Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detected Generic3_c.AERQ threat in ms.dll & explorer.exe


  • This topic is locked This topic is locked
26 replies to this topic

#1 FloridaMark

FloridaMark

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 21 January 2011 - 08:44 AM

Hi-

A friend'c computer took some kind of a virus hit and I am trying to fix it for him. the box is running Windows XP Home edition. The system boots to wallpaper but no further.

MBAM reports: Windows 5.1.2600 Service Pack 2

Basically AVG continuously detects...

File Name: c:\WINDOWS\system 32\ms.dll

Threat name: Trojan horse Generic3_c.AERQ threat in ms.dll
Detected on open

When the "Move to Vault" option is detected the message pops up again in about 30 seconds.

Also, it appears that explorer.exe is also being corrupted because the wall paper shows up but you can't do anything unless you do it through Task Manager. I replaced explorer.exe from another box running Win XP Home and everything starts working again till the next boot but of course AVG is continuosly reporting the AERQ threat in ms.dll.

I installed a new copy of MBAM and it reported that explorer.exe was infected along with 3 registry keys.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

ms.dll & explorer.exe are continuously infected. Everytime AVG removes ms.dll something puts it right back.

I booted in safe mode and ran AVG it detected something like 7 threats and said that it removed them.

Any help or guidance is really appreciated!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 21 January 2011 - 02:25 PM

Appears to behave like a root kit.

Please run an Online scan and GMER.
ESET
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


GMERPlease download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 23 January 2011 - 01:34 AM

Hi-

I was able to run the ESET scan without much trouble and saved the report as you requested. Unfortunately, everytime I run GMER the system seems to lock up. The first time it ran most of the way through the system, I think it took about 5 or 6 hours but then it locked up at the end and I was not able to get the report. Now GMER locks up about 30 seconds into the scan. I checked in Program Files and didn't see anything that looked to be related to GMER. I did grab a log before clicking the scan button and it is posted below.

Here is the ESET report...

C:\Documents and Settings\CINDY\Application Data\Sun\Java\Deployment\cache\6.0\49\5e8fad71-1c3f8097 multiple threats deleted - quarantined
C:\Documents and Settings\CINDY\Application Data\Sun\Java\Deployment\cache\6.0\51\5def9a73-3d13b6c2 multiple threats deleted - quarantined
C:\Documents and Settings\CINDY\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
C:\WINDOWS\OLD17.tmp Win32/Patched.GO trojan deleted - quarantined
C:\WINDOWS\OLD19.tmp Win32/Patched.GO trojan deleted - quarantined

Here is the GMER log before clicking the scan button...

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-22 17:55:12
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b SAMSUNG_SP1604N rev.TM100-24
Running: GMER-MSB-wgriwcq3.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxldypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Sorry I don't seem to be able to get more.

Mark

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 23 January 2011 - 03:13 PM

Good job Mark, we need to run a few more scans and tell me how it is after these.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 01 February 2011 - 11:29 PM

Uggg...

I installed ATF and Super, updated and modified the settings on Super as you directed and now I am in a permanent boot loop. I have repeatedly tried booting into both Safe mode and Normal and I tried Last Known Good Configuration. No joy.

I get the Windows XP boot screen with a progress bar that lasts longer than it should, then it goes dark. I don't ever see a prompt for bios settings but I don't think BIOS is a problem because I haven't installed any new hardware or changed anything in BIOS... damaged boot sector or something..?

:(

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 01 February 2011 - 11:40 PM

OK we have asome people that specialize in fixing a PC when malware kills it. I will ask them to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:54 PM

Posted 01 February 2011 - 11:53 PM

Hi, :welcome:

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow to determine the reason for the restart loop.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Lastly type bash query.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named RegReport.txt
  • Plug that USB back into the clean computer and post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. If too large, attach the files to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 02 February 2011 - 12:06 AM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

You have excellent assistance now. Thanks JSntgRvr
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 04 February 2011 - 12:22 AM

Hi-

Amazing tools! I had never seen xPUD. Pretty cool stuff... :thumbup2:

Here are the reports you requested...

reports.txt

Thu Feb 3 23:44:32 UTC 2011
Driver report for /mnt/sda2/hp/bin/firewallnorton/SUPPORT/SYMNET/SYMNET/SYSTEM32/DRIVERS

288c76a17ced851878200fe0ea9de229 SYMDNS.SYS
Symantec Corporation

d4ba74cb17ecd655d3860262a63e78b7 SYMFW.SYS
Symantec Corporation

c580ffdbcc7a2fd6eccb0915212ce37d SYMIDSCO.SYS
Symantec Corporation

340fb58bba59bc4a84e14be0247c369f SYMIDS.SYS
Symantec Corporation

f8f882ed28efbe9a1bf0abc63ab5fdd6 SYMNDIS.SYS
Symantec Corporation

cf61625af7f5aca7a2bfe7d6059912ec SYMREDRV.SYS
Symantec Corporation

9e02eaeee78a5c9812f17ea80f3653d9 SYMTDI.SYS
Symantec Corporation

Driver report for /mnt/sda2/WINDOWS/system32/drivers

009927db8019c54477dabf6f9d795053 1394bus.sys
Microsoft Corporation

86d7b1e70661d754685b9ac6d749aae5 61883.sys
Microsoft Corporation

9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation

a10c7534f7223f4a73a948967d00e69b acpi.sys
Microsoft Corporation

1ee7b434ba961ef845de136224c30fec aec.sys
Microsoft Corporation

55e6e1c51b6d30e54335750955453702 afd.sys
Microsoft Corporation

0ebb674888cbdefd5773341c16dd6a07 AFS2K.SYS
tH`VS_VERSION_INFO?a|StringFileInfoXbVBuildDateThuOct::PSTCommentsHCompanyNameOakTechnologyInc.LFileDescriptionAudioFileSystembFileVersion...nInternalNameAFSk.sysh"LegalCopyrightCopyright©OakTechnologyInc.(LegalTrademarks<nOriginalFilenameAFSk.sys>PrivateBuild...()(ProductNameAFSBProductVersion...()XSpecialBuildWindows/XPfreebuild.DVarFileInfo$Translationtd

2c428fa0c3e3a01ed93c9b2a27d8d4bb agp440.sys
Microsoft Corporation

67288b07d6aba6c1267b626e67bc56fd agpcpq.sys
Microsoft Corporation

029e01cb2938bec5af31bf47b6af0159 AGRSM.sys
Agere Systems

fbbcb95f677cbaa924140b6ea2d9a97b ALCXSENS.SYS
Sensaura

8d6c30e515717248e0e52b85fd7ac466 ALCXWDM.SYS
Realtek Semiconductor

f312b7cef21eff52fa23056b9d815fad alim1541.sys
Microsoft Corporation

675c16a3c1f8482f85ee4a97fc0dde3d amdagp.sys
Advanced Micro Devices

dad16a9d5c873e7219e6b43802ed316a amdk6.sys
Microsoft Corporation

680ad1c1bb16239e28d8f33a54a7a3c7 amdk7.sys
Microsoft Corporation

f0d692b0bffb46e30eb3cea168bbc49f arp1394.sys
Microsoft Corporation

02000abf34af4c218c35d257024807d6 asyncmac.sys
Microsoft Corporation

cdfe4411a69c224bd1d11b2da92dac51 atapi.sys
Microsoft Corporation

d649c57da6fa762c64013747e5d7d2d6 ati1btxx.sys
ATI Technologies

60b6aa2dc1521da343f781b70eb7895a ati1mdxx.sys
ATI Technologies

6fdc61e8e8e17f6ecc2d9a10fa8df347 ati1pdxx.sys
ATI Technologies

9d318099bf3876a4af4bc75966d27603 ati1raxx.sys
ATI Technologies

bcaf267b10620f8c93f6e87ab726e145 ati1rvxx.sys
ATI Technologies

dac7d785cf62f5bd41441e9d6f5a6efe ati1snxx.sys
ATI Technologies

f7706dae7d101f1b19ce552d772ebfce ati1ttxx.sys
ATI Technologies

6f714b4720dd80ffa9f8d2731594ea4c ati1tuxx.sys
ATI Technologies

67ffbc158dd4d27ba3fc92c6acd87f73 ati1xbxx.sys
ATI Technologies

0d8cab1f08f7d3c4de228b49e12e596a ati1xsxx.sys
ATI Technologies

2d030c2f6b036ca0bc243e1b16d924d1 ati2mtaa.sys
ATI Technologies

8759322ffc1a50569c1e5528ee8026b7 ati2mtag.sys
ATI Technologies

993e7bd6438fe989e328c6b4bca246a9 atinbtxx.sys
ATI Technologies

ed4c2bf8403f4437987c0ba09cf48716 atinmdxx.sys
ATI Technologies

e90ac2b14e98f1a4372e5891b4278784 atinpdxx.sys
ATI Technologies

da36687d701c833430605a298731410b atinraxx.sys
ATI Technologies

a7a01b907db63898d40b0a14248ff9a2 atinrvxx.sys
ATI Technologies

ceddee2e0591894d19654d458fd3b9be atinsnxx.sys
ATI Technologies

d80a8f6c0a717446496c3a06d33b0d9c atinttxx.sys
ATI Technologies

edd66332608d27f4fd5069bcd0bc5164 atintuxx.sys
ATI Technologies

3e7d485cbd0b0d9f6ea2ad9442411831 atinxbxx.sys
ATI Technologies

77b575d7aab35d5908ae6ce681608d62 atinxsxx.sys
ATI Technologies

ec88da854ab7d7752ec8be11a741bb7f atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation

0128e78fe835f074e469f03db681ca9e atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

87c223adb8f7596b31caae3c67b16ddd avc.sys
Microsoft Corporation

b8c187439d27aba430dd69fdcf1fa657 avgldx86.sys
AVG Technologies

53b3f979930a786a614d29cafe99f645 avgmfx86.sys
AVG Technologies

22e3b793c3e61720f03d3a22351af410 avgtdix.sys
AVG Technologies

124e75b7c483e5d646f99ef5acfd61b8 Awrtpd.sys
Lavasoft

973e80feb99243d150fa3ca490698eb0 Awrtrd.sys
Lavasoft

e82c5ae309ab903d1019a240e5e469a9 bdasup.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

e4e6a0922e3d983728c9ad4e8d466954 bridge.sys
Microsoft Corporation

d24b8d1784c68a25060fffbe8ed34b76 bthenum.sys
Microsoft Corporation

9df0adf74ce1d6371ed60cf92eb1d9a6 bthmodem.sys
Microsoft Corporation

10355270be12641b9764235da39dcf0f bthpan.sys
Microsoft Corporation

95ef6f3f386d93ee1e4d9ca45a50252a bthport.sys
Microsoft Corporation

275bef3567b48225b0836e138325430c bthprint.sys
Microsoft Corporation

f06d4cb9918b462a84d9ac00027efc30 bthusb.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

6163ed60b684bab19d3352ab22fc48b2 ccdecode.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

cd7d5152df32b47f4e36f710b35aae02 cdfs.sys
Microsoft Corporation

af9c19b3100fe010496b1a27181fbf72 cdrom.sys
Microsoft Corporation

b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies

d86173b401470f06d9810f7962969ddf classpnp.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp

6af1684ccaac3f7ef4ee9ba65eb0677a crusoe.sys
Microsoft Corporation

d16c81677a9be399c63cd2ea486472a5 diskdump.sys
Microsoft Corporation

00ca44e4534865f8a3b64f7c0984bff0 disk.sys
Microsoft Corporation

c0fbb516e06e243f0cf31f597e7ebf7d dmboot.sys
Microsoft Corp

f5e7b358a732d09f4bcf2824b88b9e28 dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

a6f881284ac1150e37d9ae47ff601267 dmusic.sys
Microsoft Corporation

77ce63a8a34ae23d9fe4c7896d1debe7 Dot4Prt.sys
Microsoft Corporation

ad7fc1963b152b3728e3c4f83554a576 Dot4.sys
Microsoft Corporation

1ed4dbbae9f5d558dbba4cc450e3eb2e drmkaud.sys
Microsoft Corporation

ff86422268de771d571e123eb7092c6a drmk.sys
Microsoft Corporation

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

d3dac8432110aad0b02a58b4459ab835 dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

8c3f3914f1c1e3e3ffe77190a4c9d735 enethusb.sys
tH`<$$VS_VERSION_INFO<<?bStringFileInfo`BRCompanyNameEfficientNetworks,Inc.j!FileDescriptionSpeedStreamEthernetUSBAdaptertFileVersion...:rInternalNameENethusb.SYS/LegalCopyrightCopyrightEfficientNetworks,Inc.-BrOriginalFilenameENethusb.SYSb!ProductNameSpeedstreamEthernetUSBAdaptertProductVersion...HCreationTime//::.tENI-COMMON...<nSpeedStreamPKG...DVarFileInfo$Translationt*

80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation

3117f595e9615e04f05a54fc15a03b20 fastfat.sys
Microsoft Corporation

1e580770bdece924494b368ac980749e Fasttx2k.sys
Promise Technology

ced2e8396a8838e59d8fd529c680e02c fdc.sys
Microsoft Corporation

17ed59da290d5a25063265b3da08488e fetnd5b.sys
VIA Technologies

cfc4cc73c903152a23e1db28eaba1f03 fetnd5bv.sys
VIA Technologies

e153ab8a11de5452bcf5ac7652dbf3ed fips.sys
Microsoft Corporation

0dd1de43115b93f4d85e889d7a86f548 flpydisk.sys
Microsoft Corporation

3d234fb6d6ee875eb009864a299bea29 fltmgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation

4216cd545e5c30807b560c5dcaa812e6 gagp30kx.sys
Microsoft Corporation

4ac51459805264affd5f6fdfb9d9235f GEARAspiWDM.sys
GEAR Software

cda7c5208286249ba83aca396ce84cf7 hidbth.sys
Microsoft Corporation

378055ab8dda86228683c697c4e11685 hidclass.sys
Microsoft Corporation

442915553e99782fa5713b04c3eeb94a hidir.sys
Microsoft Corporation

5fff41cd5108e9051d255c37825af697 hidparse.sys
Microsoft Corporation

1de6783b918f540149aa69943bdfeba8 hidusb.sys
Microsoft Corporation

d03d10f7ded688fecf50f8fbf1ea9b8a HPZid412.sys
HP

89f41658929393487b6b7d13c8528ce3 HPZipr12.sys
HP

abcb05ccdbf03000354b9553820e39f8 HPZius12.sys
HP

970178e8e003eb1481293830069624b9 hsfbs2s2.sys
Conexant

1225ebea76aac3c84df6c54fe5e5d8be hsfcxts2.sys
Conexant

ebb354438a4c5a3327fb97306260714a hsfdpsp2.sys
Conexant

9f8b0f4276f618964fd118be4289b7cd http.sys
Microsoft Corporation

5502b58eef7486ee6f93f3f164dcb808 i8042prt.sys
Microsoft Corporation

da58a8be6a445835f603720c4bc8837e ialmnt5.sys
Intel Corporation

f8aa320c6a0409c0380e5d8a99d76ec6 imapi.sys
Microsoft Corporation

2d722b2b54ab55b2fa475eb58d7b2aad intelide.sys
Microsoft Corporation

279fb78702454dff2bb445f238c048d2 intelppm.sys
Microsoft Corporation

4448006b6bc60e6c027932cfc38d6855 ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

e1ec7f5da720b640cd8fb8424f1b14bb ipinip.sys
Microsoft Corporation

e2168cbc7098ffe963c6f23f472a3593 ipnat.sys
Microsoft Corporation

64537aa5c003a6afeee1df819062d0d1 ipsec.sys
Microsoft Corporation

50708daa1b1cbb7d6ac1cf8f56a24410 irenum.sys
Microsoft Corporation

e504f706ccb699c2596e9a3da1596e87 isapnp.sys
Microsoft Corporation

f59c3569a2f2c464bb78cb1bdcdca55e iviaspi.sys
InterVideo

ebdee8a2ee5393890a1acee971c4c246 kbdclass.sys
Microsoft Corporation

e182fa8e49e8ee41b4adc53093f3c7e6 kbdhid.sys
Microsoft Corporation

ba5deda4d934e6288c2f66caf58d2562 kmixer.sys
Microsoft Corporation

674d3e5a593475915dc6643317192403 ksecdd.sys
Microsoft Corporation

b9540e258f952650de8dec68719a5c97 ks.sys
Microsoft Corporation

d68e165c3123aba3b1282eddb4213bd8 mbamswissarmy.sys
Malwarebytes Corporation

836e0e09ca9869be7eb39ef2cf3602c7 mbam.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

195741aee20369980796b557358cd774 mdmxsdk.sys
Conexant

729d83e56c29c510258a6e9e79ffddc3 mf.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

6fc6f9d7acc36dca9b914565a3aeda05 modem.sys
Microsoft Corporation

34e1f0031153e491910e12551400192c mouclass.sys
Microsoft Corporation

b1c303e17fb9d46e87a98e4ba6769685 mouhid.sys
Microsoft Corporation

65653f3b4477f3c63e68a9659f85ee2e mountmgr.sys
Microsoft Corporation

55a9a7e6bb297bf0f5b144029dcb79cc mpe.sys
Microsoft Corporation

29414447eb5bde2f8397dc965dbb3156 mrxdav.sys
Microsoft Corporation

fb6c89bb3ce282b08bdb1e3c179e1c39 mrxsmb.sys
Microsoft Corporation

6dd721dfd2648f3f6d5808b5ba6cb095 msdv.sys
Microsoft Corporation

561b3a4333ca2dbdba28b5b956822519 msfs.sys
Microsoft Corporation

c0f1d4a21de5a415df8170616703debf msgpc.sys
Microsoft Corporation

ae431a8dd3c1d0d0610cdbac16057ad0 mskssrv.sys
Microsoft Corporation

13e75fef9dfeb08eeded9d0246e1f448 mspclock.sys
Microsoft Corporation

1988a33ff19242576c3d0ef9ce785da7 mspqm.sys
Microsoft Corporation

469541f8bfd2b32659d5d463a6714bce mssmbios.sys
Microsoft Corporation

bf13612142995096ab084f2db7f40f77 mstee.sys
Microsoft Corporation

c53775780148884ac87c455489a0c070 mtlmnt5.sys
Smart Link

54886a652bf5685192141df304e923fd mtlstrm.sys
Smart Link

6dda78a0be692b61b668fab860f276cf mtxparhm.sys
Matrox Graphics

82035e0f41c2dd05ae41d27fe6cf7de1 mup.sys
Microsoft Corporation

94af9d9d9e9a562b43d573a82fb5ab60 mutohpen.sys
Microsoft Corporation

5c8dc6429c43dc6177c1fa5b76290d1a nabtsfec.sys
Microsoft Corporation

520ce427a8b298f54112857bcf6bde15 ndisip.sys
Microsoft Corporation

558635d3af1c7546d26067d5d9b6959e ndis.sys
Microsoft Corporation

08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys
Microsoft Corporation

34d6cd56409da9a7ed573e1c90a308bf ndisuio.sys
Microsoft Corporation

0b90e255a9490166ab368cd55a529893 ndiswan.sys
Microsoft Corporation

59fc3fb44d2669bc144fd87826bb571f ndproxy.sys
Microsoft Corporation

3a2aca8fc1d7786902ca434998d7ceb4 netbios.sys
Microsoft Corporation

0c80e410cd2f47134407ee7dd19cc86b netbt.sys
Microsoft Corporation

5c5c53db4fef16cf87b9911c7e8c6fbc nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

60cf8c7192b3614f240838ddbaa4a245 nmnt.sys
Microsoft Corporation

4f601bcb8f64ea3ac0994f98fed03f8e npfs.sys
Microsoft Corporation

ac3e7db45f04ebd40f4c1e0a0d774269 NSDriver.sys
Lavasoft

19a811ef5f1ed5c926a028ce107ff1af ntfs.sys
Microsoft Corporation

576b34ceae5b7e5d9fd2775e93b3db53 ntmtlfax.sys
Smart Link

73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation

2b298519edbfcf451d43e0f1e8f1006d nv4_mini.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

79ea3fcda7067977625b3363a2657c80 nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

0951db8e5823ea366b0e408d71e1ba2a ohci1394.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

3e16eff2a6fed2d8d7f5a66dfe65d183 p3.sys
Microsoft Corporation

29744eb4ce659dfe3b4122deb45bc478 parport.sys
Microsoft Corporation

3334430c29dc338092f79c38ef7b4cd0 partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation

ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys
Microsoft Corporation

520b91ab011456b940d9b05fc91108ff pciidex.sys
Microsoft Corporation

8086d9979234b603ad5bc2f5d890b234 pci.sys
Microsoft Corporation

82a087207decec8456fbe8537947d579 pcmcia.sys
Microsoft Corporation

444f122e68db44c0589227781f3c8b3f pfc.sys
Padus

5b0f00e43a7094c0b7e433cb42c79164 portcls.sys
Microsoft Corporation

0d97d88720a4087ec93af7dbb303b30a processr.sys
Microsoft Corporation

390c204ced3785609ab24e9c52054a84 PS2.sys
Hewlett-Packard

48671f327553dcf1d27f6197f622a668 psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

352cf968df88760fef225c3fbe7184a7 pxhelp20.sys
Sonic Solutions

2ef9c0dc26b30b2318b1fc3faa1f0ae7 R8139n51.sys
Realtek Semiconductor

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation

98faeb4a4dcf812ba1c6fca4aa3e115c rasl2tp.sys
Microsoft Corporation

7306eeed8895454cbed4669be9f79faa raspppoe.sys
Microsoft Corporation

1c5cc65aac0783c344f16353e60b72ac raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

03b965b1ca47f6ef60eb5e51cb50e0af rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

a2cae2c60bc37e0751ef9dda7ceaf4ad rdpdr.sys
Microsoft Corporation

b54cd38a9ebfbf2b3561426e3fe26f62 rdpwd.sys
Microsoft Corporation

e9aaa0092d74a9d371659c4c38882e12 recagent.sys
Smart Link

b31b4588e4086d8d84adbf9845c2402b redbook.sys
Microsoft Corporation

99c4b74981a1413f142a3903130088cb rfcomm.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

d18208ed6c768663b08c972eaa7a8b60 rmcast.sys
Microsoft Corporation

7ce8b277f3207ea82d7d22ad348befc6 rndismp.sys
Microsoft Corporation

a82a06278b29004d5da49965565ac2fd rndismpx.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

d507c1400284176573224903819ffda3 rtl8139.sys
Realtek Semiconductor

0dbcc071a268e0340a2ba6bdd98bace4 s3gnbm.sys
SGraphics

d7fd0ff761e28ac0ea35ad71e0cd67e9 scsiport.sys
Microsoft Corporation

02fc71b020ec8700ee8a46c58bc6f276 sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

a2d868aeeff612e70e213c451a70cafb serenum.sys
Microsoft Corporation

cd9404d115a00d249f70a371b46d5a26 serial.sys
Microsoft Corporation

a9573045baa16eab9b1085205b82f1ed serscan.sys
Microsoft Corporation

1d9f1bec651815741f088a8fb88e17ee sffdisk.sys
Microsoft Corporation

586499fd312ffd7f78553f408e71682e sffp_sd.sys
Microsoft Corporation

0d13b6df6e9e101013a7afb0ce629fe0 sfloppy.sys
Microsoft Corporation

732d859b286da692119f286b21a2a114 sisagp.sys
Silicon Integrated Systems

61ca562def09a782d26b3e7edec5369a SISAGPX.SYS
Silicon Integrated Systems

94f6eea8a688a37f71bf9c9aeaa42666 sisgrp.sys
Silicon Integrated Systems

5caeed86821fa2c6139e32e9e05ccdc9 slip.sys
Microsoft Corporation

d9673011648a71ed1e1f77b831bc85e6 slnt7554.sys
Smart Link

2c1779c0feb1f4a6033600305eba623a slntamr.sys
Smart Link

f9b8e30e82ee95cf3e1d3e495599b99c slnthal.sys
Smart Link

db56bb2c55723815cf549d7fc50cfceb slwdmsup.sys
Smart Link

654dd37334fb4621043003188c48d582 smbali.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

addc9e4757a68ab60562ad3cb9c288d6 sonydcam.sys
Microsoft Corporation

0ce218578fff5f4f7e4201539c45c78f splitter.sys
Microsoft Corporation

e41b6d037d6cd08461470af04500dc24 sr.sys
Microsoft Corporation

837d26f79a1647066d75c5c811887475 srvkp.sys
Silicon Integrated Systems

7a4f147cc6b133f905f6e65e2f8669fb srv.sys
Microsoft Corporation

284c57df5dc7abca656bc2b96a667afb streamip.sys
Microsoft Corporation

c43356072eb3e88cd62958db10cead47 stream.sys
Microsoft Corporation

03c1bae4766e2450219d20b993d6e046 swenum.sys
Microsoft Corporation

94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys
Microsoft Corporation

650ad082d46bac0e64c9c0e0928492fd sysaudio.sys
Microsoft Corporation

a2a9ca0d1a9ac1ff54220aa0789fe5cf tape.sys
Microsoft Corporation

be4007ab8c9b62e3688fc2f469b98190 tcpip6.sys
Microsoft Corporation

2a5554fc5b1e04e131230e3ce035c3f9 tcpip.sys
Microsoft Corporation

6891b74ab9a016064e82a419388d0601 tdi.sys
Microsoft Corporation

38d437cf2d98965f239b0abcd66dcb0f tdpipe.sys
Microsoft Corporation

ed0580af02502d00ad8c4c066b156be9 tdtcp.sys
Microsoft Corporation

a540a99c281d933f3d69d55e48727f47 termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation

87a0e9e18c10a9e454238e3330e2a26d tunmp.sys
Microsoft Corporation

49c805d42d75eddc9b6a7130999c9054 uagp35.sys
Microsoft Corporation

12f70256f140cd7d52c58c7048fde657 udfs.sys
Microsoft Corporation

aff2e5045961bbc0a602bb6f95eb1345 update.sys
Microsoft Corporation

af090265ec388bab320f1ff7e7a7d5ea usb8023.sys
Microsoft Corporation

ee37e5c79d6c788711296075b2bc95f4 usb8023x.sys
Microsoft Corporation

f340199e8cb097e1acd58a967c665919 usbaapl.sys
Apple

61018ba9df6b63e51d9753c980e73ec2 usbcamd2.sys
Microsoft Corporation

2654eecc6fb13603ebddcd5c8ea943d1 usbcamd.sys
Microsoft Corporation

bffd9f120cc63bcbaa3d840f3eef9f79 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

15e993ba2f6946b2bfbbfcd30398621e usbehci.sys
Microsoft Corporation

c72f40947f92cea56a8fb532edf025f1 usbhub.sys
Microsoft Corporation

2853fd4c4489e0f8bfcf78efcdb7e998 usbintel.sys
Microsoft Corporation

bdfe799a8531bad8a5a985821fe78760 usbohci.sys
Microsoft Corporation

2034ca78f9c6e787b4b76d81ac888351 usbport.sys
Microsoft Corporation

a42369b7cd8886cd7c70f33da6fcbcf5 usbprint.sys
Microsoft Corporation

a6bc71402f4f7dd5b77fd7f4a8ddba85 usbscan.sys
Microsoft Corporation

6cd7b22193718f1d17a47a1cd6d37e75 usbstor.sys
Microsoft Corporation

f8fd1400092e23c8f2f31406ef06167b usbuhci.sys
Microsoft Corporation

8968ff3973a883c49e8b564200f565b9 usbvideo.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

8a60edd72b4ea5aea8202daf0e427925 vga.sys
Microsoft Corporation

4b039bbd037b01f5db5a144c837f283a VIAAGP1.SYS
VIA Technologies

d92e7c8a30cfd14d8e15b5f7f032151b viaagp.sys
Microsoft Corporation

59cb1338ad3654417bea49636457f65d viaide.sys
Microsoft Corporation

d5a9d123f5ed7c9965a481bd20cf66d8 videoprt.sys
Microsoft Corporation

ee4660083deba849ff6c485d944b379b volsnap.sys
Microsoft Corporation

45489356501ec6cbb789dece991d393f vtmini.sys
tHVS_VERSION_INFOnn?b*StringFileInfoBn'CompanyNameCopyright©VIA/SGraphicsCo,Ltd.XFileDescriptionVIA/SGMiniportDriverRFileVersion...-...vInternalNamevtmini.sysELegalCopyrightCopyright©VIATechnologies,Inc.andSGraphicsCo,Ltd.>vOriginalFilenamevtmini.sysTProductNameUniChrome(Pro)IGPDriverVProductVersion...-...DVarFileInfo$Translationt*

497f6cdb901ef8de81bd501e2aefb0d0 wacompen.sys
Microsoft Corporation

0308aef61941e4af478fa1a0f83812f5 wadv07nt.sys
Intel Corporation

714038a8aa5de08e12062202cd7eaeb5 wadv08nt.sys
Intel Corporation

7bb3aa595e4507a788de1cdc63f4c8c4 wadv09nt.sys
Intel Corporation

36e6c405b6143d09687f4056fd9a0d10 wadv11nt.sys
Intel Corporation

984ef0b9788abf89974cfed4bfbaacbc wanarp.sys
Microsoft Corporation

352fa0e98bc461ce1ce5d41f64db558d watv06nt.sys
Intel Corporation

791cc45de6e50445be72e8ad6401ff45 watv10nt.sys
Intel Corporation

efd235ca22b57c81118c1aeb4798f1c1 wdmaud.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

d5842484f05e12121c511aa93f6439ec wstcodec.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation

Driver report for /mnt/sda1/MiniNT/system32/drivers
0fc836949cf2ec80ff5d6006b54f2fa1 ds110.sys has NO Company Name!
3dcbaa767f4bda89e33729628ebe7739 Ramdrv.sys has NO Company Name!

d4a004751fa995c0799ce7a8304fb58f 1394bus.sys
Microsoft Corporation

b52314cfee373c7742c20c0266944fb5 1394vdbg.sys
Microsoft Corporation

6013ddd78bab4b0eade67905f6293996 abp480n5.sys
Microsoft Corporation

64b8c45ed0745439329b01ea682425b9 ac300nd5.sys
Sierra Wireless

c40751f206ea481084400050b875b853 acpiec.sys
Microsoft Corporation

8cb687a5e4867708d06576bd55066641 acpi.sys
Microsoft Corporation

b05f2367f62552a2de7e3c352b7b9885 adm8511.sys
ADMtek Incorporated

00c8bea30481b38aa0a72e2ca49e576d adptsf50.sys
Adaptec

9a11864873da202c996558b2106b0bbc adpu160m.sys
Microsoft Corporation

cf5a53f69ecb177cab88f5d0c2fd44f0 afd.sys
Microsoft Corporation

3059c7c644b2d067ada34e4d779bb58b aha154x.sys
Microsoft Corporation

19dd0fb48b0c18892f70e2e7d61a1529 aic78u2.sys
Microsoft Corporation

b7fe594a7468aa0132deb03fb8e34326 aic78xx.sys
Microsoft Corporation

d53f61c70e56c6b2444ae8fe83c83f91 ali5261.sys
Acer Laboratories

fcb926ca8125d71beab40c8abf5dea6f aliide.sys
Acer Laboratories

3d8fc9924522fcd4d05ed09b69bb9365 amb8002.sys
Ambi Com

8e2dda4f0ad5d908cbfbff0205fd50d3 amsint.sys
Microsoft Corporation

80bdaeaef5488b89797ffd4b9cfebaad an983.sys
ADMtek Incorporated

08c50b21ad7b57c96e2ec99335c579d4 arp1394.sys
Microsoft Corporation

5bef6fbaf60086f5e4f8e175442db828 asc3350p.sys
Microsoft Corporation

e358b936cce928f2d9395102051ffafb asc3550.sys
Advanced System Products

37accc62021a97322a460e4e2204a7a9 asc.sys
Advanced System Products

3d30f6b623d37f03f3da21225ff665c6 aspndis3.sys
Bay Networks

cf14c79f192120c38f09e13577937472 asyncmac.sys
Microsoft Corporation

eb94855af5051a00ea53c0607d6d79bf atapi.sys
Microsoft Corporation

3dfeee2dfc765a55e2dbc7371d2db525 atmarpc.sys
Microsoft Corporation

61f32d836fd9849eb14ca2ff14cf83e7 atmlane.sys
Microsoft Corporation

7e570672ad7d6554130b4b4b86253eb7 atmuni.sys
Microsoft Corporation

9528b988ac46697efbcab6017e6525a0 b1cbase.sys
AVM GmbH

b9391a83f075351c923c3a37c53af396 b57xp32.sys
Broadcom Corporation

ff90a6b43830a42f989111c53fa11436 bcm42u.sys
Broadcom Corporation

5ff4a1e41df9f1e328c955caa12cd3b0 bcm42xx5.sys
Broadcom Corporation

f13fe9a3648628b29306edb48a4e48d3 bcm4e5.sys
Broadcom Corporation

c441bfa04de6b970ec42e32756a42743 beep.sys
Microsoft Corporation

d444eb9c9996a73bc1f2da30af12e39b brzwlan.sys
Breeze COM

b710e83727f8f0dbea3fadfa33e45cd8 cb102.sys
Fast Ethernet Controller Provider

86e6bed0818e6fb91a1a06ce2b9512d7 cb325.sys
Silicom Ltd

9060fa1f3ee5c1100ab1d358c3b0996b cben5.sys
Xircom

d5362e4d9c21fe105385a1d4068104ca cbidf2k.sys
Microsoft Corporation

9b691310b7492d157809c9b9452c4925 cd20xrnt.sys
Microsoft Corporation

190430c5010598b4f57e28e31a5b160f cdaudio.sys
Microsoft Corporation

439c7ef042ab14cf912b0620f9cc88f8 cdfs.sys
Microsoft Corporation

8d0670da5742a43d40ad095378c7cf3b cdrom.sys
Microsoft Corporation

56adcea79d971e0562710c81949342ad ce2n5.sys
Xircom

6d63e366d96494336f375ff155d47ab3 ce3n5.sys
Xircom

192b2a94dc266dfd60620943a2f80209 cem28n5.sys
Xircom

2b89afaa191d1a254ef7ee4a478b7fb5 cem33n5.sys
Xircom

0e85c03c610d67ac31de4a48bf3a489e cem56n5.sys
Xircom

7fdb4b0512a139b55fef1fced0a2d4a8 cinemst2.sys
Ravisent Technologies

c44268f2bcbb4e6f6341c8e2ccfa82dc classpnp.sys
Microsoft Corporation

aa96d326b0dd31d1751ebbb554aa6cea cmdide.sys
CMD Technology

9521b9525f261bede92a54169f5c20ec cnxt1803.sys
Conexant

20e7528554e2c19fe0714d6a0ec14717 cpqarray.sys
Microsoft Corporation

93093b54095f40f9adc0f6c624073796 cpqndis5.sys
Compaq Computer Corp

0968677a568d97ed0ac3db66331929ca cpqtrnd5.sys
Compaq Computer Corp

50313c82c096eaadd1cfb8a3c71c343f d100ib5.sys
Intel Corporation

d9169639bad30e07cac8ff67fa456d89 dac2w2k.sys
Mylex Corporation

ca8ed0e1f10f90c0b818dcc86cb98942 dac960nt.sys
Microsoft Corporation

bb005cb49d0638039703ac4f67fe0a05 dc21x4.sys
Intel Corporation

b72872100f4f19553a42516426491a60 defpa.sys
Digital Networks

4f135d8819aaffaebc7290770599781a dfe650d.sys
D-Link

de4b7e8befb6f481517639706919552d dfe650.sys
D-Link

e7a6557d0c8ff263a0b3b4bb9d08af10 dgapci.sys
Digi International

16a6f479f49fd1fa06bb5539a3d493f8 diapi2.sys
Eicon Technology

9ae322f68cb80e6b1681b3a650e93edd digirlpt.sys
Digi International

99a1ffd0e527d3b88e34735d85eaaa04 dimaint.sys
Eicon Technology

890d588013da9f33069e06d3b647f6b7 diskdump.sys
Microsoft Corporation

b3893ec3c86f8264f8d50cac0df5d22b disk.sys
Microsoft Corporation

1e9038be171ce8374da0659474466280 diwan.sys
Eicon Technology

d57d429a8ffce0cd4640ee5057727f0e dlh5xnd5.sys
D-Link

51ef6ca3d57055fed6ab99021d562443 dm9pci5.sys
CNet Technology

efe821d832eab12209214e93c473f059 dmboot.sys
Microsoft Corp

6a50b9036422eaed51c4884feb59bd49 dmio.sys
Microsoft Corp

6abdbcfa6e2dedcd238110d82d1a502a dmload.sys
Microsoft Corp

7ac361ecc27f864b744798c39f05c9eb dp83820.sys
National Semiconductor

40f3b93b4e5b0126f2f5c0a7a5e22660 dpti2o.sys
Microsoft Corporation

0fc836949cf2ec80ff5d6006b54f2fa1 ds110.sys

08e3ef1a426b25d97c1a24b2199dfe65 dxapi.sys
Microsoft Corporation

9bc7207c7aedb99038c58f5f09fd85ad dxg.sys
Microsoft Corporation

b91a4c7160844407432f15805b93885d dxgthk.sys
Microsoft Corporation

8c0a85df01dfc02377ddec3abc09a357 e1000nt5.sys
Intel Corporation

3fca03cbca11269f973b70fa483c88ef e100b325.sys
Intel Corporation

b471b27b6bc79c2bb90f3f120667b875 e100isa4.sys
Intel Corporation

bf5685157bdfdd2080bfbad0c9fdb259 el515.sys
Com Corporation

14304cb9ff0a9d2a79a7a54b28a5909a el556nd5.sys
Com Corporation

6cfd1f3eb8cca6e88d437ae26403c6d3 el574nd4.sys
Com Corporation

23f6b9cf432f492ebbd8105d78cb008c el575nd5.sys
Com Corporation

782802aa0e9389457664076fdef509cf el589nd5.sys
Com Corporation

f3bd57c32af814168c1cf5c42727efb0 el656cd5.sys
Com Corporation

d0064bc47ed13d8585975896fb9baf22 el656ct5.sys
Com Corporation

cb7009b262dc06c642ae54731e6f71d4 el656nd5.sys
Com Corporation

776b76dcec9ba129e67fd10e71808a38 el656se5.sys
Com Corporation

6e883bf518296a40959131c2304af714 el90xbc5.sys
Com Corporation

653394706ff5634f4b5180b8294badb1 el90xnd5.sys
Com Corporation

b0727fdae64b77927f0e80315b1f5810 el985n51.sys
Com Corporation

6f751365b5e0ffd314ab8e2022f632d7 el98xn5.sys
Com Corporation

c3f1fdfb24beffe69c223040a83a2810 el99xn51.sys
Com Corporation

4063a77fa6f2c8cd48cbe9ac6eb8d213 em556n4.sys
Com Corporation

4fcf1e3eab2e281050140a768d45165e emu10k1m.sys
Creative Technology

d635ba503ad8bd38f12423f1f23c444c enum1394.sys
Microsoft Corporation

8d2766a5495e38ed6b0c0fe96c7cfb4a epro4.sys
Intel Corporation

7523787840d369bc2679f34b2f75cfe1 eqn.sys
Equinox Systems

85e929ef134f487fee2cc182cf65fca3 et4000.sys
Microsoft Corporation

eb85488184eed8bd6739a380ccc7cddb ex10.sys
Intel Corporation

ab9954722bdf06f04247082e9c15c23e f3ab18xi.sys
FUJITSU LIMITED

4e29da3239e88e9099091a9499081489 f3ab18xj.sys
FUJITSU LIMITED

aa855fb8a866281aacb393c1feab91ae fa312nd5.sys
NETGEAR

b64a76d3c444c8a24b6cefe8658cf62d fa410nd5.sys
NETGEAR

5020d16fb2c7f8aa09c81b1091fe525f fastfat.sys
Microsoft Corporation

f0196b7a8fe3098099721675db361272 fasttrak.sys
Promise Technology

2c0d70f0318870257ad99bf400f0c596 fasttx2k.sys
Promise Technology

c2bebda174acfd5ddb91d9b60ab79be4 fdc.sys
Microsoft Corporation

d083354e0341ce23009bf75bbf744343 fem556n5.sys
Com Corporation

f92d47d9c583fd8f9c1675f5078dd718 fetnd5.sys
VIA Technologies

a105855236d33295b0b3cc2d4a5b1d60 flpydisk.sys
Microsoft Corporation

a85a0a13f40e56a6d2c64e11a3d92867 forehe.sys
FORE Systems

45b5129aeae91ea096a9bbebff99e098 fpcibase.sys
AVM GmbH

a28343d9ead5556f0456b3f527b3b272 fpcmbase.sys
AVM GmbH

d99cc8ad8a9ed5e2ba3cad098438eb94 fs_rec.sys
Microsoft Corporation

dee582b38f66f3da91c1b36d96329bce fsvga.sys
Microsoft Corporation

9d73ca0adeb132d9526e512c500770f6 ftdisk.sys
Microsoft Corporation

c4880a896c23ddcda615f77f0910dc6d fusbbase.sys
AVM GmbH

ceaee19e1cb8e12e33cf5be90b39eb6d fxusbase.sys
AVM GmbH

ddcb05db87d93d2fd8d8b4866ba62a09 hidclass.sys
Microsoft Corporation

a748669f06de96f6a1add2adf3d99803 hidparse.sys
Microsoft Corporation

f3d320c23e16e94a6513cb9f9145bc1b hidusb.sys
Microsoft Corporation

b028377dea0546a5fcfba928a8aefae0 hpn.sys
Microsoft Corporation

fe654f3e72975bd8a8cb5379b67d7f0d hpt3xx.sys
HighPoint Technologies

3f0d0bbdd83c027d241ae0dd5cbaa4d2 i2omgmt.sys
Microsoft Corporation

bc4944efa71ed0489ff7dff6d99ba3b6 i2omp.sys
Microsoft Corporation

312ea51bca39a65244a66d7c4b23d37f i8042prt.sys
Microsoft Corporation

50b56e7de809be4b8f4d24b3f0381520 iaStor.sys
Intel Corporation

80ea23f0647c44b3ea666939b64315da ibmtok.sys
IBM Corp

9cda373cddb5ea4b6e32ab584314d6af ibmtrp.sys
IBM Corp

a917bc4d8991dbb26c09186481c23f6c ini910u.sys
Microsoft Corporation

dd3cc6227aa81d6d95b2384f488adea2 inport.sys
Microsoft Corporation

6fe636d1f09568de69418f6e587ffcd0 intelide.sys
Microsoft Corporation

fdb7530527c97f313ff326d38593b8d9 io8.sys
Perle Systems

dc4053419066ef1e29f0a03ad4222d4d ip5515.sys
Interphase Corporation

569c5676c6c3acca6c73ae6020fd66ef ipfltdrv.sys
Microsoft Corporation

b024c64e6f535750032764b34766b74a ipinip.sys
Microsoft Corporation

ad0c928839b98c61cb7c01d7ca4955df ipnat.sys
Microsoft Corporation

460854a775b8c65ee5708b269d3ab988 ipsec.sys
Microsoft Corporation

89c0b94390c65d0104f7df469fef34f4 isapnp.sys
Microsoft Corporation

3865155b4dda4ee04130347274099e05 kbdclass.sys
Microsoft Corporation

cc64899516e56c88b74780eb6d48001c kbdhid.sys
Microsoft Corporation

2aadd4f28068cdde30a3c849d4486ab4 ksecdd.sys
Microsoft Corporation

73873f04ab1b76ce8632d2375f840d80 ks.sys
Microsoft Corporation

50a0090cbbf7ff701230ee1314598aef ktc111.sys
Kingston Technology

fdf0c899ab431505803ebf96a0bcb3ff lanepic5.sys
SMSC

f87c7914cc490a11398a80c14907c5fc lbrtfdc.sys
Toshiba Corporation

66481ae1138421b0a5f95fda6ac7389f lmndis3.sys
D-Link

196a8fab5707f3881c360155798d9d88 lne100.sys
Linksys

ffee99703cf26d2f5a511e3f363a90c9 lne100tx.sys
Linksys

e152636220dc710e43ee388a8ee3e27f loop.sys
Microsoft Corporation

88ec1587ff63b6eaccbc3bb018bb64ac mcd.sys
Microsoft Corporation

2dedaa32406555930efe616a1c9f46e1 mdgndis5.sys
Madge Networks

51273462792e30f76bcd5f7795028ec2 mf.sys
Microsoft Corporation

c57e467f75e0bc29dc5d7fbfc9e4341c mnmdd.sys
Microsoft Corporation

79d606f8bf1410e1000b722c8a3c1495 modem.sys
Microsoft Corporation

d0010f19947600f13c98ef8a057f7b34 mouclass.sys
Microsoft Corporation

438d799db236e942be6d473fb3ebe3c8 mouhid.sys
Microsoft Corporation

91995faffb536dfbc2adc1dc12396ed0 mountmgr.sys
Microsoft Corporation

8c31027c1789feeeb0a25dce623b56aa mraid35x.sys
American Megatrends

e913e5f9f52a66c4c97f056fec1c3a9f mrxsmb.sys
Microsoft Corporation

9c717a1e014cce0c0967208ff00626d5 msfs.sys
Microsoft Corporation

4071e7d13d1bfdd644f8e76f07cbaf59 msgpc.sys
Microsoft Corporation

5738b86e95331ff1575ab435639c05ca mup.sys
Microsoft Corporation

9e62d829f55deb5ad90c8151a00a1b39 mxnic.sys
Macronix International

229f31220a51e86a6ad6c42a8a0c1bf6 n1000nt5.sys
Compaq Computer Corp

c7eb926899ff4575b630087ea4c7af61 n100325.sys
Compaq Computer Corp

a34e2a6b71308c2b6648c01164f399e8 ndis.sys
Microsoft Corporation

628c9dde0310e047d682251c55ca684f ndistapi.sys
Microsoft Corporation

593daaa1360151b620b6e5aea5579756 ndiswan.sys
Microsoft Corporation

f87e3b26505a9996765859acb7e2d0a6 ndproxy.sys
Microsoft Corporation

4da5a1f94c28239673f11e4d0f1eb129 ne2000.sys
Microsoft Corporation

e6727b9ab4e59602d0070246a352715d netbios.sys
Microsoft Corporation

3519d0dcc77d95fc44e40700a1d38584 netbt.sys
Microsoft Corporation

07ee7b0d0a5581848f5d44a82dce5f69 netflx3.sys
Compaq Computer Corp

060ebd795c01fde0ceea7ca0c99dd48b netwlan5.sys
802.11b

bdfa550022facf2a922213065924f529 ngrpci.sys
NETGEAR

ad74d924ac8ba34d2740d34064dca5ef nic1394.sys
Microsoft Corporation

076f76c1a53342141ed85a5c2ecf323e nmnt.sys
Microsoft Corporation

e4d7e1ed8bed855e7bf6e1633b1871a1 npfs.sys
Microsoft Corporation

25f372b7ee3566b6c667222d1417f856 ntfs.sys
Microsoft Corporation

aa2debf5727a3eaec213cfe7978c3828 null.sys
Microsoft Corporation

8bed9c4ae538d3b59ed7929c7b78d53c nwlnkflt.sys
Microsoft Corporation

2ee83e8008b53933ee1124ba95bc12f0 nwlnkfwd.sys
Microsoft Corporation

f7cd626d4ec9cb318549aebefc646d10 nwlnkipx.sys
Microsoft Corporation

d1550929776b10a11e6be6b7c94b3ec2 nwlnknb.sys
Microsoft Corporation

a7453e5f0de354a19b3830964d388be3 nwlnkspx.sys
Microsoft Corporation

c44974807252e98ef3bf49d1d56347f7 nwrdr.sys
Microsoft Corporation

48f3bf9ba1d00eac8fc4dacf4660323f ohci1394.sys
Microsoft Corporation

c2541f99662a1deac4ba3b974434f7e5 oprghdlr.sys
Microsoft Corporation

d03b6091d32825ea610968c061a87a30 otc06x5.sys
Ositech Communications

b81e92ed5030de8a66997d4602254a69 otceth5.sys
Ositech Communications

f0fad1b2b06fa39de178e0f02bc9e843 parport.sys
Microsoft Corporation

4cab0c22d92851188bfd6bf47205a8a7 partmgr.sys
Microsoft Corporation

1fc9c6c0f9ab9e23a81a24990f9fabe1 parvdm.sys
Microsoft Corporation

05580fe9a04c3b85d60dd01c44945bf2 pc100nds.sys
Linksys

56320532165d871a53f0f737d62ed80d pca200e.sys
FORE Systems

4cc7b07881edfa9af17fd8ba260a5caa pciide.sys
Microsoft Corporation

92b962dd453ba25e146448557fe3e619 pciidex.sys
Microsoft Corporation

ae08d1e159ce1e2edd152c10df1e3df2 pci.sys
Microsoft Corporation

b953657176b64a6ff69f96c98fe69f96 pcmcia.sys
Microsoft Corporation

e143627b6042b9c6c119c12f9967217a pcmlm56.sys
Linksys

58b6ea41566fe98f545786b07d6d5d87 pcntn5hl.sys
AMD Inc

ae539f734baa0c51f7dbfe88b05b63d0 pcntn5m.sys
AMD Inc

7bc8027d56fab153a987c56ae9835664 pcntpci5.sys
AMD Inc

09e9330c45afbd5c3a3d2e222be7e483 pcx500.sys
Cisco Systems

f50f7c27f131afe7beba13e14a3b9416 perc2hib.sys
Microsoft Corporation

6c14b9c19ba84f73d3a86dba11133101 perc2.sys
Microsoft Corporation

4ffe7c048394461518eeccc29537c8da ppa3.sys
Microsoft Corporation

2b3086156afc0976d30d234b163be5e3 psched.sys
Microsoft Corporation

5a35e7e99e8a23c647f54c92f3ecd077 ptilink.sys
Parallel Technologies

e75b857840e1267a23163354cf7143f7 ql1080.sys
QLogic Corporation

a3a731da3f9799d610081c3fe3f8b295 ql10wnt.sys
Microsoft Corporation

4be34a50117402e46b0503ad3ab9a2de ql12160.sys
QLogic Corporation

65a420ce1019138b729a073ad2123a35 ql1240.sys
Microsoft Corporation

4138fa3091fd4d44118a1a0187feeb3f ql1280.sys
QLogic Corporation

535e985e754f04735a785a9ac612f59f ramdisk.sys
Microsoft Corporation

3dcbaa767f4bda89e33729628ebe7739 Ramdrv.sys

0d1e455eff9f6b18bc4c1329a0965db9 rasacd.sys
Microsoft Corporation

929d64a3f768e0b298ede24d217c2217 rasl2tp.sys
Microsoft Corporation

be61afd25db17e51ff09ae2f0c246f66 raspppoe.sys
Microsoft Corporation

c127815068aa136d256e5ece1c0d8ae4 raspptp.sys
Microsoft Corporation

b09675658d6ba4a79518ad90b573efa4 raspti.sys
Microsoft Corporation

4e17951bcc87e19fb8f1dc4ee08180f6 rawwan.sys
Microsoft Corporation

1b28ad60b7e41ebec002eb901e61c2e1 rdbss.sys
Microsoft Corporation

83e3f8f62f647fd0b85c6d50fec59ecc rlnet5.sys
Radio LAN

23bb37697d799126dab65d3ab21046fa rndismp.sys
Microsoft Corporation

40f16664118d6c16460e9eac6ed31ee7 rocket.sys
Comtrol Corporation

90bef18c0121ed4011caf1f85f15b632 rootmdm.sys
Microsoft Corporation

493b54a894a6e70dd02961a68db8863f rtl8029.sys
Realtek Semiconductor

7a0db9fc3dc3c620aea30ea2a6557cac rtl8139.sys
Realtek Semiconductor

8fdb4f100d13e9c2880794ed3667c4af sbp2port.sys
Microsoft Corporation

30f231baa3455108bc99fdadb9993a28 scsiport.sys
Microsoft Corporation

2d50ec1ad5b0763a9098b004418b30bf serenum.sys
Microsoft Corporation

3fb9a3a04111e1dcfc75639c97ab4790 serial.sys
Microsoft Corporation

cc5272b7e34a0d4dc88606723f8756e8 setupdd.sys
Microsoft Corporation

e26a9fa354546e44d68654543b661927 sfloppy.sys
Microsoft Corporation

3b78d345f0983f778345c1c817175109 sisnic.sys
SiS Corporation

0135473359801a7cc25bfda8b14a5814 sk98xwin.sys
Sys Konnect

06db910f91399c25fd727f6ff789f28b skfpwin.sys
Sys Konnect

d12247451e5ce210bd2638e897667619 sla30nd5.sys
Symbol Technologies

fadbc01e0ab94463b03c3024ca5d9524 slip.sys
Microsoft Corporation

6a2966a5dae3fd11a915a7f1f9c79440 smc8000n.sys
SMC

cbaf621e697fedd1bd8de39505b00ecf smclib.sys
Microsoft Corporation

a06bbbcce7b75a14b0e2d05f6be3776c smcpwr2n.sys
SMC

ae8ba6722ceaf7772fbbc05c8c5d0cca sonydcam.sys
Microsoft Corporation

83c0f71f86d3bdaf915685f3d568b20e sparrow.sys
Adaptec

9b748d684d8a0682945fd954ba7a49b8 spddlang.sys
Microsoft Corporation

4db8e305b38bacd4c6cec0e9f8dab300 speed.sys
Perle Systems

0fc106a8196c7c9ddc79a15f1eb2ddde srv.sys
Microsoft Corporation

d380fb9a20cf60fcfae50983f04fedb4 srwlnd5.sys
Com USA

7d0634ea0735eeb90c90000d4a8afea3 stlnata.sys
Stallion Technologies

c75568d048f7b547d58aa06e9c3a9768 streamip.sys
Microsoft Corporation

ce355d46d210d9043a126044f2c69364 swenum.sys
Microsoft Corporation

7c5bc49528b59b5606a62646b5dc30bf sx.sys
Perle Systems

1ff3217614018630d0a6758630fc698c symc810.sys
Symbios Logic

070e001d95cf725186ef8b20335f933c symc8xx.sys
LSI Logic

80ac1c4abbe2df3b738bf15517a51f2c sym_hi.sys
LSI Logic

bf4fab949a382a8e105f46ebb4937058 sym_u3.sys
LSI Logic

4bd05610791513330fb42ebb6d7ee7ff tape.sys
Microsoft Corporation

026e891de676eaf2c984e75aa3f3f01f tbatm155.sys
Toshiba Corporation

27c4ad13d7249b869eb84a5189ef9ae3 tcpip.sys
Microsoft Corporation

82a7344aa73dcb1e09b63a65772211c7 tdi.sys
Microsoft Corporation

8a346e3995ad07320acbe941fa6a4112 tdk100b.sys
TDK Corporation

36233ca5e5b5dbeb67c0469e038ba5ab tdkcd31.sys
TDK Corporation

e4b239d506a7c82389e72236d9c9c2ab tffsport.sys
M-Systems

5ba1c90bd67f1b6f3483db725c9c9112 tjisdn.sys
TigerJet Network

21da9e0e8a1a9f06f0259318cf6750de tos4mo.sys
Toshiba Corporation

23dd3a0d871d005d18fc0309b709dded tosdvd.sys
Microsoft Corporation

fb07e459d364329ad4ee8b320fa99c9e toside.sys
Microsoft Corporation

71e7575c9cfaa0cc0c215546c545b1d0 tpro4.sys
Intel Corporation

58e8b78f5ac08b3ca182fd6310d71f24 tsbvcap.sys
Toshiba Corporation

1dc1a81bc325bc934b1dcb48e0ce744e udfs.sys
Microsoft Corporation

9387207edca9524db86d2bbe901079c0 ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

a012d04971d0a4fb3f58856188f9e818 update.sys
Microsoft Corporation

cdcfa45b88666cf554dc75405f8af563 usb101et.sys
KLSI USA

09d8e3a079f417710acb7a3467c54e4d usb8023.sys
Microsoft Corporation

8b1c35c9fcfce0f52216b54fa505c2d7 usbcamd2.sys
Microsoft Corporation

381e2ccdc18fbcb2cd233a4112d0e49f usbcamd.sys
Microsoft Corporation

6d90819c6b83bcee8e4d7d5545c96464 usbccgp.sys
Microsoft Corporation

e416e83f96de974823aeac17cf230300 usbd.sys
Microsoft Corporation

066ce039c939a99d9dfaf425cec3833e usbhub.sys
Microsoft Corporation

018766d88b8ff5e6548235b6f5119e7a usbintel.sys
Microsoft Corporation

a39de2679ea28733af1da76b7ce132f6 usbohci.sys
Microsoft Corporation

378a942befd05d7e8e07e47ecd71fc2b usbport.sys
Microsoft Corporation

6e8cb8ef618c818f9c79e2797648c30e usbstor.sys
Microsoft Corporation

b136178a492f612ac267bda657325cb8 usbuhci.sys
Microsoft Corporation

f4b817f195ce844eb6dada6d0f427fa2 vga.sys
Microsoft Corporation

d5c95cbaa3216200bd71ff6f70373bb5 viaide.sys
Microsoft Corporation

4476d6d38c54ea2deb8b99ce55509715 videoprt.sys
Microsoft Corporation

68c97b9365e9774c574927d6938c1ecb w840nd.sys
Winbond Electronics

95eaf6d9c64afe0bfc7fbb165ebe1860 w926nd.sys
Winbond Electronics

f4ae73d3a0f8049fe60280a878df9aca w940nd.sys
Winbond Electronics

3ae5b857164dea2a0e83b2856dff1195 wanarp.sys
Microsoft Corporation

0993b9463fe88ada957dbda77cb768d7 wlandrv2.sys
RaytheonCorp

f469669bf38db6286d01755308584923 wlluc48.sys
Lucent Technologies

64540e8cd12b039efae9dbdf63330763 wmilib.sys
Microsoft Corporation

a2503a8cf4e429342d8de4ee480be663 ws2ifsl.sys
Microsoft Corporation

75718143d0d06d648e0578f2ec4d8a02 xem336n5.sys
US Robotics MCD

Driver report for /mnt/sda1/i386/system32/drivers
0fc836949cf2ec80ff5d6006b54f2fa1 ds110.sys has NO Company Name!
3dcbaa767f4bda89e33729628ebe7739 Ramdrv.sys has NO Company Name!

d4a004751fa995c0799ce7a8304fb58f 1394bus.sys
Microsoft Corporation

b52314cfee373c7742c20c0266944fb5 1394vdbg.sys
Microsoft Corporation

6013ddd78bab4b0eade67905f6293996 abp480n5.sys
Microsoft Corporation

64b8c45ed0745439329b01ea682425b9 ac300nd5.sys
Sierra Wireless

c40751f206ea481084400050b875b853 acpiec.sys
Microsoft Corporation

8cb687a5e4867708d06576bd55066641 acpi.sys
Microsoft Corporation

b05f2367f62552a2de7e3c352b7b9885 adm8511.sys
ADMtek Incorporated

00c8bea30481b38aa0a72e2ca49e576d adptsf50.sys
Adaptec

9a11864873da202c996558b2106b0bbc adpu160m.sys
Microsoft Corporation

cf5a53f69ecb177cab88f5d0c2fd44f0 afd.sys
Microsoft Corporation

3059c7c644b2d067ada34e4d779bb58b aha154x.sys
Microsoft Corporation

19dd0fb48b0c18892f70e2e7d61a1529 aic78u2.sys
Microsoft Corporation

b7fe594a7468aa0132deb03fb8e34326 aic78xx.sys
Microsoft Corporation

d53f61c70e56c6b2444ae8fe83c83f91 ali5261.sys
Acer Laboratories

fcb926ca8125d71beab40c8abf5dea6f aliide.sys
Acer Laboratories

3d8fc9924522fcd4d05ed09b69bb9365 amb8002.sys
Ambi Com

8e2dda4f0ad5d908cbfbff0205fd50d3 amsint.sys
Microsoft Corporation

80bdaeaef5488b89797ffd4b9cfebaad an983.sys
ADMtek Incorporated

08c50b21ad7b57c96e2ec99335c579d4 arp1394.sys
Microsoft Corporation

5bef6fbaf60086f5e4f8e175442db828 asc3350p.sys
Microsoft Corporation

e358b936cce928f2d9395102051ffafb asc3550.sys
Advanced System Products

37accc62021a97322a460e4e2204a7a9 asc.sys
Advanced System Products

3d30f6b623d37f03f3da21225ff665c6 aspndis3.sys
Bay Networks

cf14c79f192120c38f09e13577937472 asyncmac.sys
Microsoft Corporation

eb94855af5051a00ea53c0607d6d79bf atapi.sys
Microsoft Corporation

3dfeee2dfc765a55e2dbc7371d2db525 atmarpc.sys
Microsoft Corporation

61f32d836fd9849eb14ca2ff14cf83e7 atmlane.sys
Microsoft Corporation

7e570672ad7d6554130b4b4b86253eb7 atmuni.sys
Microsoft Corporation

9528b988ac46697efbcab6017e6525a0 b1cbase.sys
AVM GmbH

b9391a83f075351c923c3a37c53af396 b57xp32.sys
Broadcom Corporation

ff90a6b43830a42f989111c53fa11436 bcm42u.sys
Broadcom Corporation

5ff4a1e41df9f1e328c955caa12cd3b0 bcm42xx5.sys
Broadcom Corporation

f13fe9a3648628b29306edb48a4e48d3 bcm4e5.sys
Broadcom Corporation

c441bfa04de6b970ec42e32756a42743 beep.sys
Microsoft Corporation

d444eb9c9996a73bc1f2da30af12e39b brzwlan.sys
Breeze COM

b710e83727f8f0dbea3fadfa33e45cd8 cb102.sys
Fast Ethernet Controller Provider

86e6bed0818e6fb91a1a06ce2b9512d7 cb325.sys
Silicom Ltd

9060fa1f3ee5c1100ab1d358c3b0996b cben5.sys
Xircom

d5362e4d9c21fe105385a1d4068104ca cbidf2k.sys
Microsoft Corporation

9b691310b7492d157809c9b9452c4925 cd20xrnt.sys
Microsoft Corporation

190430c5010598b4f57e28e31a5b160f cdaudio.sys
Microsoft Corporation

439c7ef042ab14cf912b0620f9cc88f8 cdfs.sys
Microsoft Corporation

8d0670da5742a43d40ad095378c7cf3b cdrom.sys
Microsoft Corporation

56adcea79d971e0562710c81949342ad ce2n5.sys
Xircom

6d63e366d96494336f375ff155d47ab3 ce3n5.sys
Xircom

192b2a94dc266dfd60620943a2f80209 cem28n5.sys
Xircom

2b89afaa191d1a254ef7ee4a478b7fb5 cem33n5.sys
Xircom

0e85c03c610d67ac31de4a48bf3a489e cem56n5.sys
Xircom

7fdb4b0512a139b55fef1fced0a2d4a8 cinemst2.sys
Ravisent Technologies

c44268f2bcbb4e6f6341c8e2ccfa82dc classpnp.sys
Microsoft Corporation

aa96d326b0dd31d1751ebbb554aa6cea cmdide.sys
CMD Technology

9521b9525f261bede92a54169f5c20ec cnxt1803.sys
Conexant

20e7528554e2c19fe0714d6a0ec14717 cpqarray.sys
Microsoft Corporation

93093b54095f40f9adc0f6c624073796 cpqndis5.sys
Compaq Computer Corp

0968677a568d97ed0ac3db66331929ca cpqtrnd5.sys
Compaq Computer Corp

50313c82c096eaadd1cfb8a3c71c343f d100ib5.sys
Intel Corporation

d9169639bad30e07cac8ff67fa456d89 dac2w2k.sys
Mylex Corporation

ca8ed0e1f10f90c0b818dcc86cb98942 dac960nt.sys
Microsoft Corporation

bb005cb49d0638039703ac4f67fe0a05 dc21x4.sys
Intel Corporation

b72872100f4f19553a42516426491a60 defpa.sys
Digital Networks

4f135d8819aaffaebc7290770599781a dfe650d.sys
D-Link

de4b7e8befb6f481517639706919552d dfe650.sys
D-Link

e7a6557d0c8ff263a0b3b4bb9d08af10 dgapci.sys
Digi International

16a6f479f49fd1fa06bb5539a3d493f8 diapi2.sys
Eicon Technology

9ae322f68cb80e6b1681b3a650e93edd digirlpt.sys
Digi International

99a1ffd0e527d3b88e34735d85eaaa04 dimaint.sys
Eicon Technology

890d588013da9f33069e06d3b647f6b7 diskdump.sys
Microsoft Corporation

b3893ec3c86f8264f8d50cac0df5d22b disk.sys
Microsoft Corporation

1e9038be171ce8374da0659474466280 diwan.sys
Eicon Technology

d57d429a8ffce0cd4640ee5057727f0e dlh5xnd5.sys
D-Link

51ef6ca3d57055fed6ab99021d562443 dm9pci5.sys
CNet Technology

efe821d832eab12209214e93c473f059 dmboot.sys
Microsoft Corp

6a50b9036422eaed51c4884feb59bd49 dmio.sys
Microsoft Corp

6abdbcfa6e2dedcd238110d82d1a502a dmload.sys
Microsoft Corp

7ac361ecc27f864b744798c39f05c9eb dp83820.sys
National Semiconductor

40f3b93b4e5b0126f2f5c0a7a5e22660 dpti2o.sys
Microsoft Corporation

0fc836949cf2ec80ff5d6006b54f2fa1 ds110.sys

08e3ef1a426b25d97c1a24b2199dfe65 dxapi.sys
Microsoft Corporation

9bc7207c7aedb99038c58f5f09fd85ad dxg.sys
Microsoft Corporation

b91a4c7160844407432f15805b93885d dxgthk.sys
Microsoft Corporation

8c0a85df01dfc02377ddec3abc09a357 e1000nt5.sys
Intel Corporation

3fca03cbca11269f973b70fa483c88ef e100b325.sys
Intel Corporation

b471b27b6bc79c2bb90f3f120667b875 e100isa4.sys
Intel Corporation

bf5685157bdfdd2080bfbad0c9fdb259 el515.sys
Com Corporation

14304cb9ff0a9d2a79a7a54b28a5909a el556nd5.sys
Com Corporation

6cfd1f3eb8cca6e88d437ae26403c6d3 el574nd4.sys
Com Corporation

23f6b9cf432f492ebbd8105d78cb008c el575nd5.sys
Com Corporation

782802aa0e9389457664076fdef509cf el589nd5.sys
Com Corporation

f3bd57c32af814168c1cf5c42727efb0 el656cd5.sys
Com Corporation

d0064bc47ed13d8585975896fb9baf22 el656ct5.sys
Com Corporation

cb7009b262dc06c642ae54731e6f71d4 el656nd5.sys
Com Corporation

776b76dcec9ba129e67fd10e71808a38 el656se5.sys
Com Corporation

6e883bf518296a40959131c2304af714 el90xbc5.sys
Com Corporation

653394706ff5634f4b5180b8294badb1 el90xnd5.sys
Com Corporation

b0727fdae64b77927f0e80315b1f5810 el985n51.sys
Com Corporation

6f751365b5e0ffd314ab8e2022f632d7 el98xn5.sys
Com Corporation

c3f1fdfb24beffe69c223040a83a2810 el99xn51.sys
Com Corporation

4063a77fa6f2c8cd48cbe9ac6eb8d213 em556n4.sys
Com Corporation

4fcf1e3eab2e281050140a768d45165e emu10k1m.sys
Creative Technology

d635ba503ad8bd38f12423f1f23c444c enum1394.sys
Microsoft Corporation

8d2766a5495e38ed6b0c0fe96c7cfb4a epro4.sys
Intel Corporation

7523787840d369bc2679f34b2f75cfe1 eqn.sys
Equinox Systems

85e929ef134f487fee2cc182cf65fca3 et4000.sys
Microsoft Corporation

eb85488184eed8bd6739a380ccc7cddb ex10.sys
Intel Corporation

ab9954722bdf06f04247082e9c15c23e f3ab18xi.sys
FUJITSU LIMITED

4e29da3239e88e9099091a9499081489 f3ab18xj.sys
FUJITSU LIMITED

aa855fb8a866281aacb393c1feab91ae fa312nd5.sys
NETGEAR

b64a76d3c444c8a24b6cefe8658cf62d fa410nd5.sys
NETGEAR

5020d16fb2c7f8aa09c81b1091fe525f fastfat.sys
Microsoft Corporation

f0196b7a8fe3098099721675db361272 fasttrak.sys
Promise Technology

2c0d70f0318870257ad99bf400f0c596 fasttx2k.sys
Promise Technology

c2bebda174acfd5ddb91d9b60ab79be4 fdc.sys
Microsoft Corporation

d083354e0341ce23009bf75bbf744343 fem556n5.sys
Com Corporation

f92d47d9c583fd8f9c1675f5078dd718 fetnd5.sys
VIA Technologies

a105855236d33295b0b3cc2d4a5b1d60 flpydisk.sys
Microsoft Corporation

a85a0a13f40e56a6d2c64e11a3d92867 forehe.sys
FORE Systems

45b5129aeae91ea096a9bbebff99e098 fpcibase.sys
AVM GmbH

a28343d9ead5556f0456b3f527b3b272 fpcmbase.sys
AVM GmbH

d99cc8ad8a9ed5e2ba3cad098438eb94 fs_rec.sys
Microsoft Corporation

dee582b38f66f3da91c1b36d96329bce fsvga.sys
Microsoft Corporation

9d73ca0adeb132d9526e512c500770f6 ftdisk.sys
Microsoft Corporation

c4880a896c23ddcda615f77f0910dc6d fusbbase.sys
AVM GmbH

ceaee19e1cb8e12e33cf5be90b39eb6d fxusbase.sys
AVM GmbH

ddcb05db87d93d2fd8d8b4866ba62a09 hidclass.sys
Microsoft Corporation

a748669f06de96f6a1add2adf3d99803 hidparse.sys
Microsoft Corporation

f3d320c23e16e94a6513cb9f9145bc1b hidusb.sys
Microsoft Corporation

b028377dea0546a5fcfba928a8aefae0 hpn.sys
Microsoft Corporation

fe654f3e72975bd8a8cb5379b67d7f0d hpt3xx.sys
HighPoint Technologies

3f0d0bbdd83c027d241ae0dd5cbaa4d2 i2omgmt.sys
Microsoft Corporation

bc4944efa71ed0489ff7dff6d99ba3b6 i2omp.sys
Microsoft Corporation

312ea51bca39a65244a66d7c4b23d37f i8042prt.sys
Microsoft Corporation

50b56e7de809be4b8f4d24b3f0381520 iaStor.sys
Intel Corporation

80ea23f0647c44b3ea666939b64315da ibmtok.sys
IBM Corp

9cda373cddb5ea4b6e32ab584314d6af ibmtrp.sys
IBM Corp

a917bc4d8991dbb26c09186481c23f6c ini910u.sys
Microsoft Corporation

dd3cc6227aa81d6d95b2384f488adea2 inport.sys
Microsoft Corporation

6fe636d1f09568de69418f6e587ffcd0 intelide.sys
Microsoft Corporation

fdb7530527c97f313ff326d38593b8d9 io8.sys
Perle Systems

dc4053419066ef1e29f0a03ad4222d4d ip5515.sys
Interphase Corporation

569c5676c6c3acca6c73ae6020fd66ef ipfltdrv.sys
Microsoft Corporation

b024c64e6f535750032764b34766b74a ipinip.sys
Microsoft Corporation

ad0c928839b98c61cb7c01d7ca4955df ipnat.sys
Microsoft Corporation

460854a775b8c65ee5708b269d3ab988 ipsec.sys
Microsoft Corporation

89c0b94390c65d0104f7df469fef34f4 isapnp.sys
Microsoft Corporation

3865155b4dda4ee04130347274099e05 kbdclass.sys
Microsoft Corporation

cc64899516e56c88b74780eb6d48001c kbdhid.sys
Microsoft Corporation

2aadd4f28068cdde30a3c849d4486ab4 ksecdd.sys
Microsoft Corporation

73873f04ab1b76ce8632d2375f840d80 ks.sys
Microsoft Corporation

50a0090cbbf7ff701230ee1314598aef ktc111.sys
Kingston Technology

fdf0c899ab431505803ebf96a0bcb3ff lanepic5.sys
SMSC

f87c7914cc490a11398a80c14907c5fc lbrtfdc.sys
Toshiba Corporation

66481ae1138421b0a5f95fda6ac7389f lmndis3.sys
D-Link

196a8fab5707f3881c360155798d9d88 lne100.sys
Linksys

ffee99703cf26d2f5a511e3f363a90c9 lne100tx.sys
Linksys

e152636220dc710e43ee388a8ee3e27f loop.sys
Microsoft Corporation

88ec1587ff63b6eaccbc3bb018bb64ac mcd.sys
Microsoft Corporation

2dedaa32406555930efe616a1c9f46e1 mdgndis5.sys
Madge Networks

51273462792e30f76bcd5f7795028ec2 mf.sys
Microsoft Corporation

c57e467f75e0bc29dc5d7fbfc9e4341c mnmdd.sys
Microsoft Corporation

79d606f8bf1410e1000b722c8a3c1495 modem.sys
Microsoft Corporation

d0010f19947600f13c98ef8a057f7b34 mouclass.sys
Microsoft Corporation

438d799db236e942be6d473fb3ebe3c8 mouhid.sys
Microsoft Corporation

91995faffb536dfbc2adc1dc12396ed0 mountmgr.sys
Microsoft Corporation

8c31027c1789feeeb0a25dce623b56aa mraid35x.sys
American Megatrends

e913e5f9f52a66c4c97f056fec1c3a9f mrxsmb.sys
Microsoft Corporation

9c717a1e014cce0c0967208ff00626d5 msfs.sys
Microsoft Corporation

4071e7d13d1bfdd644f8e76f07cbaf59 msgpc.sys
Microsoft Corporation

5738b86e95331ff1575ab435639c05ca mup.sys
Microsoft Corporation

9e62d829f55deb5ad90c8151a00a1b39 mxnic.sys
Macronix International

229f31220a51e86a6ad6c42a8a0c1bf6 n1000nt5.sys
Compaq Computer Corp

c7eb926899ff4575b630087ea4c7af61 n100325.sys
Compaq Computer Corp

a34e2a6b71308c2b6648c01164f399e8 ndis.sys
Microsoft Corporation

628c9dde0310e047d682251c55ca684f ndistapi.sys
Microsoft Corporation

593daaa1360151b620b6e5aea5579756 ndiswan.sys
Microsoft Corporation

f87e3b26505a9996765859acb7e2d0a6 ndproxy.sys
Microsoft Corporation

4da5a1f94c28239673f11e4d0f1eb129 ne2000.sys
Microsoft Corporation

e6727b9ab4e59602d0070246a352715d netbios.sys
Microsoft Corporation

3519d0dcc77d95fc44e40700a1d38584 netbt.sys
Microsoft Corporation

07ee7b0d0a5581848f5d44a82dce5f69 netflx3.sys
Compaq Computer Corp

060ebd795c01fde0ceea7ca0c99dd48b netwlan5.sys
802.11b

bdfa550022facf2a922213065924f529 ngrpci.sys
NETGEAR

ad74d924ac8ba34d2740d34064dca5ef nic1394.sys
Microsoft Corporation

076f76c1a53342141ed85a5c2ecf323e nmnt.sys
Microsoft Corporation

e4d7e1ed8bed855e7bf6e1633b1871a1 npfs.sys
Microsoft Corporation

25f372b7ee3566b6c667222d1417f856 ntfs.sys
Microsoft Corporation

aa2debf5727a3eaec213cfe7978c3828 null.sys
Microsoft Corporation

8bed9c4ae538d3b59ed7929c7b78d53c nwlnkflt.sys
Microsoft Corporation

2ee83e8008b53933ee1124ba95bc12f0 nwlnkfwd.sys
Microsoft Corporation

f7cd626d4ec9cb318549aebefc646d10 nwlnkipx.sys
Microsoft Corporation

d1550929776b10a11e6be6b7c94b3ec2 nwlnknb.sys
Microsoft Corporation

a7453e5f0de354a19b3830964d388be3 nwlnkspx.sys
Microsoft Corporation

c44974807252e98ef3bf49d1d56347f7 nwrdr.sys
Microsoft Corporation

48f3bf9ba1d00eac8fc4dacf4660323f ohci1394.sys
Microsoft Corporation

c2541f99662a1deac4ba3b974434f7e5 oprghdlr.sys
Microsoft Corporation

d03b6091d32825ea610968c061a87a30 otc06x5.sys
Ositech Communications

b81e92ed5030de8a66997d4602254a69 otceth5.sys
Ositech Communications

f0fad1b2b06fa39de178e0f02bc9e843 parport.sys
Microsoft Corporation

4cab0c22d92851188bfd6bf47205a8a7 partmgr.sys
Microsoft Corporation

1fc9c6c0f9ab9e23a81a24990f9fabe1 parvdm.sys
Microsoft Corporation

05580fe9a04c3b85d60dd01c44945bf2 pc100nds.sys
Linksys

56320532165d871a53f0f737d62ed80d pca200e.sys
FORE Systems

4cc7b07881edfa9af17fd8ba260a5caa pciide.sys
Microsoft Corporation

92b962dd453ba25e146448557fe3e619 pciidex.sys
Microsoft Corporation

ae08d1e159ce1e2edd152c10df1e3df2 pci.sys
Microsoft Corporation

b953657176b64a6ff69f96c98fe69f96 pcmcia.sys
Microsoft Corporation

e143627b6042b9c6c119c12f9967217a pcmlm56.sys
Linksys

58b6ea41566fe98f545786b07d6d5d87 pcntn5hl.sys
AMD Inc

ae539f734baa0c51f7dbfe88b05b63d0 pcntn5m.sys
AMD Inc

7bc8027d56fab153a987c56ae9835664 pcntpci5.sys
AMD Inc

09e9330c45afbd5c3a3d2e222be7e483 pcx500.sys
Cisco Systems

f50f7c27f131afe7beba13e14a3b9416 perc2hib.sys
Microsoft Corporation

6c14b9c19ba84f73d3a86dba11133101 perc2.sys
Microsoft Corporation

4ffe7c048394461518eeccc29537c8da ppa3.sys
Microsoft Corporation

2b3086156afc0976d30d234b163be5e3 psched.sys
Microsoft Corporation

5a35e7e99e8a23c647f54c92f3ecd077 ptilink.sys
Parallel Technologies

e75b857840e1267a23163354cf7143f7 ql1080.sys
QLogic Corporation

a3a731da3f9799d610081c3fe3f8b295 ql10wnt.sys
Microsoft Corporation

4be34a50117402e46b0503ad3ab9a2de ql12160.sys
QLogic Corporation

65a420ce1019138b729a073ad2123a35 ql1240.sys
Microsoft Corporation

4138fa3091fd4d44118a1a0187feeb3f ql1280.sys
QLogic Corporation

535e985e754f04735a785a9ac612f59f ramdisk.sys
Microsoft Corporation

3dcbaa767f4bda89e33729628ebe7739 Ramdrv.sys

0d1e455eff9f6b18bc4c1329a0965db9 rasacd.sys
Microsoft Corporation

929d64a3f768e0b298ede24d217c2217 rasl2tp.sys
Microsoft Corporation

be61afd25db17e51ff09ae2f0c246f66 raspppoe.sys
Microsoft Corporation

c127815068aa136d256e5ece1c0d8ae4 raspptp.sys
Microsoft Corporation

b09675658d6ba4a79518ad90b573efa4 raspti.sys
Microsoft Corporation

4e17951bcc87e19fb8f1dc4ee08180f6 rawwan.sys
Microsoft Corporation

1b28ad60b7e41ebec002eb901e61c2e1 rdbss.sys
Microsoft Corporation

83e3f8f62f647fd0b85c6d50fec59ecc rlnet5.sys
Radio LAN

23bb37697d799126dab65d3ab21046fa rndismp.sys
Microsoft Corporation

40f16664118d6c16460e9eac6ed31ee7 rocket.sys
Comtrol Corporation

90bef18c0121ed4011caf1f85f15b632 rootmdm.sys
Microsoft Corporation

493b54a894a6e70dd02961a68db8863f rtl8029.sys
Realtek Semiconductor

7a0db9fc3dc3c620aea30ea2a6557cac rtl8139.sys
Realtek Semiconductor

8fdb4f100d13e9c2880794ed3667c4af sbp2port.sys
Microsoft Corporation

30f231baa3455108bc99fdadb9993a28 scsiport.sys
Microsoft Corporation

2d50ec1ad5b0763a9098b004418b30bf serenum.sys
Microsoft Corporation

3fb9a3a04111e1dcfc75639c97ab4790 serial.sys
Microsoft Corporation

cc5272b7e34a0d4dc88606723f8756e8 setupdd.sys
Microsoft Corporation

e26a9fa354546e44d68654543b661927 sfloppy.sys
Microsoft Corporation

3b78d345f0983f778345c1c817175109 sisnic.sys
SiS Corporation

0135473359801a7cc25bfda8b14a5814 sk98xwin.sys
Sys Konnect

06db910f91399c25fd727f6ff789f28b skfpwin.sys
Sys Konnect

d12247451e5ce210bd2638e897667619 sla30nd5.sys
Symbol Technologies

fadbc01e0ab94463b03c3024ca5d9524 slip.sys
Microsoft Corporation

6a2966a5dae3fd11a915a7f1f9c79440 smc8000n.sys
SMC

cbaf621e697fedd1bd8de39505b00ecf smclib.sys
Microsoft Corporation

a06bbbcce7b75a14b0e2d05f6be3776c smcpwr2n.sys
SMC

ae8ba6722ceaf7772fbbc05c8c5d0cca sonydcam.sys
Microsoft Corporation

83c0f71f86d3bdaf915685f3d568b20e sparrow.sys
Adaptec

9b748d684d8a0682945fd954ba7a49b8 spddlang.sys
Microsoft Corporation

4db8e305b38bacd4c6cec0e9f8dab300 speed.sys
Perle Systems

0fc106a8196c7c9ddc79a15f1eb2ddde srv.sys
Microsoft Corporation

d380fb9a20cf60fcfae50983f04fedb4 srwlnd5.sys
Com USA

7d0634ea0735eeb90c90000d4a8afea3 stlnata.sys
Stallion Technologies

c75568d048f7b547d58aa06e9c3a9768 streamip.sys
Microsoft Corporation

ce355d46d210d9043a126044f2c69364 swenum.sys
Microsoft Corporation

7c5bc49528b59b5606a62646b5dc30bf sx.sys
Perle Systems

1ff3217614018630d0a6758630fc698c symc810.sys
Symbios Logic

070e001d95cf725186ef8b20335f933c symc8xx.sys
LSI Logic

80ac1c4abbe2df3b738bf15517a51f2c sym_hi.sys
LSI Logic

bf4fab949a382a8e105f46ebb4937058 sym_u3.sys
LSI Logic

4bd05610791513330fb42ebb6d7ee7ff tape.sys
Microsoft Corporation

026e891de676eaf2c984e75aa3f3f01f tbatm155.sys
Toshiba Corporation

27c4ad13d7249b869eb84a5189ef9ae3 tcpip.sys
Microsoft Corporation

82a7344aa73dcb1e09b63a65772211c7 tdi.sys
Microsoft Corporation

8a346e3995ad07320acbe941fa6a4112 tdk100b.sys
TDK Corporation

36233ca5e5b5dbeb67c0469e038ba5ab tdkcd31.sys
TDK Corporation

e4b239d506a7c82389e72236d9c9c2ab tffsport.sys
M-Systems

5ba1c90bd67f1b6f3483db725c9c9112 tjisdn.sys
TigerJet Network

21da9e0e8a1a9f06f0259318cf6750de tos4mo.sys
Toshiba Corporation

23dd3a0d871d005d18fc0309b709dded tosdvd.sys
Microsoft Corporation

fb07e459d364329ad4ee8b320fa99c9e toside.sys
Microsoft Corporation

71e7575c9cfaa0cc0c215546c545b1d0 tpro4.sys
Intel Corporation

58e8b78f5ac08b3ca182fd6310d71f24 tsbvcap.sys
Toshiba Corporation

1dc1a81bc325bc934b1dcb48e0ce744e udfs.sys
Microsoft Corporation

9387207edca9524db86d2bbe901079c0 ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

a012d04971d0a4fb3f58856188f9e818 update.sys
Microsoft Corporation

cdcfa45b88666cf554dc75405f8af563 usb101et.sys
KLSI USA

09d8e3a079f417710acb7a3467c54e4d usb8023.sys
Microsoft Corporation

8b1c35c9fcfce0f52216b54fa505c2d7 usbcamd2.sys
Microsoft Corporation

381e2ccdc18fbcb2cd233a4112d0e49f usbcamd.sys
Microsoft Corporation

6d90819c6b83bcee8e4d7d5545c96464 usbccgp.sys
Microsoft Corporation

e416e83f96de974823aeac17cf230300 usbd.sys
Microsoft Corporation

066ce039c939a99d9dfaf425cec3833e usbhub.sys
Microsoft Corporation

018766d88b8ff5e6548235b6f5119e7a usbintel.sys
Microsoft Corporation

a39de2679ea28733af1da76b7ce132f6 usbohci.sys
Microsoft Corporation

378a942befd05d7e8e07e47ecd71fc2b usbport.sys
Microsoft Corporation

6e8cb8ef618c818f9c79e2797648c30e usbstor.sys
Microsoft Corporation

b136178a492f612ac267bda657325cb8 usbuhci.sys
Microsoft Corporation

f4b817f195ce844eb6dada6d0f427fa2 vga.sys
Microsoft Corporation

d5c95cbaa3216200bd71ff6f70373bb5 viaide.sys
Microsoft Corporation

4476d6d38c54ea2deb8b99ce55509715 videoprt.sys
Microsoft Corporation

68c97b9365e9774c574927d6938c1ecb w840nd.sys
Winbond Electronics

95eaf6d9c64afe0bfc7fbb165ebe1860 w926nd.sys
Winbond Electronics

f4ae73d3a0f8049fe60280a878df9aca w940nd.sys
Winbond Electronics

3ae5b857164dea2a0e83b2856dff1195 wanarp.sys
Microsoft Corporation

0993b9463fe88ada957dbda77cb768d7 wlandrv2.sys
RaytheonCorp

f469669bf38db6286d01755308584923 wlluc48.sys
Lucent Technologies

64540e8cd12b039efae9dbdf63330763 wmilib.sys
Microsoft Corporation

a2503a8cf4e429342d8de4ee480be663 ws2ifsl.sys
Microsoft Corporation

75718143d0d06d648e0578f2ec4d8a02 xem336n5.sys
US Robotics MCD



filefind.txt

Search results for Winlogon.exe

ed0ef0a136dec83df69f04118870003e /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/winlogon.exe
496.0K Apr 14 2008

6b9e314d1e0a578ca906ca8f14159d54 /mnt/sda2/WINDOWS/system32/winlogon.exe
490.5K Aug 4 2004

01c3346c241652f43aed8e2149881bfe /mnt/sda2/WINDOWS/ServicePackFiles/i386/winlogon.exe
490.5K Aug 4 2004

2246d8d8f4714a2cedb21ab9b1849abb /mnt/sda2/WINDOWS/$NtServicePackUninstall$/winlogon.exe
504.5K Aug 29 2002

83065436f8a772dd61383242ab3bb277 /mnt/sda1/MiniNT/system32/winlogon.exe
419.0K Jul 25 2001

83065436f8a772dd61383242ab3bb277 /mnt/sda1/i386/system32/winlogon.exe
419.0K Jul 25 2001


Search results for explorer.exe

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda2/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/explorer.exe
1009.5K Apr 14 2008

4a00fa1642f7b5ed232541d46ab727ba /mnt/sda2/WINDOWS/system32/dllcache/explorer.exe
1008.0K Aug 4 2004

4a00fa1642f7b5ed232541d46ab727ba /mnt/sda2/WINDOWS/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/ServicePackFiles/i386/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004

a73bc66a95cf4f7b597fc8975778a889 /mnt/sda2/WINDOWS/$NtServicePackUninstall$/explorer.exe
973.0K May 12 2003

a82b28bfc2e4455fe43022a498c0ef0a /mnt/sda2/WINDOWS/$NtUninstallKB820291$/explorer.exe
980.5K Aug 29 2002


Search results for Userinit.exe

a93aee1928a9d7ce3e16d24ec7380f89 /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/userinit.exe
25.5K Apr 14 2008

39b1ffb03c2296323832acbae50d2aff /mnt/sda2/WINDOWS/system32/userinit.exe
24.0K Aug 4 2004

39b1ffb03c2296323832acbae50d2aff /mnt/sda2/WINDOWS/ServicePackFiles/i386/userinit.exe
24.0K Aug 4 2004

e931e0a2b8bf0019db902e98d03662cb /mnt/sda2/WINDOWS/$NtServicePackUninstall$/userinit.exe
21.5K Aug 29 2002

3f6aab54f8a009d92e301299f05879ff /mnt/sda1/MiniNT/system32/userinit.exe
21.0K Jul 25 2001

3f6aab54f8a009d92e301299f05879ff /mnt/sda1/i386/system32/userinit.exe
21.0K Jul 25 2001


Search results for Exit


Search results for bash query.sh

RegReport.txt

Remote Registry Report

Hive </mnt/sda2/WINDOWS/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> Value <CSDVersion> of type REG_SZ, data length 30 [0x1e]
Service Pack 2
\Microsoft\Windows NT\CurrentVersion> Value <SystemRoot> of type REG_SZ, data length 22 [0x16]
C:\WINDOWS
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 104 [0x68]
kkkvzh.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 14 subkeys and 0 values
<!SASWinLogon>
<avgrsstarter>
<cbXPHBUN>
<crypt32chain>
<cryptnet>
<cscdll>
<igfxcui>
<ScCertProp>
<Schedule>
<sclgntfy>
<SensLogn>
<termsrv>
<WgaLogon>
<wlballoon>
\Microsoft\Windows\CurrentVersion\Run> Node has 1 subkeys and 2 values
<OptionalComponents>
size type value name [value if type DWORD]
274 REG_SZ <HP OfficeJet Series 700>
66 REG_SZ <AVG9_TRAY>
(...)\Windows\CurrentVersion\policies\system> Node has 0 subkeys and 5 values
4 REG_DWORD <dontdisplaylastusername> 0 [0x0]
4 REG_DWORD <legalnoticecaption> 1 [0x1]
8 REG_SZ <legalnoticetext>
4 REG_DWORD <shutdownwithoutlogon> 1 [0x1]
4 REG_DWORD <undockwithoutlogon> 1 [0x1]


Hive </mnt/sda1/MiniNT/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> cat_vk: No such value <CSDVersion>
\Microsoft\Windows NT\CurrentVersion> cat_vk: No such value <SystemRoot>
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 18 [0x12]
userinit
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 4 subkeys and 0 values
<cscdll>
<ScCertProp>
<SensLogn>
<wlballoon>
\Microsoft\Windows\CurrentVersion\RunOnce> Node has 0 subkeys and 0 values


Hive </mnt/sda1/i386/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> cat_vk: No such value <CSDVersion>
\Microsoft\Windows NT\CurrentVersion> cat_vk: No such value <SystemRoot>
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 18 [0x12]
userinit
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 4 subkeys and 0 values
<cscdll>
<ScCertProp>
<SensLogn>
<wlballoon>
\Microsoft\Windows\CurrentVersion\RunOnce> Node has 0 subkeys and 0 values


Hive </mnt/sda2/Documents and Settings/Administrator/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 1 values
size type value name [value if type DWORD]
62 REG_SZ <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda2/Documents and Settings/Administrator.FAMILY/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 1 values
size type value name [value if type DWORD]
62 REG_SZ <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda2/Documents and Settings/CINDY/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 1 values
size type value name [value if type DWORD]
62 REG_SZ <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda2/Documents and Settings/KYLE/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 3 values
size type value name [value if type DWORD]
114 REG_SZ <BackupNotify>
24 REG_SZ <d0vnRXM2e>
62 REG_SZ <ctfmon.exe>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]


Hive </mnt/sda2/Documents and Settings/Owner/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 3 values
size type value name [value if type DWORD]
112 REG_SZ <SpybotSD TeaTimer>
62 REG_SZ <ctfmon.exe>
110 REG_SZ <SUPERAntiSpyware>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]
(...)\Windows\CurrentVersion\Policies\System> Node has 0 subkeys and 0 values

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:54 PM

Posted 04 February 2011 - 02:52 AM

I am going to attempt to replace some files.

Please download the enclosed file [attachment=87115:Replace.txt] and save it in the USB drive, next to the Driver.sh file.

  • Insert the USB drive and CD in the Sick computer and boot the computer from the xPUD CD again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see Driver.sh and the Replace.txt that you downloaded
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -r
  • Press Enter
  • After it has finished a report will be located at sdb1 named filerep.txt

To confirm, please follow these steps:

  • In the pen terminal, type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    kkkvzh.dll

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Plug that USB back into the clean computer and post the contents of the filerep.txt and filefind.txt in your next reply. If too large, attach the files to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 04 February 2011 - 08:56 AM

Here are the two files you requested...

Beginning replacement procedure

mv "/mnt/sda2/WINDOWS/system32/winlogon.exe" "/mnt/sda2/WINDOWS/system32/winlogon.exe.orig"
cp "/mnt/sda2/WINDOWS/ServicePackFiles/i386/winlogon.exe" "/mnt/sda2/WINDOWS/system32/winlogon.exe"
mv "/mnt/sda2/WINDOWS/explorer.exe" "/mnt/sda2/WINDOWS/explorer.exe.orig"
cp "/mnt/sda2/WINDOWS/ServicePackFiles/i386/explorer.exe" "/mnt/sda2/WINDOWS/explorer.exe"

Search results for Winlogon.exe

ed0ef0a136dec83df69f04118870003e /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/winlogon.exe
496.0K Apr 14 2008

6b9e314d1e0a578ca906ca8f14159d54 /mnt/sda2/WINDOWS/system32/winlogon.exe
490.5K Aug 4 2004

01c3346c241652f43aed8e2149881bfe /mnt/sda2/WINDOWS/ServicePackFiles/i386/winlogon.exe
490.5K Aug 4 2004

2246d8d8f4714a2cedb21ab9b1849abb /mnt/sda2/WINDOWS/$NtServicePackUninstall$/winlogon.exe
504.5K Aug 29 2002

83065436f8a772dd61383242ab3bb277 /mnt/sda1/MiniNT/system32/winlogon.exe
419.0K Jul 25 2001

83065436f8a772dd61383242ab3bb277 /mnt/sda1/i386/system32/winlogon.exe
419.0K Jul 25 2001


Search results for explorer.exe

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda2/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/explorer.exe
1009.5K Apr 14 2008

4a00fa1642f7b5ed232541d46ab727ba /mnt/sda2/WINDOWS/system32/dllcache/explorer.exe
1008.0K Aug 4 2004

4a00fa1642f7b5ed232541d46ab727ba /mnt/sda2/WINDOWS/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/ServicePackFiles/i386/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004

a73bc66a95cf4f7b597fc8975778a889 /mnt/sda2/WINDOWS/$NtServicePackUninstall$/explorer.exe
973.0K May 12 2003

a82b28bfc2e4455fe43022a498c0ef0a /mnt/sda2/WINDOWS/$NtUninstallKB820291$/explorer.exe
980.5K Aug 29 2002


Search results for Userinit.exe

a93aee1928a9d7ce3e16d24ec7380f89 /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/userinit.exe
25.5K Apr 14 2008

39b1ffb03c2296323832acbae50d2aff /mnt/sda2/WINDOWS/system32/userinit.exe
24.0K Aug 4 2004

39b1ffb03c2296323832acbae50d2aff /mnt/sda2/WINDOWS/ServicePackFiles/i386/userinit.exe
24.0K Aug 4 2004

e931e0a2b8bf0019db902e98d03662cb /mnt/sda2/WINDOWS/$NtServicePackUninstall$/userinit.exe
21.5K Aug 29 2002

3f6aab54f8a009d92e301299f05879ff /mnt/sda1/MiniNT/system32/userinit.exe
21.0K Jul 25 2001

3f6aab54f8a009d92e301299f05879ff /mnt/sda1/i386/system32/userinit.exe
21.0K Jul 25 2001


Search results for Exit


Search results for bash query.sh


Search results for Winlogon.exe

ed0ef0a136dec83df69f04118870003e /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/winlogon.exe
496.0K Apr 14 2008

01c3346c241652f43aed8e2149881bfe /mnt/sda2/WINDOWS/system32/winlogon.exe
490.5K Feb 4 08:49

01c3346c241652f43aed8e2149881bfe /mnt/sda2/WINDOWS/ServicePackFiles/i386/winlogon.exe
490.5K Aug 4 2004

2246d8d8f4714a2cedb21ab9b1849abb /mnt/sda2/WINDOWS/$NtServicePackUninstall$/winlogon.exe
504.5K Aug 29 2002

83065436f8a772dd61383242ab3bb277 /mnt/sda1/MiniNT/system32/winlogon.exe
419.0K Jul 25 2001

83065436f8a772dd61383242ab3bb277 /mnt/sda1/i386/system32/winlogon.exe
419.0K Jul 25 2001


Search results for explorer.exe

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda2/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda2/WINDOWS/SoftwareDistribution/Download/dd9ab5193501484cf5e6884fa1d22f9e/explorer.exe
1009.5K Apr 14 2008

4a00fa1642f7b5ed232541d46ab727ba /mnt/sda2/WINDOWS/system32/dllcache/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/explorer.exe
1008.0K Feb 4 08:49

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/ServicePackFiles/i386/explorer.exe
1008.0K Aug 4 2004

a0732187050030ae399b241436565e64 /mnt/sda2/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004

a73bc66a95cf4f7b597fc8975778a889 /mnt/sda2/WINDOWS/$NtServicePackUninstall$/explorer.exe
973.0K May 12 2003

a82b28bfc2e4455fe43022a498c0ef0a /mnt/sda2/WINDOWS/$NtUninstallKB820291$/explorer.exe
980.5K Aug 29 2002


Search results for kkkvzh.dll


Search results for Exit

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:54 PM

Posted 04 February 2011 - 09:59 AM

Are you able to boot in Normal Mode?

Edited by JSntgRvr, 04 February 2011 - 10:02 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 04 February 2011 - 12:55 PM

Yes. The system boots normally now. I am updating and running MAMB, please let me know what else you would like me to run and do.

Thanks.

Mark :thumbsup:

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:54 PM

Posted 04 February 2011 - 01:10 PM

After running MBAM, post its report. Also run this application as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 FloridaMark

FloridaMark
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 04 February 2011 - 03:23 PM

Hi...

Here is the report from Combofix...

ComboFix 11-01-31.02 - Owner 02/04/2011 14:38:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.666 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\ms.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 17:55 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-02-04 08:49 . 2011-02-04 08:49 502272 ------w- c:\windows\system32\winlogon.exe
2011-02-04 08:49 . 2011-02-04 08:49 1032192 ------w- c:\windows\explorer.exe
2011-02-02 03:53 . 2011-02-02 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-02-02 03:53 . 2011-02-02 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-02 03:52 . 2011-02-02 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-23 05:41 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-01-23 05:41 . 2007-07-09 18:13 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-01-23 05:41 . 2007-07-09 18:13 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-01-22 20:00 . 2011-01-22 20:00 -------- d-----w- c:\program files\ESET
2011-01-21 02:33 . 2011-01-21 02:33 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-01-21 02:33 . 2011-02-04 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2011-01-21 02:24 . 2011-01-21 02:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-01-21 02:24 . 2004-08-04 07:56 1032192 ----a-w- c:\windows\system32\dllcache\explorer.exe
2011-01-21 01:41 . 2011-01-21 01:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-21 00:42 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 00:42 . 2011-01-21 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-21 00:42 . 2011-01-21 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 00:42 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 00:30 . 2011-02-04 19:24 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 19:37 . 2010-06-01 19:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP OfficeJet Series 700"="c:\program files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet Series 700\Install" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PopSubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PopSubtract.lnk
backup=c:\windows\pss\PopSubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 16:01 88209 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-01 19:36 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-21 11:15 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 11:23 49152 -c--a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-08 00:04 52736 -c--a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-06-01 14:16 353736 ----a-w- c:\progra~1\INCRED~1\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 17:10 267048 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 21:44 61440 -c--a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 04:43 233472 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-01 04:07 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-22 23:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 05:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iMesh\\Client\\iMeshClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:11 PM 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/1/2010 2:36 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2011-02-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 00:36]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 22:11]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 22:11]

2009-01-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-05 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alltel.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Search
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {DF6D8E8B-6B0E-4D0B-A4FC-3609BF20DF45} = 166.102.165.13,166.102.165.11
DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF}
DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.dav\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -

BHO-{2bbdcef7-ee7b-488c-be03-1e069e760622} - c:\windows\system32\kkkvzh.dll
BHO-{336F53F2-9BDC-44DB-8BD8-32EABFC34757} - c:\windows\lbbho.dll
BHO-{A065C8E7-D3D1-4DBC-A9F0-B6C5E5817FB1} - c:\windows\system32\byXPFWpp.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-cbXPHBUN - cbXPHBUN.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
.
**************************************************************************
.
Completion time: 2011-02-04 14:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-04 19:59

Pre-Run: 113,343,414,272 bytes free
Post-Run: 113,388,527,616 bytes free

- - End Of File - - 5AD072E1FA753CEF98C3E693625F3122




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users