R4 OracleServiceDBJCZA;OracleServiceDBJCZA;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE DBJCZA [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-03-25 223088]
S2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys [2010-06-16 33488]
S2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe [2010-06-16 398832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 17:46]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 17:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=us&.done=http%3A%2F%2Fwww.yahoo.com%2F
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\k3c9mxby.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.intl=us&.done=http%3A%2F%2Fus.mg1.mail.yahoo.com%2Fdc%2Flaunch%3F.rand%3D7hlm7u337ql3b
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 16:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-30 16:34:39
ComboFix-quarantined-files.txt 2011-10-30 20:34
ComboFix2.txt 2011-10-19 18:13
ComboFix3.txt 2011-10-19 16:25
.
Pre-Run: 8,821,891,072 bytes free
Post-Run: 8,734,879,744 bytes free
.
- - End Of File - - 9C9A875D2B139338C348312A8915A05A

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 October 2011 - 06:32 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 30 October 2011 - 06:58 PM

I tried running tdsskiller, and nothing happened. I renamed it fun.exe and then fun.com, and it still would not run.

#6 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 October 2011 - 09:05 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 30 October 2011 - 11:13 PM

That did not work so well. I ran fixTDSS, and it said that an infected MBR was detected. I had the program repair it, and it said it was repaired successfully. I restarted my computer, and after I pressed <ctrl>+<alt>+<del> to log in, I got the blue screen of death after a few seconds and my computer restarted. I tried this several times with the same results; it did not matter if I tried to enter my login password or not. I can start my computer in safe mode.

#8 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 30 October 2011 - 11:28 PM

Small correction. When I start my computer, I don't even have to press ctrl+alt+del to get the blue screen and the restart. I just have to let the screen sit for 5 seconds or so.

#9 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 31 October 2011 - 12:11 AM

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.

  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.

  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:

  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":

  • Type the following into the "Command Prompt Window": and press enter

      bootrec.exe /fixmbr


If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixboot

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#10 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 31 October 2011 - 07:45 AM

I can get to the Advanced Boot Options, but I don't have a Repair Your Computer option. I'm running Vista, so I don't know if that makes a difference. This is what I have:
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable low-resolution video (640x480)
Last Known Good Configuration (Advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart of system failure
Disable Driver Signature Enforcement
Start Windows Normally

Thanks for all of your help with this!

#11 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 31 October 2011 - 08:29 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#12 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 31 October 2011 - 09:29 PM

Everything happened just as you said. Here is report.txt:
Mon Oct 31 22:07:17 UTC 2011
Driver report for /mnt/sda3/Windows/System32/drivers
57bbaef27dc790160245b43eb6dcd576 swmsflt.sys has NO Company Name!

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

82b296ae1892fe3dbee00c9cf92f8ac7 acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

3911b972b55fea0478476b2e777b29fa afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

93ae7f7dd54ab986a6f1a1b37be7442d amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

53b202abee6455406254444303e87be1 asyncmac.sys
Microsoft Corporation

1f05b78ab91c9075565a9d8a4b880bc4 atapi.sys
Microsoft Corporation

64b0052340b8ec28fa8a56b708ae71cc ataport.sys
Microsoft Corporation

554685122b4f973e21d66c2baaf29543 atikmdag.sys
ATI Technologies

a356e45e8432432c06981ea63a1e0fe8 AtiPcie.sys
ATI Technologies

2b8a5a8879238c3ba9a89a8e3ac4e45d battc.sys
Microsoft Corporation

cd4646067cc7dcba1907fa0acf7e3966 bcm4sbxp.sys
Broadcom Corporation

746f59822a5187510471fc46889b8cc9 BCMWL6.SYS
Broadcom Corporation

9f5f8f2318dfa3974a6f6a5602733929 bdasup.sys
Microsoft Corporation

67e506b75bd5326a3ec7b70bd014dfb6 beep.sys
Microsoft Corporation

35f376253f687bde63976ccb3f2108ca bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

b1564976d98e91fc764d5dc28a0297da bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

7add03e75beb9e6dd102c3081d29840a cdfs.sys
Microsoft Corporation

bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions

2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions

6b4bffb9becd728097024276430db314 cdrom.sys
Microsoft Corporation

da8e0afc7baa226c538ef53ac2f90897 circlass.sys
Microsoft Corporation

0767b09c74d935a590b4879d14463b64 Classpnp.sys
Microsoft Corporation

99afc3795b58cc478fbbbcdc658fcb56 CmBatt.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

6afef0b60fa25de07c0968983ee4f60a compbatt.sys
Microsoft Corporation

36975327ef03949cc378ab01e316b574 crashdmp.sys
Microsoft Corporation

2a213ae086bbec5e937553c7d9a2b22c crcdisk.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

9bdb2e89be8d0ef37b1f25c3d3fc192c csc.sys
Microsoft Corporation

cb6ff7012bb5d59d7c12350db795ce1f ctxusbm.sys
tH`VS_VERSION_INFOvizviz?aStringFileInfojBJCompanyNameCitrixSystems,Inc.ZFileDescriptionCitrixUSBFilterDriver:rFileVersion...bInternalNamectxusbm.sys~-LegalCopyrightCopyright©-CitrixSystems,Inc.@bOriginalFilenamectxusbm.sysDProductNameCitrixICAClientaProductVersion..DVarFileInfo$Translationt

b5ecadf7708960f1818c7fa015f4c239 CVirtA.sys
Cisco Systems

1c2999966f0f36aa44eaecbee70cf770 CVPNDRVA.sys
Cisco Systems

622c41a07ca7e6dd91770f50d532cb6c dfsc.sys
Microsoft Corporation

494075282e23d838f43a4c9fb7143959 Diskdump.sys
Microsoft Corporation

5d4aefc3386920236a548271f8f1af6a disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

7b4fdfbe97c047175e613aa96f3de987 dne2000.sys
tH`VS_VERSION_INFO>>?bStringFileInfo>bZCompanyNameDeterministicNetworks,Inc.fFileDescriptionDeterministicNetworkEnhancer:rFileVersion...(InternalNameDNETLegalCopyrightCopyright©-@bOriginalFilenameDNE.SYS,BuildNumber>rProductVersion...DVarFileInfo$Translationt|

80bf3ba09f6f2523c8f6b7cc6dbf7bd5 Dot4Prt.sys
Microsoft Corporation

4f59c172c094e1a1d46463a8dc061cbd Dot4.sys
Microsoft Corporation

c55004ca6b419b6695970dfe849b122f Dot4usb.sys
Microsoft Corporation

97fef831ab90bee128c9af390e243f80 drmkaud.sys
Microsoft Corporation

7be5a3c671a2cb56e94403bfc2020a0d drmk.sys
Microsoft Corporation

c67ebf9c05531c406e1e079ff669a2e6 Dumpata.sys
Microsoft Corporation

eaaafef04fbb45665c9576e525d45a12 dxapi.sys
Microsoft Corporation

c68ac676b0ef30cfbb1080adce49eb1f dxgkrnl.sys
Microsoft Corporation

c8d5369bfe193b5fb53337dce77ce314 dxg.sys
Microsoft Corporation

f88fb26547fd2ce6d0a5af2985892c48 E1G60I32.sys
Intel Corporation

7f64ea048dcfac7acf8b4d7b4e6fe371 ecache.sys
Microsoft Corporation

7ec42ec12a4bac14bcca99fb06f2d125 elagopro.sys
rH`fVS_VERSION_INFO!!?aStringFileInfobCommentsvCompanyNameGtekoLtd.hFileDescriptionGteko'sGoProtoprotocoldriverbFileVersion,,,bInternalNameGoProto.sysn%LegalCopyrightCopyright©-GtekoLtd.(LegalTrademarks@bOriginalFilenameGoProto.sysPrivateBuildb!ProductNameGtekoDiagnosticsNetworkModule<bProductVersion,,,SpecialBuildDVarFileInfo$Translationt*

dfeabb7cfffadea4a912ab95bdc3177a elaunidr.sys
rH`||VS_VERSION_INFObb?StringFileInfodbCommentsvCompanyNameGtekoLtd.>vFileDescriptionGUniDriverbFileVersion,,,vInternalNameGUniDrivern%LegalCopyrightCopyright©-GtekoLtd.(LegalTrademarksFOriginalFilenameGUniDriver.sysPrivateBuildDProductNameGtekoDiagnostics<bProductVersion,,,SpecialBuildDVarFileInfo$Translationr*

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

22b408651f9123527bcee54b4f6c5cae exfat.sys
Microsoft Corporation

1e9b9a70d332103c52995e957dc09ef8 fastfat.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

a8c0139a884861e3aae9cfe73b208a9f fileinfo.sys
Microsoft Corporation

0ae429a696aecbc5970e3cf2c62635ae filetrace.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

01334f9ea68e6877c4ef05d3ea8abb05 fltMgr.sys
Microsoft Corporation

65ea8b77b5851854f0c55c43fa51a198 fs_rec.sys
Microsoft Corporation

73594dbc99e22958150192ee99bc48ce FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

062452b7ffd68c8c042a6261fe8dff4a hdaudbus.sys
Microsoft Corporation

3f90e001369a07243763bd5a523d8722 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

5961cadb7cad938368d2028725ef771d hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

175444d3a01ca45d0e1c5dc5f48df7cd hidparse.sys
Microsoft Corporation

cca4b519b17e23a00b826c55716809cc hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

6d2350bb6e77e800fc4be4e5b7a2e89a HSX_CNXT.sys
Conexant

53229dcf431d76434816cd29251168a0 HSX_DPV.sys
Conexant

31f949d452201f2f0af0c88d7db512cd HSXHWAZL.sys
Conexant

f870aa3e254628ebeafe754108d664de http.sys
Microsoft Corporation

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

22d56c8184586b7a1f6fa60be5f5a2bd i8042prt.sys
Microsoft Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

97469037714070e45194ed318d636401 intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

62c265c38769b864cb25b4bcf62df6c3 ipfltdrv.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

8793643a67b42cec66490b2a0cf92d68 ipnat.sys
Microsoft Corporation

e50a95179211b12946f7e035d60af560 irda.sys
Microsoft Corporation

109c0dfb82c3632fbd11949b73aeeac9 irenum.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

37605e0a8cf00cbba538e753e4344c6e kbdclass.sys
Microsoft Corporation

d2600cb17b7408b4a83f231dc9a11ac3 kbdhid.sys
Microsoft Corporation

86165728af9bf72d6442a894fdfb4f8b ksecdd.sys
Microsoft Corporation

ef73c1e29fbe7b0fd0274bf4394e346a ks.sys
Microsoft Corporation

d1c5883087a0c3f1344d9d55a44901f6 lltdio.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

8f5c7426567798e62a3b3614965d62cc luafv.sys
Microsoft Corporation

0da6c5e0c8da6cebe52daacfe7ae9de6 LV302V32.SYS
Logitech

8113133ec42dd6c566908008ce913edd Lvckap.sys
Logitech

0dd5b8af4917a2821047450195c511b3 LVMVdrv.sys
Logitech

e1158b0cb852db0573922c92e6e564de lvpopflt.sys
Logitech

406b1d186f75b4b4832d6237859e1b00 LVPr2Mon.sys
Logitech

be5e104be263921d6842c555db6a5c23 LVUSBSta.sys
Logitech

eacd1eb2d82ed2adc753afeee1d4d660 lvuvc.sys
Logitech

69a6268d7f81e53d568ab4e7e991caf3 mbam.sys
Malwarebytes Corporation

b271ec02e71271a2da28b3b7bc4e4f15 mcd.sys
Microsoft Corporation

0cea2d0d3fa284b85ed5b68365114f76 mdmxsdk.sys
Conexant

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

e13b5ea0f51ba5b1512ec671393d09ba modem.sys
Microsoft Corporation

0a9bb33b56e294f686abb7c1e4e2d8a8 monitor.sys
Microsoft Corporation

5bf6a1326a335c5298477754a506d263 mouclass.sys
Microsoft Corporation

93b8d4869e12cfbe663915502900876f mouhid.sys
Microsoft Corporation

bdafc88aa6b92f7842416ea6a48e1600 mountmgr.sys
Microsoft Corporation

583a41f26278d9e0ea548163d6139397 mpio.sys
Microsoft Corporation

22241feba9b2defa669c8cb0a8dd7d2e mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

82cea0395524aacfeb58ba1448e8325c mrxdav.sys
Microsoft Corporation

4fccb34d793b116423209c0f8b7a3b03 mrxsmb10.sys
Microsoft Corporation

c3cb1b40ad4a0124d617a1199b0b9d7c mrxsmb20.sys
Microsoft Corporation

1e94971c4b446ab2290deb71d01cf0c2 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

3fc82a2ae4cc149165a94699183d3028 msdsm.sys
Microsoft Corporation

a9927f4a46b816c92f461acb90cf8515 msfs.sys
Microsoft Corporation

0f400e306f385c56317357d6dea56f62 msisadrv.sys
Microsoft Corporation

232fa340531d940aac623b121a595034 msiscsi.sys
Microsoft Corporation

d8c63d34d9c9e56c059e24ec7185cc07 mskssrv.sys
Microsoft Corporation

1d373c90d62ddb641d50e55b9e78d65e mspclock.sys
Microsoft Corporation

b572da05bf4e098d4bba3a4734fb505b mspqm.sys
Microsoft Corporation

b49456d70555de905c311bcda6ec6adb msrpc.sys
Microsoft Corporation

e384487cb84be41d09711c30ca79646c mssmbios.sys
Microsoft Corporation

7199c1eec1e4993caf96b8c0a26bd58a mstee.sys
Microsoft Corporation

6a57b5733d4cb702c8ea4542e836b96c mup.sys
Microsoft Corporation

1357274d1883f68300aeadd15d7bbb42 ndis.sys
Microsoft Corporation

0e186e90404980569fb449ba7519ae61 ndistapi.sys
Microsoft Corporation

d6973aa34c4d5d76c0430b181c3cd389 ndisuio.sys
Microsoft Corporation

818f648618ae34f729fdb47ec68345c3 ndiswan.sys
Microsoft Corporation

71dab552b41936358f3b541ae5997fb3 ndproxy.sys
Microsoft Corporation

bcd093a5a6777cf626434568dc7dba78 netbios.sys
Microsoft Corporation

ecd64230a59cbd93c85f1cd1cab9f3f6 netbt.sys
Microsoft Corporation

063ee4d3cb88a14eab9901875cee98b1 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

d36f239d7cce1931598e8fb90a0dbc26 npfs.sys
Microsoft Corporation

609773e344a97410ce4ebf74a8914fcf nsiproxy.sys
Microsoft Corporation

6a4a98cee84cf9e99564510dda4baa47 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

c5dbbcda07d780bda9b685df333bb41e null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

85c44fdff9cf7e72a40dcb7ec06a4416 nwifi.sys
Microsoft Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

99514faa8df93d34b5589187db3aa0ba pacer.sys
Microsoft Corporation

240c0d4049a833b16b63b636acf01672 PalmUSBD.sys
tHVS_VERSION_INFO?StringFileInfobBCompanyNamePalmSource,Inc.x(FileDescriptionUSBDriverforPalmOSHandheldDevicesvFileVersion,,,@InternalNamePalmUSBDriverh"LegalCopyrightCopyrightPalmSource,Inc.LegalTrademarksHotSyncisaregisteredtrademarkofPalmSource,Inc.BrOriginalFilenamePalmUSBD.sysBProductNameHotSyncManager:vProductVersion,,,DVarFileInfo$Translationtt

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

57389fa59a36d96b3eb09d0cb91e9cdc partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

1961590aa191b6b7dcf18a6a693af7b8 PCASp50.sys
tH`FVS_VERSION_INFO?bStringFileInfoB|.CompanyNamePrintingCommunicationsAssoc.,Inc.(PCAUSA)p$FileDescriptionPCAUSANDIS.SPRProtocolDrivernFileVersion...bInternalNamePCASp.SYSDLegalCopyrightCopyright-PrintingCommunicationsAssoc.,Inc.(PCAUSA)@bOriginalFilenamePCASp.SYSXProductNamePCAUSARawetherforWindowsnProductVersion...DVarFileInfo$Translationt

1636d43f10416aeb483bc6001097b26c pciide.sys
Microsoft Corporation

6429d10c5d149ac9eb2d95052a390cff pciidex.sys
Microsoft Corporation

941dc1d19e7e8620f40bbc206981efdb pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

9f2f541c52cd7a452e235e885f7d95de Ph3xIB32.sys
tH`VS_VERSION_INFOaa?StringFileInfobXCommentsHybridCaptureandTunerDriverXCompanyNamePhilipsSemiconductorsGmbH:tFileDescriptionPhxIBxxvFileVersion,,,tInternalNamePhxIBxxFLegalCopyrightCopyright`LegalTrademarksPhilipsSemiconductorsGmbHBrOriginalFilenamePhxIBxx.sysPrivateBuildZProductNamePhilipsSemiconductorsInbox:vProductVersion,,,$SpecialBuildDVarFileInfo$Translationt*

85b0ad34fd80517ba00439d1879b1baf pnpnptool.sys
tH`dLLVS_VERSION_INFOrr?(aStringFileInfobComments>CompanyNameQuestSoftware>vFileDescriptionPnPdriverbFileVersion...InternalNamen%LegalCopyrightCopyright-QuestSoftware(LegalTrademarks(OriginalFilenamePrivateBuildBProductNameQuestvWorkspace<bProductVersion...SpecialBuildDVarFileInfo$Translationt*

30ff9aa20fc51fbebe66bd942714fa37 pnusbd.sys
tHLLVS_VERSION_INFOrr?(aStringFileInfobComments>CompanyNameQuestSoftware>vFileDescriptionUSBdriverbFileVersion...InternalNamen%LegalCopyrightCopyright-QuestSoftware(LegalTrademarks(OriginalFilenamePrivateBuildBProductNameQuestvWorkspace<bProductVersion...SpecialBuildDVarFileInfo$Translationt*

218286724ec530ff252648369e05b090 portcls.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

feffcfdc528764a04c8ed63d5fa6e711 pxhelp20.sys
Sonic Solutions

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

9f5e0e1926014d17486901c88eca2db7 qwavedrv.sys
Microsoft Corporation

147d7f9c556d259924351feb0de606c3 rasacd.sys
Microsoft Corporation

a214adbaf4cb47dd2728859ef31f26b0 rasl2tp.sys
Microsoft Corporation

509a98dd18af4375e1fc40bc175f1def raspppoe.sys
Microsoft Corporation

ecfffaec0c1ecd8dbc77f39070ea1db1 raspptp.sys
Microsoft Corporation

2005f4a1e05fa09389ac85840f0a9e4d rassstp.sys
Microsoft Corporation

b14c9d5b9add2f84f70570bbbfaa7935 rdbss.sys
Microsoft Corporation

89e59be9a564262a3fb6c4f4f1cd9899 RDPCDD.sys
Microsoft Corporation

943b18305eae3935598a9b4a3d560b4c rdpdr.sys
Microsoft Corporation

9d91fe5286f748862ecffa05f8a0710c RDPENCDD.sys
Microsoft Corporation

30bfbdfb7f95559ede971f9ddb9a00ba rdpwd.sys
Microsoft Corporation

d85e3fa9f5b1f29bb4ed185c450d1470 rimmptsk.sys
Ricoh Company

2c4fb2e9f039287767c384e46ee91030 RimSerial.sys
Research in Motion

db8eb01c58c9fada00c70b1775278ae0 rimsptsk.sys
Ricoh Company

6c1f93c0760c9f79a1869d07233df39d rixdptsk.sys
Ricoh Company

eec7ee5675294b03e88aa868540007c1 rmcast.sys
Microsoft Corporation

d9225d107e40d0fa5c5069446759c8e9 RNDISMP.sys
Microsoft Corporation

75e8a6bfa7374aba833ae92bf41ae4e6 rootmdm.sys
Microsoft Corporation

9c508f4074a39e8b4b31d27198146fad rspndr.sys
Microsoft Corporation

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

6f5ca34ae885645acf8a20d564db976c scsiport.sys
Microsoft Corporation

8f36b54688c31eed4580129040c6a3d3 sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

8af3d28a879bf75db53a0ee7a4289624 sermouse.sys
Microsoft Corporation

3efa810bdca87f6ecc24f9832243fe86 sffdisk.sys
Microsoft Corporation

8fd08a310645fe872eeec6e08c6bf3ee sffp_mmc.sys
Microsoft Corporation

9f66a46c55d6f1ccabc79bb7afccc545 sffp_sd.sys
Microsoft Corporation

c33bfbd6e9e41fcd9ffef9729e9faed6 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

7b75299a4d201d6a6533603d6914ab04 smb.sys
Microsoft Corporation

a7d7ea1771d2ed6f39a8063e79b6c3e8 smclib.sys
Microsoft Corporation

7aebdeef071fe28b0eef2cdd69102bff spldr.sys
Microsoft Corporation

a7f8bad9590addc425b4003e94780dfa spsys.sys
Microsoft Corporation

ff33aff99564b1aa534f58868cbe41ef srv2.sys
Microsoft Corporation

7605c0e1d01a08f3ecd743f38b834a44 srvnet.sys
Microsoft Corporation

41987f9fc0e61adf54f581e15029ad91 srv.sys
Microsoft Corporation

47e55afe1ed1d5aff09690db226f4a7a Storport.sys
Microsoft Corporation

70a92e46a2f459cdede3ca558cb26b6a stream.sys
Microsoft Corporation

9cea131b5eb0ea653f6b3ea80b54956d stwrt.sys
SigmaTel

7ba58ecf0c0a9a69d44b3dca62becf56 swenum.sys
Microsoft Corporation

57bbaef27dc790160245b43eb6dcd576 swmsflt.sys

7ae593fe3d78195987505da0a7e91542 swnc8u80.sys
Sierra Wireless

3076a3bb7c340bbf851075dd2ebad03f swumx80.sys
Sierra Wireless

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

1f5192248a364d4ab68db063d18a2139 SynTP.sys
Synaptics

1239fd18895040d97b7cdbc19bc2075e tape.sys
Microsoft Corporation

608c345a255d82a6289c2d468eb41fd7 tcpipreg.sys
Microsoft Corporation

2756186e287139310997090797e0182b tcpip.sys
Microsoft Corporation

77937eff009ac696b90e09f671f9d0a4 tdi.sys
Microsoft Corporation

5dcf5e267be67a1ae926f2df77fbcc56 tdpipe.sys
Microsoft Corporation

389c63e32b3cefed425b61ed92d3f021 tdtcp.sys
Microsoft Corporation

76b06eb8a01fc8624d699e7045303e54 tdx.sys
Microsoft Corporation

3cad38910468eab9a6479e2f01db43c7 termdd.sys
Microsoft Corporation

dcf0f056a2e4f52287264f5ab29cf206 tssecsrv.sys
Microsoft Corporation

caecc0120ac49e3d2f758b9169872d38 TUNMP.SYS
Microsoft Corporation

300db877ac094feab0be7688c3454a9c tunnel.sys
Microsoft Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

d9728af68c4c7693cb100b8441cbdec6 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

32cff9f809ae9aed85464492bf3e32d2 umbus.sys
Microsoft Corporation

88bd96a1baeed33ee8bdf9499c07a841 umpass.sys
Microsoft Corporation

830d5d8456b822c1247c1e59b4c464fa usb8023.sys
Microsoft Corporation

5c2bdc152bbab34f36473deaf7713f22 usbaapl.sys
Apple

32db9517628ff0d070682aab61e688f0 USBAUDIO.sys
Microsoft Corporation

eae017d3aa298374a1967b96c379c5ab USBCAMD2.sys
Microsoft Corporation

d06f193f3e9cc3b356df97f6a43c054a USBCAMD.sys
Microsoft Corporation

caf811ae4c147ffcd5b51750c7f09142 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

790fdac6d0c762df9047c3c625a6ff6c usbd.sys
Microsoft Corporation

79e96c23a97ce7b8f14d310da2db0c9b usbehci.sys
Microsoft Corporation

4673bbcb006af60e7abddbe7a130ba42 usbhub.sys
Microsoft Corporation

ce697fee0d479290d89bec80dfe793b7 usbohci.sys
Microsoft Corporation

a1c100a87d981ad0774fbc0b4b82e913 usbport.sys
Microsoft Corporation

e75c4b5269091d15a2e7dc0b6d35f2f5 usbprint.sys
Microsoft Corporation

a508c9bd8724980512136b039bba65e9 usbscan.sys
Microsoft Corporation

be3da31c191bc222d9ad503c5224f2ad USBSTOR.SYS
Microsoft Corporation

325dbbacb8a36af9988ccf40eac228cc usbuhci.sys
Microsoft Corporation

7d92be0028ecdedec74617009084b5ef vgapnp.sys
Microsoft Corporation

2e93ac0a1d8c79d019db6c51f036636c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

c048d2c33d27441a0cdcaae2651eb03d videoprt.sys
Microsoft Corporation

69503668ac66c77c6cd7af86fbdf8c43 volmgr.sys
Microsoft Corporation

23e41b834759917bfd6b9a0d625d0c28 volmgrx.sys
Microsoft Corporation

147281c01fcb1df9252de2a10d5e7093 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

55201897378cca7af8b5efd874374a26 wanarp.sys
Microsoft Corporation

4a5c31e2c1646034e6a60eba4c747ff6 watchdog.sys
Microsoft Corporation

b6f0a7ad6d4bd325fbcd8bac96cd8d96 Wdf01000.sys
Microsoft Corporation

b4fc6dd9167b058e6dbe6cb14acfa2cb WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

2e7255d172df0b8283cdfb7b433b864e wmiacpi.sys
Microsoft Corporation

c546864eed786304762d030febf6b411 wmilib.sys
Microsoft Corporation

de9d36f91a4df3d911626643debf11ea WpdUsb.sys
Microsoft Corporation

e3a3cb253c0ec2494d4a61f5e43a389c ws2ifsl.sys
Microsoft Corporation

4422ac5ed8d4c2f0db63e71d4c069dd7 WSDPrint.sys
Microsoft Corporation

13b5f255e90624a5ba0441d39cfb6be2 WUDFPf.sys
Microsoft Corporation

ac13cb789d93412106b0fb6c7eb2bcb6 WUDFRd.sys
Microsoft Corporation

5a7ff9a18ff6d7e0527fe3abf9204ef8 XAudio.sys
Conexant

Driver report for /mnt/sda2/Windows/System32/drivers

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

192bdbd1540645c4a2aa69f24cce197f acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

5d24caf8efd924a875698ff28384db8b afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

0ca0071da4315b00fc1328ca86b425da amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

e86cf7ce67d5de898f27ef884dc357d8 asyncmac.sys
Microsoft Corporation

4f4fcb8b6ea06784fb6d475b7ec7300f atapi.sys
Microsoft Corporation

bf1dc83332edfdcfacb1be080e119655 ataport.sys
Microsoft Corporation

87d8e49d1615d419efceddefe02161cc battc.sys
Microsoft Corporation

08015d34f6fdd0b355805bad978497c3 bcm4sbxp.sys
Broadcom Corporation

cf6a67c90951e3e763d2135dede44b85 BCMWL6.SYS
Broadcom Corporation

913cd06fbe9105ce6077e90fd4418561 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

6c3a437fc873c6f6a4fc620b6888cb86 cdfs.sys
Microsoft Corporation

8d1866e61af096ae8b582454f5e4d303 cdrom.sys
Microsoft Corporation

d1d2b10698d97df0fc95bc8c108f09c1 Classpnp.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

82b8c91d327cfecf76cb58716f7d4997 compbatt.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

a7179de59ae269ab70345527894ccd7c dfsc.sys
Microsoft Corporation

841af4c4d41d3e3b2f244e976b0f7963 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

c4a6c98628b8f697c743b2e0b55ca8e7 dumpfve.sys
Microsoft Corporation

a253aa14ca560a4b8ba6e9d1f78ef10e dxapi.sys
Microsoft Corporation

61d4d58d09357f0598a04d1192a4b76c dxg.sys
Microsoft Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

84a317cb0b3954d3768cdcd018dbf670 fastfat.sys
Microsoft Corporation

190643bef74c8b30c8276d5979f5d62b fbwf.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

a6a8da7ae4d53394ab22ac3ab6d3f5d3 fltMgr.sys
Microsoft Corporation

1ed8599e1e08ba40f2b7301f0b83583a fs_rec.sys
Microsoft Corporation

06a1cf72fbe3b50035fbff428c8d84b4 fvevol.sys
Microsoft Corporation

e216cf8c8605e546981098484b78d08b FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

5fd053f305b77ebe97f284b20d89dc1c hdaudbus.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

081655939fa6c09eec56da090f461ecc hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

451a4d76448cee21407fb0a9a362c057 hidparse.sys
Microsoft Corporation

3c64042b95e583b366ba4e5d2450235e hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

1060f1377f395a242e27719440ece602 i8042prt.sys
Microsoft Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

97469037714070e45194ed318d636401 intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

1a48765f92ba1a88445fc25c9c9d94fc kbdclass.sys
Microsoft Corporation

d2600cb17b7408b4a83f231dc9a11ac3 kbdhid.sys
Microsoft Corporation

11d0bc1f2afd8abbb5a3dc47a042de54 ksecdd.sys
Microsoft Corporation

48314cdd79ce94b8f36bd6243323a310 ks.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

0447888a6feb655068bd1696d1c16a5b mcd.sys
Microsoft Corporation

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

3c9469dfb3440555dab070716d768b1e mouclass.sys
Microsoft Corporation

a3a6dff7e9e757db3df51a833bc28885 mouhid.sys
Microsoft Corporation

01f1e5a3e4877c931cbb31613fec16a6 mountmgr.sys
Microsoft Corporation

8d326e8b321685d4784afa1c55169d73 mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

58a9ab5754fa4cabede7401283b5a771 mrxsmb10.sys
Microsoft Corporation

79b09504e4a790104683722cd04f76b4 mrxsmb20.sys
Microsoft Corporation

fca7563d87f71c6db0182ca67cc19aa7 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

729eafefd4e7417165f353a18dbe947d msfs.sys
Microsoft Corporation

5f454a16a5146cd91a176d70f0cfa3ec msisadrv.sys
Microsoft Corporation

4dca456d4d5723f8fa9c6760d240b0df msiscsi.sys
Microsoft Corporation

892cedefa7e0ffe7be8da651b651d047 mskssrv.sys
Microsoft Corporation

ae2cb1da69b2676b4cee2a501af5871c mspclock.sys
Microsoft Corporation

f910da84fa90c44a3addb7cd874463fd mspqm.sys
Microsoft Corporation

84571c0ae07647ba38d493f5f0015df7 msrpc.sys
Microsoft Corporation

4385c80ede885e25492d408cad91bd6f mssmbios.sys
Microsoft Corporation

c826dd1373f38afd9ca46ec3c436a14e mstee.sys
Microsoft Corporation

fa7aa70050cf5e2d15de00941e5665e5 mup.sys
Microsoft Corporation

227c11e1e7cf6ef8afb2a238d209760c ndis.sys
Microsoft Corporation

7584f1794b23b83d63cc124a8c56d103 ndistapi.sys
Microsoft Corporation

397402adcbb8946223a1950101f6cd94 ndiswan.sys
Microsoft Corporation

874c12e3ad1431cabc854697d302c563 ndproxy.sys
Microsoft Corporation

356dbb9f98e8dc1028dd3092fceeb877 netbios.sys
Microsoft Corporation

e3a168912e7eefc3bd3b814720d68b41 netbt.sys
Microsoft Corporation

f4d83b4bf1613ca1dd3887089b648247 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

4f9832beb9fafd8ceb0e541f1323b26e npfs.sys
Microsoft Corporation

b488dfec274de1fc9d653870ef2587be nsiproxy.sys
Microsoft Corporation

3f379380a4a2637f559444e338cf1b51 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

ec5efb3c60f1b624648344a328bce596 null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

555a5b2c8022983bc7467bc925b222ee partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

3b1901e401473e03eb8c874271e50c26 pciide.sys
Microsoft Corporation

12149268080ddfe98fd1fb4a83c857d7 pciidex.sys
Microsoft Corporation

1085d75657807e0e8b32f9e19a1647c3 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

50e80f018d1617211d64be8bca7399be ramdisk.sys
Microsoft Corporation

bd7b30f55b3649506dd8b3d38f571d2a rasacd.sys
Microsoft Corporation

88587dd843e2059848995b407b67f6cf rasl2tp.sys
Microsoft Corporation

ccf4e9c6cbbac81437f88cb2ae0b6c96 raspppoe.sys
Microsoft Corporation

6c359ac71d7b550a0d41f9db4563ce05 raspptp.sys
Microsoft Corporation

54129c5d9581bbec8bd1ebd3ba813f47 rdbss.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

880b90551bf438fe970b24ee228907d5 sacdrv.sys
Microsoft Corporation

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

f5dbd29fbdb39bf49af7bb81a4d9561d scsiport.sys
Microsoft Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

fd06895f55c0bec3cbd84bda14e1c6b7 sermouse.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

ac0d90738adb51a6fd12ff00874a2162 smb.sys
Microsoft Corporation

4e7bb783f21efba4b563f1b8f79e5c98 smclib.sys
Microsoft Corporation

ed386e31d263448b2ed36d4839f2ca04 Storport.sys
Microsoft Corporation

c13b3688451d86e8557ba9486ddbb2d1 stream.sys
Microsoft Corporation

1379bdb336f8158c176a465e30759f57 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

c92e9f3e4154415ceebeb80250e32d19 tape.sys
Microsoft Corporation

d944522b048a5feb7700b5170d3d9423 tcpip.sys
Microsoft Corporation

bbe07d2766fb165bdf1f49107dabce85 tdi.sys
Microsoft Corporation

ab4fde8af4a0270a46a001c08cbce1c2 tdx.sys
Microsoft Corporation

2c549bd9dd091fbfaa0a2a48e82ec2fb termdd.sys
Microsoft Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

6348da98707ceda8a0dfb05820e17732 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

3fb78f1d1dd86d87bececd9dffa24dd9 umbus.sys
Microsoft Corporation

d2f0639163b12f791f81b52dc1155863 USBCAMD2.sys
Microsoft Corporation

391e74f5c8c5b3c41c360b71798e2801 USBCAMD.sys
Microsoft Corporation

8bd3ae150d97ba4e633c6c5c51b41ae1 usbccgp.sys
Microsoft Corporation

e5350a6599d84f73da3dc87183c40bd7 usbd.sys
Microsoft Corporation

63fe924d8a1113c3ba6750693fbec7d3 usbehci.sys
Microsoft Corporation

5edec5510592c905e91817707dce62a2 usbhub.sys
Microsoft Corporation

38dbc7dd6cc5a72011f187425384388b usbohci.sys
Microsoft Corporation

7f510748487d3d67c70fe5fb061fe55a usbport.sys
Microsoft Corporation

b51e52acf758be00ef3a58ea452fe360 usbprint.sys
Microsoft Corporation

325dbbacb8a36af9988ccf40eac228cc usbuhci.sys
Microsoft Corporation

17a8f877314e4067f8c8172cc6d9101c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

d1fa901e4878b7011fe8a8c2890e90c7 videoprt.sys
Microsoft Corporation

103e84c95832d0ed93507997cc7b54e8 volmgr.sys
Microsoft Corporation

294da8d3f965f6a8db934a83c7b461ff volmgrx.sys
Microsoft Corporation

11ef6c1caef76b685233450a126125d6 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

6e1a5be9a0605f3d932ff35fba2b22b3 wanarp.sys
Microsoft Corporation

3a1f38a6fb749fc7a57a2826f6f8fb01 watchdog.sys
Microsoft Corporation

5dfdbd5ef13e4d95be6fc108e2ed4a67 Wdf01000.sys
Microsoft Corporation

2ad694d25fdfda2abaa19fd297a59b47 WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

536040650698a73629b7ba5d3586c714 wimfsf.sys
Microsoft Corporation

701a9f884a294327e9141d73746ee279 wmiacpi.sys
Microsoft Corporation

20b05e362bb678cf51d610673c9a12e7 wmilib.sys
Microsoft Corporation

84620aecdcfd2a7a14e6263927d8c0ed ws2ifsl.sys
Microsoft Corporation

#13 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 31 October 2011 - 09:38 PM

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB.
  • Boot the ailing computer with to xPUD
  • A Welcome to xPUD screen will appear
  • Click the File
  • Expand mnt icon on the left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • The TestDisk command window will open
  • Choose Create and press Enter
  • TestDisk will now detect all local hard drives
  • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
  • If your not sure then note everything you see and post it for my review
  • Select [Intel] and press Enter
  • Use the arrows and select [MBR Code] and press Enter.
  • You will be presented with a question,"Write a new copy of MBR to first sector? (Y/N)". Type Y and press Enter.
  • Remove the flash drive and put it back in the working computer, then post the contents of (or attach) the testdisk.log file on the flash drive.


Attempt to boot normally. Let me know the outcome.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   iexplore_hell 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 26-October 11

Posted 31 October 2011 - 10:06 PM

Here is the testdisk.txt file:
Mon Oct 31 22:55:26 2011
Command line: TestDisk

When I reboot my sick computer, I see the Windows Boot Manager screen. It says,
"Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
1. Insert your Windos installation disc and restart your computer
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer"

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
File: \Windows\system32\winload.exe
Status: 0xc000000e
Info: The selected entry could not be loaded because the application is missing or corrupt

#15 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,522
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 01 November 2011 - 01:57 AM

Hello



I want you to start the computer and during the bootup I want you to press f10 and copy down what is writen and give me this info


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users