Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"XP Anti Spyware" infection.... Cannot boot computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 anarchoi

anarchoi

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 31 March 2011 - 07:41 PM

About one year ago i got a virus called "Malware Doctor". I used this forum to follow your instructions and got rid of it using ubcd4win , it was really helpful

So about 1 hour ago i got a new virus called "XP Anti Spyware".

As soon as i got the virus, i couldnt access any website and i couldnt open my (real) anti-spyware applications

So i tryed to reboot my computer, but as soon as i shutdown my computer i couldnt boot into window....

When i boot, all i see is a black screen instead of seeing the traditional windows xp loading page...

I still have UBCD4WIN on a CD and i am ready to follow your instructions to get rid of "XP Anti Spyware" virus

Thanks again for your help

BC AdBot (Login to Remove)

 


#2 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 31 March 2011 - 07:46 PM

i'm not sure if i have to post here or in "Am I infected? What do I do?" forum.... Sorry if i posted in wrong forum

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 31 March 2011 - 08:10 PM

We'll keep it here. I have asked someone to look at this that specializes in boot issues. Not sure if they will reply today or not.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 31 March 2011 - 11:44 PM

Hi, and :welcome:.

We will need to view the system status from an external environment. The UBCD4WIN is a good alternative, but the tool I need you to build will give us a better approach. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 01 April 2011 - 01:14 AM

report.txt:

Fri Apr 1 13:58:23 UTC 2011
Driver report for /mnt/sda1/_OTL/MovedFiles/08042010_122711/C_WINDOWS/system32/drivers



Driver report for /mnt/sda1/WINDOWS/system32/drivers
f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys has NO Company Name!
f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys has NO Company Name!
f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys has NO Company Name!
f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys has NO Company Name!
250852a7530ec28a8139e0a3089e10c4 saavideo.sys has NO Company Name!
250852a7530ec28a8139e0a3089e10c4 saavideo.sys has NO Company Name!

c1536905ad2067812a238bce998f4bff 1394bus.sys
c1536905ad2067812a238bce998f4bff 1394bus.sys
Microsoft Corporation

e4abc1212b70bb03d35e60681c447210 acpiec.sys
Microsoft Corporation

e4abc1212b70bb03d35e60681c447210 acpiec.sys
Microsoft Corporation

e5e6dbfc41ea8aad005cb9a57a96b43b acpi.sys
Microsoft Corporation

e5e6dbfc41ea8aad005cb9a57a96b43b acpi.sys
Microsoft Corporation

Microsoft Corporation

8bed39e3c35d6a489438b8141717a557 aec.sys
8bed39e3c35d6a489438b8141717a557 aec.sys
Microsoft Corporation

Microsoft Corporation
023867b6606fbabcdd52e089c4a507da AegisP.sys

023867b6606fbabcdd52e089c4a507da AegisP.sys
Cisco Systems

322d0e36693d6e24a2398bee62a268cd afd.sys
Cisco Systems

322d0e36693d6e24a2398bee62a268cd afd.sys
Microsoft Corporation

c6c0f974ab7e825813f8e6b4e5581750 amdk6.sys
Microsoft Corporation

c6c0f974ab7e825813f8e6b4e5581750 amdk6.sys
Microsoft Corporation

d3dabc57be6d456dfd4bc026cfa582ff amdk7.sys
Microsoft Corporation
Microsoft Corporation


31ffde1be912d7cbd3f189feb61f86b6 AmdK8.sys
d3dabc57be6d456dfd4bc026cfa582ff amdk7.sys
Advanced Micro Devices

Microsoft Corporation

e7314d43cd2be981d8bc4826b50eaf05 AmdLLD.sys
31ffde1be912d7cbd3f189feb61f86b6 AmdK8.sys
Advanced Micro Devices

e7314d43cd2be981d8bc4826b50eaf05 AmdLLD.sys
ra%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nThreadregisteredsuccesfully:SamplingRate(ms)[%]rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nThreadun-registeredsuccesfully.rnx%()rn%nNode[%]Core[%]rn%nError:InvalidNodeId.rnx%()rn%nNode[%]Core[%]rn%nError:InvalidCoreId.rn%()rn%nNode[%]Core[%]rn%nError:Threadalreadyregistered.rn%()rn%nNode[%]Core[%]rn%nError:Threadwasnotregistered.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:InvalidThreadAffinity.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:ZwInformationThread()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:ObReferenceObjectByHandle()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:PsCreateSystemThread()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:HalGetBusDataByOffset()failedreadingnorth-bridgeTSC.rnp%()rn%nNode[%]rn%nError:InvalidSourceNodeId.rn|%()rn%nNode[%]rn%nError:InvalidDestinationNodeId.rnVS_VERSION_INFO?aXStringFileInfobnCompanyNameAMD,Inc.`FileDescriptionAMDLowLevelDeviceDriverbFileVersion...vInternalNameAmdLLD.sysZLegalCopyrightCopyrightAMD,Inc.>vOriginalFilenameAmdLLD.sysPProductNameLowLevelDeviceDriverbProductVersion...DVarFileInfo$Translationt

b5b8a80875c1dededa8b02765642c32f arp1394.sys
ra%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nThreadregisteredsuccesfully:SamplingRate(ms)[%]rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nThreadun-registeredsuccesfully.rnx%()rn%nNode[%]Core[%]rn%nError:InvalidNodeId.rnx%()rn%nNode[%]Core[%]rn%nError:InvalidCoreId.rn%()rn%nNode[%]Core[%]rn%nError:Threadalreadyregistered.rn%()rn%nNode[%]Core[%]rn%nError:Threadwasnotregistered.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:InvalidThreadAffinity.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:ZwInformationThread()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:ObReferenceObjectByHandle()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:PsCreateSystemThread()failed.rn%()rn%nNode[%]Core[%]Cpu[%]Affinity[x%]rn%nError:HalGetBusDataByOffset()failedreadingnorth-bridgeTSC.rnp%()rn%nNode[%]rn%nError:InvalidSourceNodeId.rn|%()rn%nNode[%]rn%nError:InvalidDestinationNodeId.rnVS_VERSION_INFO?aXStringFileInfobnCompanyNameAMD,Inc.`FileDescriptionAMDLowLevelDeviceDriverbFileVersion...vInternalNameAmdLLD.sysZLegalCopyrightCopyrightAMD,Inc.>vOriginalFilenameAmdLLD.sysPProductNameLowLevelDeviceDriverbProductVersion...DVarFileInfo$Translationt

Microsoft Corporation

b5b8a80875c1dededa8b02765642c32f arp1394.sys
d48659bb24c48345d926ecb45c1ebdf5 ASACPI.sys
tH((VS_VERSION_INFO%?(aStringFileInfodbCommentsCompanyNameRFileDescriptionATKACPIUtility@FileVersion,,,bInternalNameATK$LegalCopyright(LegalTrademarksbOriginalFilenameATKPrivateBuildJProductNameATKACPIUtility@ProductVersion,,,SpecialBuildDVarFileInfo$Translationtx'

c2a6683c9ff46aa70e2c2092b008edc7 ASUSHWIO.SYS

b153affac761e7f5fcfa822b9c4e97bc asyncmac.sys
Microsoft Corporation

9f3a2f5aa6875c72bf062c712cfa2674 atapi.sys
Microsoft Corporation

d48659bb24c48345d926ecb45c1ebdf5 ASACPI.sys
tH((VS_VERSION_INFO%?(aStringFileInfodbCommentsCompanyNameRFileDescriptionATKACPIUtility@FileVersion,,,bInternalNameATK$LegalCopyright(LegalTrademarksbOriginalFilenameATKPrivateBuildJProductNameATKACPIUtility@ProductVersion,,,SpecialBuildDVarFileInfo$Translationtx'

c2a6683c9ff46aa70e2c2092b008edc7 ASUSHWIO.SYS

b153affac761e7f5fcfa822b9c4e97bc asyncmac.sys
Microsoft Corporation

9f3a2f5aa6875c72bf062c712cfa2674 atapi.sys
Microsoft Corporation

e7426973d081b6607056d1dd91bd9b01 ati2mtag.sys
Microsoft Corporation

e7426973d081b6607056d1dd91bd9b01 ati2mtag.sys
ATI Technologies

41c8f0eda10da14378d304c20ba6e558 AtiHdmi.sys
ATI

af7ee20d8ecc163d30bd2ab594a74baf AtihdXP3.sys
tH`hhVS_VERSION_INFO?btStringFileInfoBNCompanyNameATITechnologies,Inc.|*FileDescriptionATIHighDefinitionAudioFunctionDriverbFileVersion...:rInternalNameAtihdXP.sys.LegalCopyrightCopyright©-ATITechnologiesInc.BrOriginalFilenameAtihdXP.sysLProductNameATIHDMIAudioDriver<bProductVersion...DVarFileInfo$Translationt*

f0d933b42cd0594048e4d5200ae9e417 atksgt.sys
ATI Technologies

41c8f0eda10da14378d304c20ba6e558 AtiHdmi.sys
ATI

af7ee20d8ecc163d30bd2ab594a74baf AtihdXP3.sys

9916c1225104ba14794209cfa8012159 atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
tH`hhVS_VERSION_INFO?btStringFileInfoBNCompanyNameATITechnologies,Inc.|*FileDescriptionATIHighDefinitionAudioFunctionDriverbFileVersion...:rInternalNameAtihdXP.sys.LegalCopyrightCopyright©-ATITechnologiesInc.BrOriginalFilenameAtihdXP.sysLProductNameATIHDMIAudioDriver<bProductVersion...DVarFileInfo$Translationt*

Microsoft Corporation

f0d933b42cd0594048e4d5200ae9e417 atksgt.sys
ae76348a2605fb197fa8ff1d6f547836 atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys

9916c1225104ba14794209cfa8012159 atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

ae76348a2605fb197fa8ff1d6f547836 atmlane.sys
Microsoft Corporation

b8c187439d27aba430dd69fdcf1fa657 avgldx86.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
AVG Technologies

53b3f979930a786a614d29cafe99f645 avgmfx86.sys
AVG Technologies

22e3b793c3e61720f03d3a22351af410 avgtdix.sys
Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

b8c187439d27aba430dd69fdcf1fa657 avgldx86.sys
AVG Technologies

53b3f979930a786a614d29cafe99f645 avgmfx86.sys
AVG Technologies

1fb582b783650ad538560e0c279c3078 AWISp50.sys
AVG Technologies

22e3b793c3e61720f03d3a22351af410 avgtdix.sys
tH`=VS_VERSION_INFO?bStringFileInfoB|.CompanyNamePrintingCommunicationsAssoc.,Inc.(PCAUSA)p$FileDescriptionPCAUSANDIS.SPRProtocolDrivernFileVersion...bInternalNamePCASp.SYSDLegalCopyrightCopyright-PrintingCommunicationsAssoc.,Inc.(PCAUSA)@bOriginalFilenamePCASp.SYSXProductNamePCAUSARawetherforWindowsnProductVersion...DVarFileInfo$Translationt

61f8f3126d39a7eb2775fb1505469ee3 bdasup.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

f934d1b230f84e1d19dd00ac5a7a83ed bridge.sys
Microsoft Corporation

a4087da0990727dca1ff4ede4940d382 c6501.sys
AVG Technologies

1fb582b783650ad538560e0c279c3078 AWISp50.sys
tH`=VS_VERSION_INFO?bStringFileInfoB|.CompanyNamePrintingCommunicationsAssoc.,Inc.(PCAUSA)p$FileDescriptionPCAUSANDIS.SPRProtocolDrivernFileVersion...bInternalNamePCASp.SYSDLegalCopyrightCopyright-PrintingCommunicationsAssoc.,Inc.(PCAUSA)@bOriginalFilenamePCASp.SYSXProductNamePCAUSARawetherforWindowsnProductVersion...DVarFileInfo$Translationt

61f8f3126d39a7eb2775fb1505469ee3 bdasup.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

f934d1b230f84e1d19dd00ac5a7a83ed bridge.sys
Microsoft Corporation

a4087da0990727dca1ff4ede4940d382 c6501.sys
C-Media

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

fdc06e2ada8c468ebb161624e03976cf ccdecode.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

c885b02847f5d2fd45a24e219ed93b32 cdfs.sys
Microsoft Corporation

837eef65af62d4e8a37c41d3879f7274 cdr4_xp.sys
Sonic Solutions

579da2f9f5401f55dae2cf8779d61dfc cdralw2k.sys
Sonic Solutions

1f4260cc5b42272d71f79e570a27a4fe cdrom.sys
Microsoft Corporation

c9b25ae9b8abd983c5ad3f8cbfab0f9c cinemst2.sys
C-Media

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

fdc06e2ada8c468ebb161624e03976cf ccdecode.sys
Microsoft Corporation
Ravisent Technologies


fe47dd8fe6d7768ff94ebec6c74b2719 classpnp.sys
c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

c885b02847f5d2fd45a24e219ed93b32 cdfs.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp

Microsoft Corporation

d68ae021109a74e491b83f3f69fb92cd crusoe.sys
837eef65af62d4e8a37c41d3879f7274 cdr4_xp.sys
Sonic Solutions

579da2f9f5401f55dae2cf8779d61dfc cdralw2k.sys
Microsoft Corporation

e65e2353a5d74ea89971cb918eeeb2f6 diskdump.sys
Microsoft Corporation

Sonic Solutions
044452051f3e02e7963599fc8f4f3e25 disk.sys

1f4260cc5b42272d71f79e570a27a4fe cdrom.sys
Microsoft Corporation

f5deadd42335fb33edca74ecb2f36cba dmboot.sys
Microsoft Corporation

c9b25ae9b8abd983c5ad3f8cbfab0f9c cinemst2.sys
Ravisent Technologies

fe47dd8fe6d7768ff94ebec6c74b2719 classpnp.sys
Microsoft Corp

Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
5a7c47c9b3f9fb92a66410a7509f0c71 dmio.sys
Compaq Computer Corp

d68ae021109a74e491b83f3f69fb92cd crusoe.sys
Microsoft Corporation

e65e2353a5d74ea89971cb918eeeb2f6 diskdump.sys
Microsoft Corporation

044452051f3e02e7963599fc8f4f3e25 disk.sys
Microsoft Corporation

f5deadd42335fb33edca74ecb2f36cba dmboot.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45 DMusic.sys
Microsoft Corporation

8f5fcff8e8848afac920905fbd9d33c8 drmkaud.sys
Microsoft Corporation

6cb08593487f5701d2d2254e693eafce drmk.sys
Microsoft Corp

Microsoft Corporation

5a7c47c9b3f9fb92a66410a7509f0c71 dmio.sys
fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

ac7280566a7bb85cb3291f04ddc1198e dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation

Microsoft Corp

38d332a6d56af32635675f132548343e fastfat.sys
e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45 DMusic.sys
Microsoft Corporation

8f5fcff8e8848afac920905fbd9d33c8 drmkaud.sys
Microsoft Corporation

6cb08593487f5701d2d2254e693eafce drmk.sys
Microsoft Corporation

92cdd60b6730b9f50f6a1a0c1f8cdc81 fdc.sys
Microsoft Corporation

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

31f923eb2170fc172c81abda0045d18c fips.sys
Microsoft Corporation

ac7280566a7bb85cb3291f04ddc1198e dxg.sys
Microsoft Corporation

9d27e7b80bfcdf1cdd9b555862d5e7f0 flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0 fltMgr.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation

38d332a6d56af32635675f132548343e fastfat.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

Microsoft Corporation

92cdd60b6730b9f50f6a1a0c1f8cdc81 fdc.sys
b71a69bb9cc88803f455341bd3992e0c fsvga.sys
Microsoft Corporation

a86859b77b908c18c2657f284aa29fe3 ftdisk.sys
Microsoft Corporation

31f923eb2170fc172c81abda0045d18c fips.sys
Microsoft Corporation

9d27e7b80bfcdf1cdd9b555862d5e7f0 flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0 fltMgr.sys
Microsoft Corporation

573c7d0a32852b48f3058cfd8026f511 hdaudbus.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

b71a69bb9cc88803f455341bd3992e0c fsvga.sys
Microsoft Corporation

a86859b77b908c18c2657f284aa29fe3 ftdisk.sys
Windows Server DDK provider

1af592532532a402ed7c060f6954004f hidclass.sys
Microsoft Corporation

96eccf28fdbf1b2cc12725818a63628d hidparse.sys
Microsoft Corporation

ccf82c5ec8a7326c3066de870c06daf1 hidusb.sys
Microsoft Corporation

f6aacf5bce2893e0c1754afeb672e5c9 http.sys
Microsoft Corporation

573c7d0a32852b48f3058cfd8026f511 hdaudbus.sys
Windows Server DDK provider

1af592532532a402ed7c060f6954004f hidclass.sys
Microsoft Corporation

a09bdc4ed10e3b2e0ec27bb94af32516 i8042prt.sys
Microsoft Corporation

96eccf28fdbf1b2cc12725818a63628d hidparse.sys
Microsoft Corporation

ccf82c5ec8a7326c3066de870c06daf1 hidusb.sys
Microsoft Corporation

f6aacf5bce2893e0c1754afeb672e5c9 http.sys
Microsoft Corporation

Microsoft Corporation

a09bdc4ed10e3b2e0ec27bb94af32516 i8042prt.sys
083a052659f5310dd8b6a6cb05edcf8e imapi.sys
Microsoft Corporation

ad340800c35a42d4de1641a37feea34c intelppm.sys
Microsoft Corporation

3bb22519a194418d5fec05d800a19ad0 ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

b87ab476dcf76e72010632b5550955f5 ipinip.sys
Microsoft Corporation

cc748ea12c6effde940ee98098bf96bb ipnat.sys
Microsoft Corporation

Microsoft Corporation

23c74d75e36e7158768dd63d92789a91 ipsec.sys
083a052659f5310dd8b6a6cb05edcf8e imapi.sys
Microsoft Corporation

ad340800c35a42d4de1641a37feea34c intelppm.sys
Microsoft Corporation

Microsoft Corporation

c93c9ff7b04d772627a3646d89f7bf89 irenum.sys
3bb22519a194418d5fec05d800a19ad0 ip6fw.sys
Microsoft Corporation

355836975a67b6554bca60328cd6cb74 isapnp.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

16813155807c6881f4bfbf6657424659 kbdclass.sys
Microsoft Corporation

b87ab476dcf76e72010632b5550955f5 ipinip.sys
Microsoft Corporation

cc748ea12c6effde940ee98098bf96bb ipnat.sys
Microsoft Corporation

94c59cb884ba010c063687c3a50dce8e kbdhid.sys
Microsoft Corporation

692bcf44383d056aed41b045a323d378 kmixer.sys
Microsoft Corporation

23c74d75e36e7158768dd63d92789a91 ipsec.sys
Microsoft Corporation

c93c9ff7b04d772627a3646d89f7bf89 irenum.sys
Microsoft Corporation

355836975a67b6554bca60328cd6cb74 isapnp.sys
Microsoft Corporation

1705745d900dabf2d89f90ebaddc7517 ksecdd.sys
Microsoft Corporation

16813155807c6881f4bfbf6657424659 kbdclass.sys
Microsoft Corporation

94c59cb884ba010c063687c3a50dce8e kbdhid.sys
Microsoft Corporation

692bcf44383d056aed41b045a323d378 kmixer.sys
Microsoft Corporation

0753515f78df7f271a5e61c20bcd36a1 ks.sys
Microsoft Corporation

1705745d900dabf2d89f90ebaddc7517 ksecdd.sys
Microsoft Corporation

f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys

c7dd7d9739785bd3a6b8499eec1dee7e mbamswissarmy.sys
Microsoft Corporation

0753515f78df7f271a5e61c20bcd36a1 ks.sys
Malwarebytes Corporation

67b48a903430c6d4fb58cbaca1866601 mbam.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

a7da20ab18a1bdae28b0f349e57da0d1 mf.sys
Microsoft Corporation

f8a7212d0864ef5e9185fb95e6623f4d lirsgt.sys

c7dd7d9739785bd3a6b8499eec1dee7e mbamswissarmy.sys
Malwarebytes Corporation

67b48a903430c6d4fb58cbaca1866601 mbam.sys
Malwarebytes Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

a7da20ab18a1bdae28b0f349e57da0d1 mf.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

510ade9327fe84c10254e1902697e25f modem.sys
Microsoft Corporation

027c01bd7ef3349aaebc883d8a799efb mouclass.sys
Microsoft Corporation

124d6846040c79b9c997f78ef4b2a4e5 mouhid.sys
Microsoft Corporation

a80b9a0bad1b73637dbcbba7df72d3fd mountmgr.sys
Microsoft Corporation

83eff7b976ae24f1a496ca94a8a19919 mpe.sys
Microsoft Corporation

70c14f5cca5cf73f8a645c73a01d8726 mqac.sys
Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

510ade9327fe84c10254e1902697e25f modem.sys
Microsoft Corporation

027c01bd7ef3349aaebc883d8a799efb mouclass.sys
Microsoft Corporation

11d42bb6206f33fbb3ba0288d3ef81bd mrxdav.sys
Microsoft Corporation

124d6846040c79b9c997f78ef4b2a4e5 mouhid.sys
Microsoft Corporation

a80b9a0bad1b73637dbcbba7df72d3fd mountmgr.sys
Microsoft Corporation

83eff7b976ae24f1a496ca94a8a19919 mpe.sys
Microsoft Corporation

70c14f5cca5cf73f8a645c73a01d8726 mqac.sys
Microsoft Corporation

68755f0ff16070178b54674fe5b847b0 mrxsmb.sys
Microsoft Corporation

11d42bb6206f33fbb3ba0288d3ef81bd mrxdav.sys
Microsoft Corporation

68755f0ff16070178b54674fe5b847b0 mrxsmb.sys
Microsoft Corporation

8575d788395c4d6378d98d1ed7cdadb9 msdv.sys
Microsoft Corporation

c941ea2454ba8350021d774daf0f1027 msfs.sys
Microsoft Corporation

0a02c63c8b144bd8c86b103dee7c86a2 msgpc.sys
Microsoft Corporation

d1575e71568f4d9e14ca56b7b0453bf1 MSKSSRV.sys
Microsoft Corporation

325bb26842fc7ccc1fcce2c457317f3e MSPCLOCK.sys
Microsoft Corporation

bad59648ba099da4a17680b39730cb3d MSPQM.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136 mssmbios.sys
Microsoft Corporation

d5059366b361f0e1124753447af08aa2 mstee.sys
Microsoft Corporation

8575d788395c4d6378d98d1ed7cdadb9 msdv.sys
Microsoft Corporation

2f625d11385b1a94360bfc70aaefdee1 mup.sys
Microsoft Corporation

c941ea2454ba8350021d774daf0f1027 msfs.sys
Microsoft Corporation

0a02c63c8b144bd8c86b103dee7c86a2 msgpc.sys
Microsoft Corporation

d1575e71568f4d9e14ca56b7b0453bf1 MSKSSRV.sys
Microsoft Corporation

Microsoft Corporation
ac31b352ce5e92704056d409834beb74 nabtsfec.sys

325bb26842fc7ccc1fcce2c457317f3e MSPCLOCK.sys
Microsoft Corporation

bad59648ba099da4a17680b39730cb3d MSPQM.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136 mssmbios.sys
Microsoft Corporation
Microsoft Corporation


abd7629cf2796250f315c1dd0b6cf7a0 ndisip.sys
d5059366b361f0e1124753447af08aa2 mstee.sys
Microsoft Corporation

Microsoft Corporation

1df7f42665c94b825322fae71721130d ndis.sys
2f625d11385b1a94360bfc70aaefdee1 mup.sys
Microsoft Corporation

ac31b352ce5e92704056d409834beb74 nabtsfec.sys
Microsoft Corporation

abd7629cf2796250f315c1dd0b6cf7a0 ndisip.sys
Microsoft Corporation

1df7f42665c94b825322fae71721130d ndis.sys
Microsoft Corporation

1ab3d00c991ab086e69db84b6c0ed78f ndistapi.sys
Microsoft Corporation

f927a4434c5028758a842943ef1a3849 ndisuio.sys
Microsoft Corporation

edc1531a49c80614b2cfda43ca8659ab ndiswan.sys
Microsoft Corporation

1ab3d00c991ab086e69db84b6c0ed78f ndistapi.sys
Microsoft Corporation

f927a4434c5028758a842943ef1a3849 ndisuio.sys
Microsoft Corporation
Microsoft Corporation


6215023940cfd3702b46abc304e1d45a ndproxy.sys
edc1531a49c80614b2cfda43ca8659ab ndiswan.sys
Microsoft Corporation

5d81cf9a2f1a3a756b66cf684911cdf0 netbios.sys
Microsoft Corporation

74b2b2f5bea5e9a3dc021d685551bd3d netbt.sys
Microsoft Corporation

6215023940cfd3702b46abc304e1d45a ndproxy.sys
Microsoft Corporation

5d81cf9a2f1a3a756b66cf684911cdf0 netbios.sys
Microsoft Corporation

74b2b2f5bea5e9a3dc021d685551bd3d netbt.sys
Microsoft Corporation

e9e47cfb2d461fa0fc75b7a74c6383ea nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

1e421a6bcf2203cc61b821ada9de878b nmnt.sys
Microsoft Corporation

e9e47cfb2d461fa0fc75b7a74c6383ea nic1394.sys
Microsoft Corporation

3182d64ae053d6fb034f44b6def8034a npfs.sys
Microsoft Corporation

78a08dd6a8d65e697c18e1db01c5cdca ntfs.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

1e421a6bcf2203cc61b821ada9de878b nmnt.sys
Microsoft Corporation

3182d64ae053d6fb034f44b6def8034a npfs.sys
Microsoft Corporation

78a08dd6a8d65e697c18e1db01c5cdca ntfs.sys
Microsoft Corporation

73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation

0344aa9113dc16eec379f4652020849d nvata.sys
Microsoft Corporation

73c1e1f395918bc2c6dd67af7591a3ad null.sys
NVIDIA Corporation

Microsoft Corporation

0344aa9113dc16eec379f4652020849d nvata.sys
a545df28f75bcb109a3aadbb07552b12 NVENETFD.sys
NVIDIA Corporation

ea41f641420f3d8271804d287c1ef461 nvnetbus.sys
NVIDIA Corporation

ede21093ade3151f9b8ceecef0fd9b73 nvnrm.sys
NVIDIA Corporation

a545df28f75bcb109a3aadbb07552b12 NVENETFD.sys
NVIDIA Corporation

ea41f641420f3d8271804d287c1ef461 nvnetbus.sys
NVIDIA Corporation

NVIDIA Corporation

0e02aada1bf15a1fa7b8d204fa8a909b nvsnpu.sys
ede21093ade3151f9b8ceecef0fd9b73 nvnrm.sys
NVIDIA Corporation

0e02aada1bf15a1fa7b8d204fa8a909b nvsnpu.sys
NVIDIA Corporation

b5c82d4acbaa133c4500181fb529ac4c nvtcp.sys
NVIDIA Corporation

NVIDIA Corporation
b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys

b5c82d4acbaa133c4500181fb529ac4c nvtcp.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

8b8b1be2dba4025da6786c645f77f123 nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

8b8b1be2dba4025da6786c645f77f123 nwlnkipx.sys
Microsoft Corporation

36b9b950e3d2e100970a48d8bad86740 nwrdr.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

36b9b950e3d2e100970a48d8bad86740 nwrdr.sys
Microsoft Corporation

ca33832df41afb202ee7aeb05145922f ohci1394.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

acabd55c8e3479e3acf38ea1d08443a7 p1030cam.sys
Creative Technology

35785828ad89c8944180b6a3a96259b6 p1030vid.sys
Microsoft Corporation

ca33832df41afb202ee7aeb05145922f ohci1394.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

acabd55c8e3479e3acf38ea1d08443a7 p1030cam.sys
Creative Technology

35785828ad89c8944180b6a3a96259b6 p1030vid.sys
Creative Technology

cecb679633523ac5eb7eb85f92dcd806 p3.sys
Microsoft Corporation

8fd0bdbea875d06ccf6c945ca9abaf75 parport.sys
Microsoft Corporation

beb3ba25197665d82ec7065b724171c6 partmgr.sys
Microsoft Corporation

9575c5630db8fb804649a6959737154c parvdm.sys
Microsoft Corporation

f4bfde7209c14a07aaa61e4d6ae69eac pciide.sys
Microsoft Corporation

52e60f29221d0d1ac16737e8dbf7c3e9 pciidex.sys
Creative Technology

cecb679633523ac5eb7eb85f92dcd806 p3.sys
Microsoft Corporation

043410877bda580c528f45165f7125bc pci.sys
Microsoft Corporation

8fd0bdbea875d06ccf6c945ca9abaf75 parport.sys
Microsoft Corporation

beb3ba25197665d82ec7065b724171c6 partmgr.sys
Microsoft Corporation

9575c5630db8fb804649a6959737154c parvdm.sys
Microsoft Corporation

f4bfde7209c14a07aaa61e4d6ae69eac pciide.sys
Microsoft Corporation

52e60f29221d0d1ac16737e8dbf7c3e9 pciidex.sys
Microsoft Corporation

f0406cbc60bdb0394a0e17ffb04cdd3d pcmcia.sys
Microsoft Corporation

043410877bda580c528f45165f7125bc pci.sys
Microsoft Corporation

f0406cbc60bdb0394a0e17ffb04cdd3d pcmcia.sys
Microsoft Corporation

5b6c11de7e839c05248ced8825470fef pcouffin.sys
VSO Software

069b93a5e079f700bae7cac0242be5f6 PnkBstrK.sys

e82a496c3961efc6828b508c310ce98f portcls.sys
Microsoft Corporation

5b6c11de7e839c05248ced8825470fef pcouffin.sys
Microsoft Corporation

VSO Software

e19c9632ac828f6f214391e2bdda11cb processr.sys
069b93a5e079f700bae7cac0242be5f6 PnkBstrK.sys
Microsoft Corporation

09298ec810b07e5d582cb3a3f9255424 psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

153d02480a0a2f45785522e814c634b6 PxHelp20.sys
Sonic Solutions

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys

e82a496c3961efc6828b508c310ce98f portcls.sys
Microsoft Corporation

11b4a627bc9614b885c4969bfa5ff8a6 rasl2tp.sys
Microsoft Corporation

5bc962f2654137c9909c3d4603587dee raspppoe.sys
Microsoft Corporation

efeec01b1d3cf84f16ddd24d9d9d8f99 raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

e19c9632ac828f6f214391e2bdda11cb processr.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

09298ec810b07e5d582cb3a3f9255424 psched.sys
Microsoft Corporation

7ad224ad1a1437fe28d89cf22b17780a rdbss.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

153d02480a0a2f45785522e814c634b6 PxHelp20.sys
Sonic Solutions

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation

11b4a627bc9614b885c4969bfa5ff8a6 rasl2tp.sys
Microsoft Corporation

5bc962f2654137c9909c3d4603587dee raspppoe.sys
Microsoft Corporation

efeec01b1d3cf84f16ddd24d9d9d8f99 raspptp.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1 rdpdr.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

7ad224ad1a1437fe28d89cf22b17780a rdbss.sys
Microsoft Corporation

6728e45b66f93c08f11de2e316fc70dd rdpwd.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1 rdpdr.sys
Microsoft Corporation

d8eb2a7904db6c916eb5361878ddcbae redbook.sys
Microsoft Corporation

6728e45b66f93c08f11de2e316fc70dd rdpwd.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

ecff394d65671efde5a872eb9ef4f2d5 RMCast.sys
Microsoft Corporation

d8eb2a7904db6c916eb5361878ddcbae redbook.sys
Microsoft Corporation

601844cbcf617ff8c868130ca5b2039d rndismp.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

42bac9c14d310190d3b7decab9bbcd11 RsFx0100.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

ecff394d65671efde5a872eb9ef4f2d5 RMCast.sys
Microsoft Corporation

601844cbcf617ff8c868130ca5b2039d rndismp.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

42bac9c14d310190d3b7decab9bbcd11 RsFx0100.sys
Microsoft Corporation

6c5393956fc1dc0c7ef94684d02fbf03 RsFx0101.sys
Microsoft Corporation

6c5393956fc1dc0c7ef94684d02fbf03 RsFx0101.sys
Microsoft Corporation

baaae86bb4ddc7f71b0c6769bb488c5c RsFx0102.sys
Microsoft Corporation

baaae86bb4ddc7f71b0c6769bb488c5c RsFx0102.sys
Microsoft Corporation

fd692c6ffade58f7c4c3c3c9a0ec35bd RsFx0103.sys
Microsoft Corporation

fd692c6ffade58f7c4c3c3c9a0ec35bd RsFx0103.sys
Microsoft Corporation

c2a6f7f35e617744a65dbfb0c0a64adc rt2870.sys
Microsoft Corporation

c2a6f7f35e617744a65dbfb0c0a64adc rt2870.sys
Ralink Technology

250852a7530ec28a8139e0a3089e10c4 saavideo.sys

4019149e4e296072831c8855605d9fdc SBREDrv.sys
Ralink Technology

250852a7530ec28a8139e0a3089e10c4 saavideo.sys

4019149e4e296072831c8855605d9fdc SBREDrv.sys
m?nStringFileInfoeBCompanyNameSunbeltSoftwarePFileDescriptionAnti-RootkitEnginetFileVersion..tInternalNameSBRE.sys=LegalCopyrightCopyright-SunbeltSoftware.Allrightsreserved.LegalTrademarksSUNBELTSOFTWAREandthe"S"logoareregisteredtrademarksofSunbeltSoftware.CounterSpySDKisatrademarkofSunbeltSoftware.:tOriginalFilenameSBRE.sysvProductNameCounterSpytProductVersion..VProductBuildDate//::AMDVarFileInfo$TranslationtPADDINGXXPAD

20b2751cd4c8f3fd989739ca661b9f30 scdemu.sys
tHVS_VERSION_INFOaa?StringFileInfobHCommentshttp://www.poweriso.comRCompanyNamePowerISOComputing,Inc.VFileDescriptionPowerISOVirtualDrivevFileVersion,,,.aInternalNameSCDEMUTLegalCopyrightCopyright©-(LegalTrademarks>vOriginalFilenamescdemu.sysPrivateBuild.aProductNamescdemu:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt

d3fa9fb502ad62001101f495bbbac42e ScreamingBAudio.sys
tH`LLVS_VERSION_INFO?btStringFileInfobDCompanyNameScreamingBeeLLC^FileDescriptionScreamingBeeAudioDriverbFileVersion...HInternalNamescreamingbaudio.sysx*LegalCopyrightCopyright©-ScreamingBeeLLCPOriginalFilenamescreamingbaudio.sysVProductNameScreamingBeeAudioDriverbProductVersion...DVarFileInfo$Translationt*

m?nStringFileInfoeBCompanyNameSunbeltSoftwarePFileDescriptionAnti-RootkitEnginetFileVersion..tInternalNameSBRE.sys=LegalCopyrightCopyright-SunbeltSoftware.Allrightsreserved.LegalTrademarksSUNBELTSOFTWAREandthe"S"logoareregisteredtrademarksofSunbeltSoftware.CounterSpySDKisatrademarkofSunbeltSoftware.:tOriginalFilenameSBRE.sysvProductNameCounterSpytProductVersion..VProductBuildDate//::AMDVarFileInfo$TranslationtPADDINGXXPAD

76c465f570e90c28942d52ccb2580a10 scsiport.sys
20b2751cd4c8f3fd989739ca661b9f30 scdemu.sys
tHVS_VERSION_INFOaa?StringFileInfobHCommentshttp://www.poweriso.comRCompanyNamePowerISOComputing,Inc.VFileDescriptionPowerISOVirtualDrivevFileVersion,,,.aInternalNameSCDEMUTLegalCopyrightCopyright©-(LegalTrademarks>vOriginalFilenamescdemu.sysPrivateBuild.aProductNamescdemu:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt

d3fa9fb502ad62001101f495bbbac42e ScreamingBAudio.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys
tH`LLVS_VERSION_INFO?btStringFileInfobDCompanyNameScreamingBeeLLC^FileDescriptionScreamingBeeAudioDriverbFileVersion...HInternalNamescreamingbaudio.sysx*LegalCopyrightCopyright©-ScreamingBeeLLCPOriginalFilenamescreamingbaudio.sysVProductNameScreamingBeeAudioDriverbProductVersion...DVarFileInfo$Translationt*

76c465f570e90c28942d52ccb2580a10 scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

0f29512ccd6bead730039fb4bd2c85ce serenum.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys
Microsoft Corporation

93d313c31f7ad9ea2b75f26075413c7c serial.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

0f29512ccd6bead730039fb4bd2c85ce serenum.sys
Microsoft Corporation

93d313c31f7ad9ea2b75f26075413c7c serial.sys
Microsoft Corporation

0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys
Microsoft Corporation

d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac sffp_sd.sys
Microsoft Corporation

8e6b8c671615d126fdc553d1e2de5562 sfloppy.sys
Microsoft Corporation

1ffc44d6787ec1ea9a2b1440a90fa5c1 slip.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys
Microsoft Corporation

Microsoft Corporation

d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys
e92be8a451c56b5506f0f3eba2a3628e snapman.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac sffp_sd.sys
Microsoft Corporation

8e6b8c671615d126fdc553d1e2de5562 sfloppy.sys
Microsoft Corporation

1ffc44d6787ec1ea9a2b1440a90fa5c1 slip.sys
Microsoft Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

e92be8a451c56b5506f0f3eba2a3628e snapman.sys
Acronis

489703624dac94ed943c2abda022a1cd sonydcam.sys
Microsoft Corporation

ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys
Microsoft Corporation

71e276f6d189413266ea22171806597b sptd.sys
Acronis

489703624dac94ed943c2abda022a1cd sonydcam.sys
Microsoft Corporation

ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys
Microsoft Corporation

71e276f6d189413266ea22171806597b sptd.sys
Duplex Secure

Duplex Secure

39626e6dc1fb39434ec40c42722b660a sr.sys
39626e6dc1fb39434ec40c42722b660a sr.sys
Microsoft Corporation

5252605079810904e31c332e241cd59b srv.sys
Microsoft Corporation

5252605079810904e31c332e241cd59b srv.sys
Microsoft Corporation

a9f9fd0212e572b84edb9eb661f6bc04 streamip.sys
Microsoft Corporation

08116e1cfc74302f97ce523a8f5d6064 stream.sys
Microsoft Corporation

Microsoft Corporation

a9f9fd0212e572b84edb9eb661f6bc04 streamip.sys
3941d127aef12e93addf6fe6ee027e0f swenum.sys
Microsoft Corporation

08116e1cfc74302f97ce523a8f5d6064 stream.sys
Microsoft Corporation

8ce882bcc6cf8a62f2b2323d95cb3d01 swmidi.sys
Microsoft Corporation

3941d127aef12e93addf6fe6ee027e0f swenum.sys
Microsoft Corporation

8ce882bcc6cf8a62f2b2323d95cb3d01 swmidi.sys
Microsoft Corporation

8b83f3ed0f1688b4958f77cd6d2bf290 sysaudio.sys
Microsoft Corporation

8b83f3ed0f1688b4958f77cd6d2bf290 sysaudio.sys
Microsoft Corporation

Microsoft Corporation

fd6093e3decd925f1cffc8a0dd539d72 tape.sys
fd6093e3decd925f1cffc8a0dd539d72 tape.sys
Microsoft Corporation

Microsoft Corporation

aa7a55536096d646dc7ab0ac5641e9e8 tcpip6.sys
aa7a55536096d646dc7ab0ac5641e9e8 tcpip6.sys
Microsoft Corporation

93ea8d04ec73a85db02eb8805988f733 tcpip.sys
Microsoft Corporation

93ea8d04ec73a85db02eb8805988f733 tcpip.sys
Microsoft Corporation

0539d5e53587f82d1b4fd74c5be205cf tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397 tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation

8f861eda21c05857eb8197300a92501c tunmp.sys
Microsoft Corporation

5787b80c2e3c5e2f56c2a233d91fa2c9 udfs.sys
Microsoft Corporation

402ddc88356b1bac0ee3dd1580c76a31 update.sys
Microsoft Corporation

0539d5e53587f82d1b4fd74c5be205cf tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397 tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

bee793d4a059caea55d6ac20e19b3a8f usb8023.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Microsoft Corporation

e919708db44ed8543a7c017953148330 USBAUDIO.sys
Toshiba Corporation

8f861eda21c05857eb8197300a92501c tunmp.sys
Microsoft Corporation

5787b80c2e3c5e2f56c2a233d91fa2c9 udfs.sys
Microsoft Corporation

Microsoft Corporation
ce97845d2e3f0d274b8bac1ed07c6149 usbcamd2.sys

402ddc88356b1bac0ee3dd1580c76a31 update.sys
Microsoft Corporation

1c1a47b40c23358245aa8d0443b6935e usbcamd.sys
Microsoft Corporation

173f317ce0db8e21322e71b7e60a27e8 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

65dcf09d0e37d4c6b11b5b0b76d470a7 usbehci.sys
Microsoft Corporation

cfad896f667d497873a1b28d50847d41 usbethmp.sys
Microsoft Corporation
ttLHHVS_VERSION_INFO?StringFileInfoBJCompanyNameIntellonCorporationhFileDescriptionUSBPowerPacketNetworkAdapterbFileVersion...tInternalNameusbethmp|,LegalCopyrightCopyright-,IntellonCorporationBrOriginalFilenameusnethmp.sys`ProductNameUSBPowerPacketNetworkAdapterbProductVersion...DVarFileInfo$Translationta`


bee793d4a059caea55d6ac20e19b3a8f usb8023.sys
1ab3cdde553b6e064d2e754efe20285c usbhub.sys
Microsoft Corporation

e919708db44ed8543a7c017953148330 USBAUDIO.sys
Microsoft Corporation

290913dc4f1125e5a82de52579a44c43 usbintel.sys
Microsoft Corporation

0daecce65366ea32b162f85f07c6753b usbohci.sys
Microsoft Corporation

791912e524cc2cc6f50b5f2b52d1eb71 usbport.sys
Microsoft Corporation

ce97845d2e3f0d274b8bac1ed07c6149 usbcamd2.sys
Microsoft Corporation

Microsoft Corporation

1c1a47b40c23358245aa8d0443b6935e usbcamd.sys
a717c8721046828520c9edf31288fc00 usbprint.sys
Microsoft Corporation

173f317ce0db8e21322e71b7e60a27e8 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

65dcf09d0e37d4c6b11b5b0b76d470a7 usbehci.sys
Microsoft Corporation
Microsoft Corporation


a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys
cfad896f667d497873a1b28d50847d41 usbethmp.sys
ttLHHVS_VERSION_INFO?StringFileInfoBJCompanyNameIntellonCorporationhFileDescriptionUSBPowerPacketNetworkAdapterbFileVersion...tInternalNameusbethmp|,LegalCopyrightCopyright-,IntellonCorporationBrOriginalFilenameusnethmp.sys`ProductNameUSBPowerPacketNetworkAdapterbProductVersion...DVarFileInfo$Translationta`

1ab3cdde553b6e064d2e754efe20285c usbhub.sys
Microsoft Corporation

Microsoft Corporation

a32426d9b14a089eaa1d922e0c5801a9 USBSTOR.SYS
Microsoft Corporation

63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys
290913dc4f1125e5a82de52579a44c43 usbintel.sys
Microsoft Corporation

0daecce65366ea32b162f85f07c6753b usbohci.sys
Microsoft Corporation

Microsoft Corporation

791912e524cc2cc6f50b5f2b52d1eb71 usbport.sys
55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

0d3a8fafceacd8b7625cd549757a7df1 vga.sys
Microsoft Corporation

e28726b72c46821a28830e077d39a55b videoprt.sys
Microsoft Corporation

Microsoft Corporation

a717c8721046828520c9edf31288fc00 usbprint.sys
d9393b767a3bdee076c123d03f2e233b vidstub.sys
Microsoft Corporation

a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys
Microsoft Corporation

a32426d9b14a089eaa1d922e0c5801a9 USBSTOR.SYS
Microsoft Corporation

63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys

46de1126684369bace4849e4fc8c43ca volsnap.sys
Microsoft Corporation

55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

0d3a8fafceacd8b7625cd549757a7df1 vga.sys
Microsoft Corporation

e28726b72c46821a28830e077d39a55b videoprt.sys
Microsoft Corporation

e20b95baedb550f32dd489265c1da1f6 wanarp.sys
Microsoft Corporation

d9393b767a3bdee076c123d03f2e233b vidstub.sys
Microsoft Corporation

6768acf64b18196494413695f0c3a00f wdmaud.sys
Microsoft Corporation

1abfd1399436e81c9d857f5fc76eaf98 WmBEnum.sys
Logitech

b3cfcbcc91ff61ef82fc693b8b57e7f0 WmFilter.sys

Logitech

46de1126684369bace4849e4fc8c43ca volsnap.sys
2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation

a40d2dd0f019423ef6c363f1295eb38d WmVirHid.sys
Logitech

2bf505424f469155cd90d7b3301d7adc WmXlCore.sys
Logitech

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

Microsoft Corporation

e20b95baedb550f32dd489265c1da1f6 wanarp.sys
6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

6768acf64b18196494413695f0c3a00f wdmaud.sys
Microsoft Corporation

233cdd1c06942115802eb7ce6669e099 wstcodec.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

1abfd1399436e81c9d857f5fc76eaf98 WmBEnum.sys
Logitech

b3cfcbcc91ff61ef82fc693b8b57e7f0 WmFilter.sys
Logitech

Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys
28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation

a40d2dd0f019423ef6c363f1295eb38d WmVirHid.sys
Logitech

2bf505424f469155cd90d7b3301d7adc WmXlCore.sys
Logitech

Microsoft Corporation

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

233cdd1c06942115802eb7ce6669e099 wstcodec.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation

\rio8drv.sys
0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys has NO Company Name!
ecff394d65671efde5a872eb9ef4f2d5 RMCast.sys has NO Company Name!
d8eb2a7904db6c916eb5361878ddcbae redbook.sys has NO Company Name!
601844cbcf617ff8c868130ca5b2039d rndismp.sys has NO Company Name!
d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys has NO Company Name!
42bac9c14d310190d3b7decab9bbcd11 RsFx0100.sys has NO Company Name!
a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys has NO Company Name!
0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys has NO Company Name!
ecff394d65671efde5a872eb9ef4f2d5 RMCast.sys has NO Company Name!
601844cbcf617ff8c868130ca5b2039d rndismp.sys has NO Company Name!
d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys has NO Company Name!
42bac9c14d310190d3b7decab9bbcd11 RsFx0100.sys has NO Company Name!
6c5393956fc1dc0c7ef94684d02fbf03 RsFx0101.sys has NO Company Name!
6c5393956fc1dc0c7ef94684d02fbf03 RsFx0101.sys has NO Company Name!
baaae86bb4ddc7f71b0c6769bb488c5c RsFx0102.sys has NO Company Name!
baaae86bb4ddc7f71b0c6769bb488c5c RsFx0102.sys has NO Company Name!
fd692c6ffade58f7c4c3c3c9a0ec35bd RsFx0103.sys has NO Company Name!
fd692c6ffade58f7c4c3c3c9a0ec35bd RsFx0103.sys has NO Company Name!
c2a6f7f35e617744a65dbfb0c0a64adc rt2870.sys has NO Company Name!
c2a6f7f35e617744a65dbfb0c0a64adc rt2870.sys has NO Company Name!
250852a7530ec28a8139e0a3089e10c4 saavideo.sys has NO Company Name!
4019149e4e296072831c8855605d9fdc SBREDrv.sys has NO Company Name!
250852a7530ec28a8139e0a3089e10c4 saavideo.sys has NO Company Name!
4019149e4e296072831c8855605d9fdc SBREDrv.sys has NO Company Name!
20b2751cd4c8f3fd989739ca661b9f30 scdemu.sys has NO Company Name!
d3fa9fb502ad62001101f495bbbac42e ScreamingBAudio.sys has NO Company Name!
76c465f570e90c28942d52ccb2580a10 scsiport.sys has NO Company Name!
20b2751cd4c8f3fd989739ca661b9f30 scdemu.sys has NO Company Name!
d3fa9fb502ad62001101f495bbbac42e ScreamingBAudio.sys has NO Company Name!
8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys has NO Company Name!
76c465f570e90c28942d52ccb2580a10 scsiport.sys has NO Company Name!
90a3935d05b494a5a39d37e71f09a677 secdrv.sys has NO Company Name!
0f29512ccd6bead730039fb4bd2c85ce serenum.sys has NO Company Name!
8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys has NO Company Name!
93d313c31f7ad9ea2b75f26075413c7c serial.sys has NO Company Name!
90a3935d05b494a5a39d37e71f09a677 secdrv.sys has NO Company Name!
0f29512ccd6bead730039fb4bd2c85ce serenum.sys has NO Company Name!
93d313c31f7ad9ea2b75f26075413c7c serial.sys has NO Company Name!
0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys has NO Company Name!
d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys has NO Company Name!
c17c331e435ed8737525c86a7557b3ac sffp_sd.sys has NO Company Name!
8e6b8c671615d126fdc553d1e2de5562 sfloppy.sys has NO Company Name!
1ffc44d6787ec1ea9a2b1440a90fa5c1 slip.sys has NO Company Name!
017daecf0ed3aa731313433601ec40fa smclib.sys has NO Company Name!
0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys has NO Company Name!
d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys has NO Company Name!
e92be8a451c56b5506f0f3eba2a3628e snapman.sys has NO Company Name!
c17c331e435ed8737525c86a7557b3ac sffp_sd.sys has NO Company Name!
8e6b8c671615d126fdc553d1e2de5562 sfloppy.sys has NO Company Name!
1ffc44d6787ec1ea9a2b1440a90fa5c1 slip.sys has NO Company Name!
017daecf0ed3aa731313433601ec40fa smclib.sys has NO Company Name!
e92be8a451c56b5506f0f3eba2a3628e snapman.sys has NO Company Name!
489703624dac94ed943c2abda022a1cd sonydcam.sys has NO Company Name!
ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys has NO Company Name!
71e276f6d189413266ea22171806597b sptd.sys has NO Company Name!
489703624dac94ed943c2abda022a1cd sonydcam.sys has NO Company Name!
ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys has NO Company Name!
71e276f6d189413266ea22171806597b sptd.sys has NO Company Name!
39626e6dc1fb39434ec40c42722b660a sr.sys has NO Company Name!
39626e6dc1fb39434ec40c42722b660a sr.sys has NO Company Name!
5252605079810904e31c332e241cd59b srv.sys has NO Company Name!
5252605079810904e31c332e241cd59b srv.sys has NO Company Name!
a9f9fd0212e572b84edb9eb661f6bc04 streamip.sys has NO Company Name!
08116e1cfc74302f97ce523a8f5d6064 stream.sys has NO Company Name!
a9f9fd0212e572b84edb9eb661f6bc04 streamip.sys has NO Company Name!
3941d127aef12e93addf6fe6ee027e0f swenum.sys has NO Company Name!
08116e1cfc74302f97ce523a8f5d6064 stream.sys has NO Company Name!
8ce882bcc6cf8a62f2b2323d95cb3d01 swmidi.sys has NO Company Name!
3941d127aef12e93addf6fe6ee027e0f swenum.sys has NO Company Name!
8ce882bcc6cf8a62f2b2323d95cb3d01 swmidi.sys has NO Company Name!
8b83f3ed0f1688b4958f77cd6d2bf290 sysaudio.sys has NO Company Name!
8b83f3ed0f1688b4958f77cd6d2bf290 sysaudio.sys has NO Company Name!
fd6093e3decd925f1cffc8a0dd539d72 tape.sys has NO Company Name!
fd6093e3decd925f1cffc8a0dd539d72 tape.sys has NO Company Name!
aa7a55536096d646dc7ab0ac5641e9e8 tcpip6.sys has NO Company Name!
aa7a55536096d646dc7ab0ac5641e9e8 tcpip6.sys has NO Company Name!
93ea8d04ec73a85db02eb8805988f733 tcpip.sys has NO Company Name!
93ea8d04ec73a85db02eb8805988f733 tcpip.sys has NO Company Name!
0539d5e53587f82d1b4fd74c5be205cf tdi.sys has NO Company Name!
6471a66807f5e104e4885f5b67349397 tdpipe.sys has NO Company Name!
c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys has NO Company Name!
88155247177638048422893737429d9e termdd.sys has NO Company Name!
699450901c5ccfd82357cbc531cedd23 tosdvd.sys has NO Company Name!
d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys has NO Company Name!
8f861eda21c05857eb8197300a92501c tunmp.sys has NO Company Name!
5787b80c2e3c5e2f56c2a233d91fa2c9 udfs.sys has NO Company Name!
402ddc88356b1bac0ee3dd1580c76a31 update.sys has NO Company Name!
0539d5e53587f82d1b4fd74c5be205cf tdi.sys has NO Company Name!
6471a66807f5e104e4885f5b67349397 tdpipe.sys has NO Company Name!
c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys has NO Company Name!
88155247177638048422893737429d9e termdd.sys has NO Company Name!
699450901c5ccfd82357cbc531cedd23 tosdvd.sys has NO Company Name!
bee793d4a059caea55d6ac20e19b3a8f usb8023.sys has NO Company Name!
d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys has NO Company Name!
e919708db44ed8543a7c017953148330 USBAUDIO.sys has NO Company Name!
8f861eda21c05857eb8197300a92501c tunmp.sys has NO Company Name!
5787b80c2e3c5e2f56c2a233d91fa2c9 udfs.sys has NO Company Name!
ce97845d2e3f0d274b8bac1ed07c6149 usbcamd2.sys has NO Company Name!
402ddc88356b1bac0ee3dd1580c76a31 update.sys has NO Company Name!
1c1a47b40c23358245aa8d0443b6935e usbcamd.sys has NO Company Name!
173f317ce0db8e21322e71b7e60a27e8 usbccgp.sys has NO Company Name!
596eb39b50d6ebd9b734dc4ae0544693 usbd.sys has NO Company Name!
65dcf09d0e37d4c6b11b5b0b76d470a7 usbehci.sys has NO Company Name!
cfad896f667d497873a1b28d50847d41 usbethmp.sys has NO Company Name!
bee793d4a059caea55d6ac20e19b3a8f usb8023.sys has NO Company Name!
1ab3cdde553b6e064d2e754efe20285c usbhub.sys has NO Company Name!
e919708db44ed8543a7c017953148330 USBAUDIO.sys has NO Company Name!
290913dc4f1125e5a82de52579a44c43 usbintel.sys has NO Company Name!
0daecce65366ea32b162f85f07c6753b usbohci.sys has NO Company Name!
791912e524cc2cc6f50b5f2b52d1eb71 usbport.sys has NO Company Name!
ce97845d2e3f0d274b8bac1ed07c6149 usbcamd2.sys has NO Company Name!
1c1a47b40c23358245aa8d0443b6935e usbcamd.sys has NO Company Name!
a717c8721046828520c9edf31288fc00 usbprint.sys has NO Company Name!
173f317ce0db8e21322e71b7e60a27e8 usbccgp.sys has NO Company Name!
596eb39b50d6ebd9b734dc4ae0544693 usbd.sys has NO Company Name!
65dcf09d0e37d4c6b11b5b0b76d470a7 usbehci.sys has NO Company Name!
a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys has NO Company Name!
cfad896f667d497873a1b28d50847d41 usbethmp.sys has NO Company Name!
1ab3cdde553b6e064d2e754efe20285c usbhub.sys has NO Company Name!
63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys has NO Company Name!
290913dc4f1125e5a82de52579a44c43 usbintel.sys has NO Company Name!
0daecce65366ea32b162f85f07c6753b usbohci.sys has NO Company Name!
791912e524cc2cc6f50b5f2b52d1eb71 usbport.sys has NO Company Name!
55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys has NO Company Name!
0d3a8fafceacd8b7625cd549757a7df1 vga.sys has NO Company Name!
e28726b72c46821a28830e077d39a55b videoprt.sys has NO Company Name!
a717c8721046828520c9edf31288fc00 usbprint.sys has NO Company Name!
d9393b767a3bdee076c123d03f2e233b vidstub.sys has NO Company Name!
a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys has NO Company Name!
63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys has NO Company Name!
46de1126684369bace4849e4fc8c43ca volsnap.sys has NO Company Name!
55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys has NO Company Name!
0d3a8fafceacd8b7625cd549757a7df1 vga.sys has NO Company Name!
e28726b72c46821a28830e077d39a55b videoprt.sys has NO Company Name!
e20b95baedb550f32dd489265c1da1f6 wanarp.sys has NO Company Name!
d9393b767a3bdee076c123d03f2e233b vidstub.sys has NO Company Name!
6768acf64b18196494413695f0c3a00f wdmaud.sys has NO Company Name!
1abfd1399436e81c9d857f5fc76eaf98 WmBEnum.sys has NO Company Name!
b3cfcbcc91ff61ef82fc693b8b57e7f0 WmFilter.sys has NO Company Name!
46de1126684369bace4849e4fc8c43ca volsnap.sys has NO Company Name!
2f31b7f954bed437f2c75026c65caf7b wmilib.sys has NO Company Name!
a40d2dd0f019423ef6c363f1295eb38d WmVirHid.sys has NO Company Name!
2bf505424f469155cd90d7b3301d7adc WmXlCore.sys has NO Company Name!
cf4def1bf66f06964dc0d91844239104 wpdusb.sys has NO Company Name!
e20b95baedb550f32dd489265c1da1f6 wanarp.sys has NO Company Name!
6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys has NO Company Name!
6768acf64b18196494413695f0c3a00f wdmaud.sys has NO Company Name!
233cdd1c06942115802eb7ce6669e099 wstcodec.sys has NO Company Name!
f15feafffbb3644ccc80c5da584e6311 WudfPf.sys has NO Company Name!
1abfd1399436e81c9d857f5fc76eaf98 WmBEnum.sys has NO Company Name!
b3cfcbcc91ff61ef82fc693b8b57e7f0 WmFilter.sys has NO Company Name!
2f31b7f954bed437f2c75026c65caf7b wmilib.sys has NO Company Name!
28b524262bce6de1f7ef9f510ba3985b WudfRd.sys has NO Company Name!
a40d2dd0f019423ef6c363f1295eb38d WmVirHid.sys has NO Company Name!
2bf505424f469155cd90d7b3301d7adc WmXlCore.sys has NO Company Name!
cf4def1bf66f06964dc0d91844239104 wpdusb.sys has NO Company Name!
6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys has NO Company Name!
233cdd1c06942115802eb7ce6669e099 wstcodec.sys has NO Company Name!
f15feafffbb3644ccc80c5da584e6311 WudfPf.sys has NO Company Name!
28b524262bce6de1f7ef9f510ba3985b WudfRd.sys has NO Company Name!






filefind.txt:

Search results for winlogon.exe

dd73d6b9f6b4cb630cf35b438b540174 /mnt/sda1/WINDOWS/ERDNT/cache/winlogon.exe
500.0K Apr 13 2008

dd73d6b9f6b4cb630cf35b438b540174 /mnt/sda1/WINDOWS/system32/dllcache/winlogon.exe
500.0K Apr 13 2008

dd73d6b9f6b4cb630cf35b438b540174 /mnt/sda1/WINDOWS/system32/winlogon.exe
500.0K Apr 13 2008


Search results for explorer.exe

f2317622d29f9ff0f88aeecd5f60f0dd /mnt/sda1/WINDOWS/ERDNT/cache/explorer.exe
1013.5K Apr 13 2008

f2317622d29f9ff0f88aeecd5f60f0dd /mnt/sda1/WINDOWS/explorer.exe
1013.5K Apr 13 2008

f2317622d29f9ff0f88aeecd5f60f0dd /mnt/sda1/WINDOWS/system32/dllcache/explorer.exe
1013.5K Apr 13 2008


Search results for userinit.exe

e74ddb12188c2ff57a78624dbf7332fc /mnt/sda1/WINDOWS/ERDNT/cache/userinit.exe
26.0K Apr 13 2008

e74ddb12188c2ff57a78624dbf7332fc /mnt/sda1/WINDOWS/system32/dllcache/userinit.exe
26.0K Apr 13 2008

e74ddb12188c2ff57a78624dbf7332fc /mnt/sda1/WINDOWS/system32/userinit.exe
26.0K Apr 13 2008





regreport.txt :

Remote Registry Report

Hive </mnt/sda1/WINDOWS/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> Value <CSDVersion> of type REG_SZ, data length 30 [0x1e]
Service Pack 3
\Microsoft\Windows NT\CurrentVersion> Value <SystemRoot> of type REG_SZ, data length 22 [0x16]
C:\WINDOWS
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 13 subkeys and 0 values
<!SASWinLogon>
<AtiExtEvent>
<avgrsstarter>
<crypt32chain>
<cryptnet>
<cscdll>
<dimsntfy>
<ScCertProp>
<Schedule>
<sclgntfy>
<SensLogn>
<termsrv>
<wlballoon>
\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 4 values
size type value name [value if type DWORD]
150 REG_SZ <StartCCC>
102 REG_SZ <{0228e555-4f9c-4e35-a3ec-b109a192b4c2}>
60 REG_SZ <C6501Sound>
96 REG_SZ <Samsung PanelMgr>
(...)\Windows\CurrentVersion\policies\system> Node has 0 subkeys and 6 values
4 REG_DWORD <dontdisplaylastusername> 0 [0x0]
4 REG_DWORD <legalnoticecaption> 1 [0x1]
8 REG_SZ <legalnoticetext>
4 REG_DWORD <shutdownwithoutlogon> 1 [0x1]
4 REG_DWORD <undockwithoutlogon> 1 [0x1]
4 REG_DWORD <DisableRegistryTools> 0 [0x0]


Hive </mnt/sda1/WINDOWS/ERDNT/Hiv-backup/Users/00000001/NTUSER.DAT>
> Node has 9 subkeys and 0 values
<AppEvents>
<Console>
<Control Panel>
<Environment>
<Identities>
<Keyboard Layout>
<Printers>
<Software>
<UNICODE Program Groups>


Hive </mnt/sda1/WINDOWS/ERDNT/Hiv-backup/Users/00000003/NTUSER.DAT>
> Node has 9 subkeys and 0 values
<AppEvents>
<Console>
<Control Panel>
<Environment>
<Identities>
<Keyboard Layout>
<Printers>
<Software>
<UNICODE Program Groups>


Hive </mnt/sda1/WINDOWS/ERDNT/Hiv-backup/Users/00000005/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 4 values
size type value name [value if type DWORD]
132 REG_SZ <msnmsgr>
62 REG_SZ <ctfmon.exe>
82 REG_SZ <uTorrent>
92 REG_SZ <Ivajolozike>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 2 values
4 REG_DWORD <NoDriveTypeAutoRun> 323 [0x143]
4 REG_DWORD <NoDriveAutoRun> 67108863 [0x3ffffff]
(...)\Windows\CurrentVersion\Policies\System> Node has 0 subkeys and 1 values
4 REG_DWORD <DisableRegistryTools> 0 [0x0]
\Software\Policies\Microsoft\Windows\System> Node has 0 subkeys and 1 values
4 REG_DWORD <DisableCMD> 0 [0x0]


Hive </mnt/sda1/Documents and Settings/Administrateur/NTUSER.DAT>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 5 values
size type value name [value if type DWORD]
132 REG_SZ <msnmsgr>
82 REG_SZ <uTorrent>
124 REG_SZ <Skype>
62 REG_SZ <ctfmon.exe>
86 REG_SZ <OUU6KC5WPX>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 1 subkeys and 3 values
<Run>
4 REG_DWORD <NoDriveTypeAutoRun> 323 [0x143]
4 REG_DWORD <NoDriveAutoRun> 67108863 [0x3ffffff]
4 REG_DWORD <NoDrives> 0 [0x0]
(...)\Windows\CurrentVersion\Policies\System> Node has 0 subkeys and 0 values
\Software\Policies\Microsoft\Windows\System> Node has 0 subkeys and 0 values



thanks for your time !

Attached Files

  • Attached File  mbr.zip   561bytes   3 downloads


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 01 April 2011 - 01:10 PM

The Master Boot Record is infected.

  • Download NTBR_CD by noahdfear.
  • Extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 01 April 2011 - 03:20 PM

Hello, i followed your instructions and now the infected computer is booting. I am writing you on the infected machine right now.

So i downloaded combofix but it asked me to unsinstall AVG

I tryed to uninstall it but i am getting an error:

Machine locale: l'installation a échoué
Installation :
Erreur: Echec de l'opération clé de registre HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: création d'une clé de registre....
Accès refusé.


Translation:

Local machine: uninstall failed
Error: operation failed on registery key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Creating a registery key....
Access denied.



Maybe the virus is blocking access to windows registery ?

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 01 April 2011 - 03:26 PM

Use the removal tool for 32 bit systems.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 01 April 2011 - 04:20 PM

Got it! Thanks!

Here is the log file:

ComboFix 11-04-01.01 - Administrateur 2011-04-02 4:56.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.3326.2735 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\Application Data\OfferBox
c:\documents and settings\Administrateur\Application Data\OfferBox\config.xml
c:\documents and settings\Administrateur\Local Settings\Application Data\cra.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\lur.exe
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Antimalware Doctor
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Antimalware Doctor\Uninstall.lnk
c:\dtotalaudioconverter\dTotalAudioConverter.exe
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-02 au 2011-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-04-02 03:04 . 2011-03-31 17:44 127488 ----a-w- c:\windows\Pmabyb.exe
2011-04-01 11:55 . 2011-04-01 12:12 -------- d-----w- C:\! USB
2011-03-31 17:44 . 2011-03-31 17:44 90112 --sha-r- c:\windows\system32\PhysXC.dll
2011-03-31 17:43 . 2011-03-31 17:43 127488 ----a-w- c:\windows\Pmabya.exe
2011-03-25 21:31 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 21:31 . 2011-03-18 17:58 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 21:31 . 2011-03-18 17:58 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 21:31 . 2011-03-18 17:58 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 21:31 . 2011-03-18 17:58 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 21:31 . 2011-03-18 17:58 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 21:31 . 2011-03-18 17:58 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 21:31 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-15 08:24 . 2011-03-15 08:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-08 12:01 . 2011-03-20 14:32 -------- d-----w- c:\windows\zzzzzzzzz
2011-03-04 01:48 . 2011-03-01 09:22 13040 ----a-w- C:\anylinkmenu.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-03-18 17:58 . 2011-03-25 21:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2010-08-06_04.09.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-04-02 03:40 . 2011-04-02 03:40 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
+ 2010-11-02 18:17 . 2009-07-29 10:13 49152 c:\windows\system32\ssusbpn.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 26624 c:\windows\system32\ssp7ml3.dll
+ 2010-11-02 19:19 . 2009-08-10 07:06 65536 c:\windows\system32\ssp7mci.dll
+ 2010-11-02 18:17 . 2009-07-29 10:13 81920 c:\windows\system32\ssdevm.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 19968 c:\windows\system32\spool\prtprocs\w32x86\ssp7mpc.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 15318 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mpp.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 69632 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mlf.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 49152 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mio.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 53248 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mex.exe
+ 2010-11-02 19:19 . 2009-08-10 07:07 15318 c:\windows\system32\spool\drivers\w32x86\3\ssp7mpp.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 69632 c:\windows\system32\spool\drivers\w32x86\3\ssp7mlf.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 49152 c:\windows\system32\spool\drivers\w32x86\3\ssp7mio.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 53248 c:\windows\system32\spool\drivers\w32x86\3\ssp7mex.exe
+ 2010-04-16 21:12 . 2010-04-16 21:12 48464 c:\windows\system32\sirenacm.dll
+ 2010-09-05 22:10 . 2001-11-09 15:01 24064 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ativcoxx.dll
+ 2010-09-05 22:10 . 2009-05-16 02:31 17408 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atitvo32.dll
+ 2010-09-05 22:10 . 2009-02-03 20:52 45056 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ATIODCLI.exe
+ 2010-09-05 22:10 . 2009-05-16 02:38 49664 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atimpc32.dll
+ 2010-09-05 22:10 . 2009-05-16 03:14 53248 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ATIDDC.DLL
+ 2010-09-05 22:10 . 2009-05-16 01:35 45056 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\aticalrt.dll
+ 2010-09-05 22:10 . 2009-05-16 01:34 45056 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\aticalcl.dll
+ 2010-09-05 22:10 . 2009-05-16 03:17 26112 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\Ati2mdxx.exe
+ 2010-09-05 22:10 . 2009-05-16 02:30 53248 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2erec.dll
+ 2010-09-05 22:10 . 2009-05-16 03:17 43520 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2edxx.dll
+ 2010-09-05 22:07 . 2008-04-13 17:47 23552 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\wdmaud.drv
+ 2010-09-05 22:07 . 2004-07-09 03:27 48512 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\stream.sys
+ 2010-09-05 22:07 . 2008-04-13 10:45 60160 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\drmk.sys
+ 2010-09-05 22:07 . 2008-05-20 23:53 93696 c:\windows\system32\ReinstallBackups\0008\DriverFiles\AtiHdmi.sys
+ 2010-12-23 23:41 . 2002-05-21 04:01 16441 c:\windows\system32\p1030usd.dll
- 2008-10-18 20:48 . 2002-05-21 04:01 16441 c:\windows\system32\p1030usd.dll
+ 2010-12-23 23:41 . 2003-06-25 00:01 32768 c:\windows\system32\p1030pin.dll
- 2008-10-18 20:48 . 2003-06-25 00:01 32768 c:\windows\system32\p1030pin.dll
+ 2010-12-23 23:41 . 2002-05-29 00:01 53248 c:\windows\system32\p1030hwx.dll
- 2008-10-18 20:48 . 2002-05-29 00:01 53248 c:\windows\system32\p1030hwx.dll
- 2008-10-18 20:48 . 2002-05-30 00:01 35328 c:\windows\system32\p1030ext.dll
+ 2010-12-23 23:41 . 2002-05-30 00:01 35328 c:\windows\system32\p1030ext.dll
+ 2010-11-02 18:17 . 2009-07-29 10:13 44544 c:\windows\system32\msxml4a.dll
+ 2010-11-02 18:17 . 2009-07-29 10:13 21776 c:\windows\system32\msxml2a.dll
+ 2010-09-05 22:10 . 2010-08-04 01:31 81086 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\oemdspif.dll
+ 2010-09-05 22:10 . 2001-11-09 15:01 12614 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ativcoxx.dll
+ 2010-09-05 22:10 . 2009-02-18 17:55 81447 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiode.exe
+ 2010-09-05 22:10 . 2009-02-03 20:52 25093 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiodcli.exe
+ 2010-09-05 22:10 . 2010-08-04 01:15 41520 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atimpc32.dll
+ 2010-09-05 22:10 . 2010-08-04 01:28 28700 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiddc.dll
+ 2010-09-05 22:10 . 2010-08-04 01:59 29393 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\aticalrt.dll
+ 2010-09-05 22:10 . 2010-08-04 01:59 28971 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\aticalcl.dll
+ 2010-09-05 22:10 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atibtmon.exe
+ 2010-09-05 22:10 . 2010-08-04 01:27 54492 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiapfxx.exe
+ 2010-09-05 22:10 . 2010-08-04 01:30 16309 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2mdxx.exe
+ 2010-09-05 22:10 . 2010-08-04 01:30 80978 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2evxx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:14 13650 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2erec.dll
+ 2010-09-05 22:10 . 2010-08-04 01:30 28839 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2edxx.dll
+ 2010-11-02 19:17 . 2008-04-13 10:47 25856 c:\windows\system32\drivers\usbprint.sys
+ 2010-04-12 08:44 . 2010-04-12 08:44 59388 c:\windows\system32\drivers\scdemu.sys
+ 2010-12-23 23:41 . 2002-02-27 04:01 25169 c:\windows\system32\drivers\p1030cam.sys
- 2008-10-18 20:48 . 2002-02-27 04:01 25169 c:\windows\system32\drivers\p1030cam.sys
+ 2006-03-15 15:35 . 2006-03-15 15:35 17664 c:\windows\system32\drivers\AWISp50.sys
- 2008-07-04 02:28 . 2009-05-16 02:30 53248 c:\windows\system32\drivers\ati2erec.dll
+ 2008-07-04 02:28 . 2010-08-04 01:14 53248 c:\windows\system32\drivers\ati2erec.dll
+ 2010-10-31 20:58 . 2010-10-31 20:58 21361 c:\windows\system32\drivers\AegisP.sys
+ 2010-11-02 19:17 . 2008-04-13 10:47 25856 c:\windows\system32\dllcache\usbprint.sys
- 2008-10-16 21:19 . 2005-12-26 09:23 53248 c:\windows\system32\c6501rm.dll
+ 2010-10-23 17:59 . 2005-12-27 07:23 53248 c:\windows\system32\C6501rm.dll
+ 2010-10-23 17:59 . 2006-06-28 04:54 32768 c:\windows\system32\c6501prop.dll
- 2008-07-04 02:28 . 2009-05-16 02:31 17408 c:\windows\system32\atitvo32.dll
+ 2008-07-04 02:28 . 2010-08-04 01:22 17408 c:\windows\system32\atitvo32.dll
- 2007-08-21 19:36 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe
+ 2007-08-21 19:36 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe
+ 2009-05-16 02:38 . 2010-08-04 01:15 65024 c:\windows\system32\atimpc32.dll
- 2008-07-04 03:10 . 2009-05-16 03:14 53248 c:\windows\system32\ATIDDC.DLL
+ 2008-07-04 03:10 . 2010-08-04 01:28 53248 c:\windows\system32\ATIDDC.DLL
+ 2009-05-16 01:35 . 2010-08-04 01:59 53248 c:\windows\system32\aticalrt.dll
+ 2009-05-16 01:34 . 2010-08-04 01:59 53248 c:\windows\system32\aticalcl.dll
- 2008-07-04 03:14 . 2009-05-16 03:17 26112 c:\windows\system32\Ati2mdxx.exe
+ 2008-07-04 03:14 . 2010-08-04 01:30 26112 c:\windows\system32\Ati2mdxx.exe
+ 2008-07-04 03:13 . 2010-08-04 01:30 43520 c:\windows\system32\ati2edxx.dll
- 2008-07-04 03:13 . 2009-05-16 03:17 43520 c:\windows\system32\ati2edxx.dll
+ 2008-07-04 02:34 . 2010-08-04 01:15 65024 c:\windows\system32\amdpcom32.dll
- 2008-10-18 20:48 . 2002-05-29 00:01 49152 c:\windows\p1030cfg.exe
+ 2010-12-23 23:41 . 2002-05-29 00:01 49152 c:\windows\p1030cfg.exe
+ 2011-01-20 21:53 . 2011-01-20 21:53 98816 c:\windows\Installer\13a4e03.msi
+ 2011-01-20 21:51 . 2011-01-20 21:51 22016 c:\windows\Installer\13a4d64.msi
+ 2011-01-20 21:49 . 2011-01-20 21:49 27136 c:\windows\Installer\13a4d12.msi
+ 2011-01-20 21:49 . 2011-01-20 21:49 58880 c:\windows\Installer\13a4cde.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{F527C466-971D-B4EE-BBF7-076C805C1F59}\ARPPRODUCTICON.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{DDA34038-89BD-4804-B0B8-DC48D5DFB463}\ARPPRODUCTICON.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{CBD87C29-38A1-FEBB-1A29-B8412B47509C}\ARPPRODUCTICON.exe
+ 2011-01-20 21:49 . 2011-01-20 21:49 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe
+ 2010-08-13 19:19 . 2010-11-16 01:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-05 22:13 . 2010-09-05 22:13 44758 c:\windows\Installer\{841170F5-59D8-D804-D837-4629E2C692A8}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{841170F5-59D8-D804-D837-4629E2C692A8}\ARPPRODUCTICON.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}\ARPPRODUCTICON.exe
- 2009-09-28 22:51 . 2009-09-28 22:51 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
+ 2011-01-20 21:51 . 2011-01-20 21:51 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
+ 2011-01-20 21:50 . 2011-01-20 21:50 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
+ 2010-09-05 22:05 . 2010-09-05 22:07 77542 c:\windows\Installer\{1AD3AC28-1433-233F-C67D-B074D731403E}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:05 . 2010-09-05 22:07 77542 c:\windows\Installer\{1AD3AC28-1433-233F-C67D-B074D731403E}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:05 . 2010-09-05 22:07 77542 c:\windows\Installer\{1AD3AC28-1433-233F-C67D-B074D731403E}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:05 . 2010-09-05 22:07 77542 c:\windows\Installer\{1AD3AC28-1433-233F-C67D-B074D731403E}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:10 . 2010-09-05 22:10 77542 c:\windows\Installer\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:10 . 2010-09-05 22:10 77542 c:\windows\Installer\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:10 . 2010-09-05 22:10 77542 c:\windows\Installer\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:10 . 2010-09-05 22:10 77542 c:\windows\Installer\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-09-05 22:10 . 2010-09-05 22:10 77542 c:\windows\Installer\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}\ARPPRODUCTICON.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 10134 c:\windows\Installer\{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}\ARPPRODUCTICON.exe
+ 2010-09-05 22:09 . 2010-09-05 22:09 10134 c:\windows\Installer\{08E3DDC8-E020-5903-31AE-D6B593FE8323}\ARPPRODUCTICON.exe
+ 2010-12-23 23:41 . 2002-05-21 04:01 16441 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030usd.dll
- 2010-06-03 09:46 . 2002-05-21 04:01 16441 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030usd.dll
- 2010-06-03 09:46 . 2003-06-25 00:01 32768 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030pin.dll
+ 2010-12-23 23:41 . 2003-06-25 00:01 32768 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030pin.dll
+ 2010-12-23 23:41 . 2002-05-29 00:01 53248 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030hwx.dll
- 2010-06-03 09:46 . 2002-05-29 00:01 53248 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030hwx.dll
+ 2010-12-23 23:41 . 2002-05-30 00:01 35328 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030ext.dll
- 2010-06-03 09:46 . 2002-05-30 00:01 35328 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030ext.dll
+ 2010-12-23 23:41 . 2002-05-29 00:01 49152 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030cfg.exe
- 2010-06-03 09:46 . 2002-05-29 00:01 49152 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030cfg.exe
+ 2010-12-23 23:41 . 2002-02-27 04:01 25169 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030cam.sys
- 2010-06-03 09:46 . 2002-02-27 04:01 25169 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030cam.sys
+ 2010-12-23 23:41 . 2004-10-22 01:15 86016 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\ctdrvins.exe
- 2010-06-03 09:46 . 2004-10-22 01:15 86016 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\ctdrvins.exe
- 2010-06-03 09:46 . 2003-10-03 00:05 65536 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\CtCamMgr.dll
+ 2010-12-23 23:41 . 2003-10-03 00:05 65536 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\CtCamMgr.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\d2056627d7e9348f7b4f4aa4311e5cb6\WindowsLiveWriter.ni.exe
+ 2011-01-20 22:37 . 2011-01-20 22:37 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6e39c30974d61523f189fd316c602264\WindowsLive.Writer.Api.ni.dll
+ 2010-09-05 22:07 . 2002-12-11 23:14 4096 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll
+ 2010-12-23 23:41 . 2002-05-29 00:01 8704 c:\windows\system32\p1030vfw.drv
- 2008-10-18 20:48 . 2002-05-29 00:01 8704 c:\windows\system32\p1030vfw.drv
+ 2010-09-05 22:10 . 2010-08-04 01:22 8348 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atitvo32.dll
+ 2008-10-16 13:57 . 2002-12-11 23:14 4096 c:\windows\system32\dllcache\ksuser.dll
- 2008-10-16 13:57 . 2008-04-13 18:33 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2010-12-23 23:41 . 2002-05-29 00:01 8704 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vfw.drv
- 2010-06-03 09:46 . 2002-05-29 00:01 8704 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vfw.drv
+ 2010-04-17 00:28 . 2010-04-17 00:28 307056 c:\windows\WLXPGSS.SCR
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-10-12 15:17 . 2008-04-13 17:33 221184 c:\windows\system32\wmpns.dll
+ 2010-11-30 02:49 . 2000-10-01 23:00 125712 c:\windows\system32\VB6DE.DLL
+ 2010-11-02 19:19 . 2009-08-10 07:06 151552 c:\windows\system32\ssp7mci.exe
+ 2010-11-02 19:19 . 2009-08-10 07:07 536576 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7msf.dll
+ 2010-11-02 19:19 . 2009-12-01 09:51 785408 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7msc.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 217088 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mo.dll
+ 2010-11-02 19:19 . 2009-12-01 09:51 352256 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mn.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 385024 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mm.dll
+ 2010-11-02 19:19 . 2009-12-15 08:26 499712 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mdu.dll
+ 2010-11-02 19:19 . 2010-01-12 10:21 972288 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7m.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 536576 c:\windows\system32\spool\drivers\w32x86\3\ssp7msf.dll
+ 2010-11-02 19:19 . 2009-12-01 09:51 785408 c:\windows\system32\spool\drivers\w32x86\3\ssp7msc.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 217088 c:\windows\system32\spool\drivers\w32x86\3\ssp7mo.dll
+ 2010-11-02 19:19 . 2009-12-01 09:51 352256 c:\windows\system32\spool\drivers\w32x86\3\ssp7mn.dll
+ 2010-11-02 19:19 . 2009-08-10 07:07 385024 c:\windows\system32\spool\drivers\w32x86\3\ssp7mm.dll
+ 2010-11-02 19:19 . 2009-12-15 08:26 499712 c:\windows\system32\spool\drivers\w32x86\3\ssp7mdu.dll
+ 2010-11-02 19:19 . 2010-01-12 10:21 972288 c:\windows\system32\spool\drivers\w32x86\3\ssp7m.dll
+ 2010-09-05 22:10 . 2009-05-16 03:17 155648 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\Oemdspif.dll
+ 2010-09-05 22:10 . 2009-05-16 02:54 887724 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ativva6x.dat
+ 2010-09-05 22:10 . 2009-05-16 03:18 204800 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atipdlxx.dll
+ 2010-09-05 22:10 . 2009-05-16 02:26 376832 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atiok3x2.dll
+ 2010-09-05 22:10 . 2009-02-18 17:55 294912 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ATIODE.exe
+ 2010-09-05 22:10 . 2009-05-16 02:33 479232 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atikvmag.dll
+ 2010-09-05 22:10 . 2009-05-16 02:51 311296 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atiiiexx.dll
+ 2010-09-05 22:10 . 2009-04-23 19:04 189051 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atiicdxx.dat
+ 2010-09-05 22:10 . 2009-05-16 03:39 442368 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ATIDEMGX.dll
+ 2010-09-05 22:10 . 2009-05-05 19:33 118784 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atibtmon.exe
+ 2010-09-05 22:10 . 2009-05-16 02:31 139264 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atiadlxx.dll
+ 2010-09-05 22:10 . 2009-05-16 03:15 602112 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2evxx.exe
+ 2010-09-05 22:10 . 2009-05-16 03:17 155648 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2evxx.dll
+ 2010-09-05 22:10 . 2009-05-16 03:38 335872 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2dvag.dll
+ 2010-09-05 22:10 . 2009-05-16 02:24 651264 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2cqag.dll
+ 2010-09-05 22:07 . 2008-04-13 11:19 146048 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\portcls.sys
- 2008-07-04 03:14 . 2009-05-16 03:17 155648 c:\windows\system32\Oemdspif.dll
+ 2008-07-04 03:14 . 2010-08-04 01:31 155648 c:\windows\system32\Oemdspif.dll
+ 2010-11-30 02:49 . 1998-07-06 16:55 158208 c:\windows\system32\MSCMCDE.DLL
+ 2011-03-03 21:08 . 2011-03-03 21:08 235168 c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2010-09-05 22:10 . 2010-08-04 01:27 887724 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ativva6x.dat
+ 2010-09-05 22:10 . 2010-08-04 01:31 109101 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atipdlxx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:23 194283 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiok3x2.dll
+ 2010-09-05 22:10 . 2010-08-04 01:24 319263 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atikvmag.dll
+ 2010-09-05 22:10 . 2010-08-04 01:47 311296 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiiiexx.dll
+ 2010-09-05 22:10 . 2010-06-16 13:22 219348 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiicdxx.dat
+ 2010-09-05 22:10 . 2010-08-04 01:47 450560 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atidemgx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:22 102749 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atiadlxx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:29 320376 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2evxx.exe
+ 2010-09-05 22:10 . 2010-08-04 01:46 188804 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2dvag.dll
+ 2010-09-05 22:10 . 2010-08-04 01:16 358225 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2cqag.dll
+ 2010-09-05 22:07 . 2010-07-21 11:30 101904 c:\windows\system32\DRVSTORE\AtihdXP3_88EEB7095A60B79EF3BF3CABAFBCF65586579653\AtihdXP3.sys
+ 2007-07-28 16:50 . 2007-07-28 16:50 517632 c:\windows\system32\drivers\rt2870.sys
+ 2010-12-23 23:41 . 2002-05-21 01:00 167673 c:\windows\system32\drivers\p1030vid.sys
- 2008-10-18 20:48 . 2002-05-21 01:00 167673 c:\windows\system32\drivers\p1030vid.sys
+ 2010-09-05 22:07 . 2010-07-21 11:30 101904 c:\windows\system32\drivers\AtihdXP3.sys
+ 2010-10-23 17:59 . 2007-06-28 08:02 274432 c:\windows\system32\C6501rm.exe
- 2008-10-16 21:23 . 2009-05-16 02:54 887724 c:\windows\system32\ativva6x.dat
+ 2008-10-16 21:23 . 2010-08-04 01:27 887724 c:\windows\system32\ativva6x.dat
+ 2008-07-04 03:14 . 2010-08-04 01:31 208896 c:\windows\system32\atipdlxx.dll
+ 2008-07-04 03:06 . 2010-08-04 01:23 393216 c:\windows\system32\atiok3x2.dll
+ 2007-08-21 21:51 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe
- 2007-08-21 21:51 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe
+ 2008-07-04 02:30 . 2010-08-04 01:24 610304 c:\windows\system32\atikvmag.dll
+ 2008-10-16 21:23 . 2010-08-04 01:47 311296 c:\windows\system32\atiiiexx.dll
- 2008-10-16 21:23 . 2009-05-16 02:51 311296 c:\windows\system32\atiiiexx.dll
+ 2008-10-16 21:23 . 2010-06-16 13:22 219348 c:\windows\system32\atiicdxx.dat
+ 2008-10-16 21:23 . 2010-08-04 01:47 450560 c:\windows\system32\ATIDEMGX.dll
+ 2009-05-05 19:33 . 2009-05-11 21:35 118784 c:\windows\system32\atibtmon.exe
- 2009-05-05 19:33 . 2009-05-05 19:33 118784 c:\windows\system32\atibtmon.exe
+ 2010-09-05 22:10 . 2010-08-04 01:27 143360 c:\windows\system32\atiapfxx.exe
+ 2008-07-04 02:29 . 2010-08-04 01:22 188416 c:\windows\system32\atiadlxx.dll
+ 2008-07-04 03:12 . 2010-08-04 01:29 606208 c:\windows\system32\ati2evxx.exe
+ 2008-07-04 03:13 . 2010-08-04 01:30 159744 c:\windows\system32\ati2evxx.dll
+ 2008-07-04 03:23 . 2010-08-04 01:46 300544 c:\windows\system32\ati2dvag.dll
+ 2008-07-04 02:22 . 2010-08-04 01:16 700416 c:\windows\system32\ati2cqag.dll
+ 2010-10-31 20:58 . 2010-10-31 20:58 376832 c:\windows\system32\AegisI5Installer.exe
+ 2007-11-28 03:26 . 2007-11-28 03:26 438272 c:\windows\system32\AegisI5.exe
+ 2010-10-23 17:59 . 2001-11-24 02:08 712704 c:\windows\system\c6501a3d.dll
+ 2010-10-23 17:59 . 2001-11-24 02:08 712704 c:\windows\system\a3d.dll
+ 2010-11-02 18:18 . 2009-11-12 04:15 482408 c:\windows\ssndii.exe
+ 2010-11-02 18:17 . 2010-06-07 10:35 618496 c:\windows\Samsung\PanelMgr\SSMMgr.exe
+ 2010-11-02 18:17 . 2010-06-07 10:35 102400 c:\windows\Samsung\PanelMgr\SPaddon.exe
+ 2010-11-02 18:17 . 2009-07-29 10:13 306688 c:\windows\Samsung\PanelMgr\caller64.exe
+ 2011-02-27 22:11 . 2011-02-27 22:11 247808 c:\windows\Installer\b8c8bed.msi
+ 2010-10-31 20:57 . 2010-10-31 20:57 829952 c:\windows\Installer\ac690a4.msi
+ 2010-12-14 00:53 . 2010-12-14 00:53 689152 c:\windows\Installer\8756e.msi
+ 2010-08-06 23:12 . 2010-08-06 23:12 424448 c:\windows\Installer\372116f.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 718336 c:\windows\Installer\15ccf5.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 315392 c:\windows\Installer\15ccee.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 195072 c:\windows\Installer\15ccdf.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 252416 c:\windows\Installer\15ccd8.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 259584 c:\windows\Installer\15ccd1.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 322048 c:\windows\Installer\15ccca.msi
+ 2010-09-05 22:09 . 2010-09-05 22:09 435712 c:\windows\Installer\15cc00.msi
+ 2010-09-05 22:05 . 2010-09-05 22:05 914944 c:\windows\Installer\15cb29.msi
+ 2010-09-05 22:05 . 2010-09-05 22:05 219648 c:\windows\Installer\15cb11.msi
+ 2011-01-20 21:54 . 2011-01-20 21:54 569856 c:\windows\Installer\13a4e79.msi
+ 2011-01-20 21:53 . 2011-01-20 21:53 177152 c:\windows\Installer\13a4e56.msi
+ 2011-01-20 21:53 . 2011-01-20 21:53 727040 c:\windows\Installer\13a4e29.msi
+ 2011-01-20 21:53 . 2011-01-20 21:53 483328 c:\windows\Installer\13a4e18.msi
+ 2011-01-20 21:53 . 2011-01-20 21:53 779264 c:\windows\Installer\13a4df1.msi
+ 2011-01-20 21:52 . 2011-01-20 21:52 483328 c:\windows\Installer\13a4dad.msi
+ 2011-01-20 21:51 . 2011-01-20 21:51 816640 c:\windows\Installer\13a4d98.msi
+ 2011-01-20 21:50 . 2011-01-20 21:50 429056 c:\windows\Installer\13a4d44.msi
+ 2011-01-20 21:49 . 2011-01-20 21:49 149504 c:\windows\Installer\13a4cfb.msi
+ 2010-12-14 01:25 . 2010-12-14 01:25 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-09-05 22:13 . 2010-09-05 22:13 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe
+ 2010-06-08 22:39 . 2010-10-15 17:02 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
- 2010-06-08 22:39 . 2010-07-09 05:01 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-01-20 21:53 . 2011-01-20 21:53 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe
+ 2007-02-22 22:41 . 2007-02-22 22:41 304544 c:\windows\Downloaded Program Files\MessengerStatsPAClient.dll
- 2010-06-03 09:46 . 2002-05-21 01:00 167673 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vid.sys
+ 2010-12-23 23:41 . 2002-05-21 01:00 167673 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vid.sys
+ 2010-12-23 23:41 . 2005-03-01 00:03 126976 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vfw.dll
- 2010-06-03 09:46 . 2005-03-01 00:03 126976 c:\windows\CtDrvInstall\{70643130-33306476-0000000000000000}\p1030vfw.dll
- 2008-10-16 21:19 . 2006-08-30 10:43 266240 c:\windows\Cmi6501Uninstall.exe
+ 2008-10-16 21:19 . 2007-06-29 00:16 266240 c:\windows\Cmi6501Uninstall.exe
+ 2011-01-20 22:37 . 2011-01-20 22:37 626176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\bdcd71d04e868ee3ab4d726e1042d6fd\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 173568 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd59417cb43464ea08d5e7b24dc5ad77\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d9033f912b4e45d5967cb42855416e57\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3638306c63548cd44c36d97a234e27d\WindowsLive.Writer.Localization.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c89cb5a9230b66bdbf4707bf45696b4f\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 594432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c28c7d1875f88c01b7adb171490bf402\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b1b159a8e159d9e2bf7eef7188878551\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9723da3c39d9587623a0863b65cb4843\WindowsLive.Writer.Interop.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 118272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74ba8277a5f5abf79f3bd01cf1b2aaf0\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70af46fd5f0d06270c10cfd650eadb9e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6de35d32d3ed2ea046a3e3512a8748b4\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\617e9f551ef10287a3f1fa3138c05570\WindowsLive.Writer.Passport.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\47c2f9be16bc5196bd50264e686387ee\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27bdc5d69e77239f58a3599f8c3c0f32\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 843264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0bec7ae092996e24b1e435f120cc981f\WindowsLive.Writer.Controls.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\72a63cc605a7fa59edaa33f6277f342e\WindowsLive.Client.ni.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-11-02 19:19 . 2009-09-14 04:33 3174400 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mur.dll
+ 2010-11-02 19:19 . 2009-12-08 01:29 1036288 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7mum.dll
+ 2010-11-02 19:19 . 2009-12-15 08:26 1363968 c:\windows\system32\spool\drivers\w32x86\samsungml_1660_serie3555\ssp7muc.dll
+ 2010-11-02 19:19 . 2009-09-14 04:33 3174400 c:\windows\system32\spool\drivers\w32x86\3\ssp7mur.dll
+ 2010-11-02 19:19 . 2009-12-08 01:29 1036288 c:\windows\system32\spool\drivers\w32x86\3\ssp7mum.dll
+ 2010-11-02 19:19 . 2009-12-15 08:26 1363968 c:\windows\system32\spool\drivers\w32x86\3\ssp7muc.dll
+ 2010-09-05 22:10 . 2009-05-16 02:54 2122624 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ativvaxx.dll
+ 2010-09-05 22:10 . 2009-05-16 01:33 3158016 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\aticaldd.dll
+ 2010-09-05 22:10 . 2009-05-16 03:07 2987136 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati3duag.dll
+ 2010-09-05 22:10 . 2009-05-16 03:58 4069888 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\ati2mtag.sys
+ 2010-11-02 18:17 . 2009-07-29 10:13 1233920 c:\windows\system32\msxml4.dll
+ 2010-11-09 13:24 . 2011-03-03 21:08 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2001-09-05 20:00 . 2004-08-18 10:00 1700352 c:\windows\system32\gdiplus.dll
- 2001-09-05 20:00 . 2001-09-05 20:00 1700352 c:\windows\system32\gdiplus.dll
+ 2008-10-16 13:54 . 2011-04-02 03:03 3465560 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-05 22:10 . 2010-08-04 01:28 1216900 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ativvaxx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:53 6914795 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\atioglxx.dll
+ 2010-09-05 22:10 . 2010-08-04 01:57 2063557 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\aticaldd.dll
+ 2010-09-05 22:10 . 2010-08-04 01:41 2059723 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati3duag.dll
+ 2010-09-05 22:10 . 2010-08-04 02:20 3470987 c:\windows\system32\DRVSTORE\CX103687_D477E0203C160534E1152CF609B20A4C2761B5E0\B103344\ati2mtag.sys
+ 2008-10-16 21:19 . 2007-07-10 08:42 1310720 c:\windows\system32\drivers\c6501.sys
+ 2008-07-04 06:33 . 2010-08-04 02:20 5243392 c:\windows\system32\drivers\ati2mtag.sys
+ 2008-07-04 06:33 . 2010-08-04 02:20 5243392 c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-07-04 02:49 . 2010-08-04 01:28 2537728 c:\windows\system32\ativvaxx.dll
+ 2009-05-16 01:33 . 2010-08-04 01:57 4358144 c:\windows\system32\aticaldd.dll
+ 2008-07-04 03:00 . 2010-08-04 01:41 3901280 c:\windows\system32\ati3duag.dll
+ 2006-03-02 17:04 . 2006-03-02 17:04 1425499 c:\windows\system32\AegisE5.dll
+ 2007-11-28 03:32 . 2007-11-28 03:32 1163264 c:\windows\system32\acAuth.dll
+ 2010-12-14 01:25 . 2010-12-14 01:25 1575936 c:\windows\Installer\6fbaf.msi
+ 2010-10-15 17:02 . 2010-10-15 17:02 2086912 c:\windows\Installer\4332e.msi
+ 2010-09-05 22:13 . 2010-09-05 22:13 1123840 c:\windows\Installer\15cce7.msi
+ 2010-09-05 22:10 . 2010-09-05 22:10 1597440 c:\windows\Installer\15cc08.msi
+ 2011-02-27 22:11 . 2011-02-27 22:11 1579520 c:\windows\Downloaded Installations\{E53E86C7-44F1-46C8-AA07-BF5F9A0C5BBE}\VBScript2Exe.msi
+ 2011-01-20 22:37 . 2011-01-20 22:37 1104896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f593ae0c4a88bce1b62b36dfbc1d831e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acf84ea425f8abec514ea5f8602cfe5a\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-01-20 22:37 . 2011-01-20 22:37 6390272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5c3ca655698a00a7e0ebe5f839928fd2\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-10-31 20:57 . 2010-10-31 20:57 8871424 c:\windows\{7B355114-7439-42B6-AB50-516834796D4D}\Belkin F5D8053 N Wireless USB Adapter.msi
+ 2010-09-05 22:10 . 2009-05-16 02:55 11423744 c:\windows\system32\ReinstallBackups\0009\DriverFiles\B_81503\atioglxx.dll
+ 2008-10-29 02:10 . 2010-08-04 01:53 15900672 c:\windows\system32\atioglxx.dll
+ 2010-08-13 19:19 . 2010-08-13 19:19 20242432 c:\windows\Installer\3fad707.msp
+ 2010-11-16 01:20 . 2010-11-16 01:20 20303872 c:\windows\Installer\1fc49c.msp
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"C6501Sound"="c6501.cpl" [BU]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053v3011\Belkinwcui.exe [2008-4-7 1736704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^192.168.3.101 View Only.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\192.168.3.101 View Only.lnk
backup=c:\windows\pss\192.168.3.101 View Only.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 13:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 11:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2007-08-28 16:43 73728 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WScheduler]
2004-04-25 21:23 62976 ----a-w- c:\progra~1\SYSTEM~1\WScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/10/2008 22:32 717296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [05/09/2010 23:07 101904]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [16/10/2008 22:19 1310720]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [24/12/2010 00:41 167673]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [05/03/2009 15:21 14342]
S3 Saavideo;Description of Saavideo NT service here;c:\windows\system32\drivers\saavideo.sys [09/04/2009 16:22 30208]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
S3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x86.sys --> c:\windows\system32\Drivers\WLRAWMp50x86.sys [?]
S3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x86.sys --> c:\windows\system32\Drivers\WLRAWSp50x86.sys [?]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [31/03/2009 05:57 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2008-04-13 17:33 101888 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
2011-04-02 c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
- c:\windows\Pmabyb.exe [2011-04-02 17:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wongio0k.anarchoi\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?edchanged=1&ned=fr_ca
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-RunOnce-AvgRemover - c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\D04BD9O1\avg_remover_stf_x86_2011_1184[1].exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 05:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,ae,04,10,60,56,7b,48,ac,bd,12,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,54,14,a0,7d,02,88,47,b3,b8,bf,\
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B3520F1E-321B-549D-89B4-C6A4CB907195}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahfjgpgnapdncdligdobmofmeahek"=hex:64,61,68,70,6a,65,67,67,00,85
"oalajajhcdcmjlpjedggbfnhgmgnkl"=hex:69,61,62,63,6e,61,6b,67,62,6e,65,64,70,68,
69,6a,70,6e,00,ff
"nafplgmfemkbljclaglaekmfjolo"=hex:69,61,62,63,6e,61,6b,67,62,6e,65,64,70,68,
69,6a,70,6e,00,ff
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,59,b6,af,f2,b5,42,51,bf,72,b0,9c,79,0c,eb,71,86,d9,a4,60,c5,56,13,
c4,ba,20,75,62,6b,1b,69,b7,74,5c,e3,b5,6d,7c,3e,d2,12,a9,8f,13,4b,b3,59,56,\
"??"=hex:61,45,5b,87,b0,5d,48,5e,89,f2,6a,9e,19,91,e2,6f
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:df,fa,eb,3a,5d,2e,b1,14,29,8b,2f,94,1b,d1,87,84,2c,0e,17,14,78,
01,5f,2c,42,30,f6,e4,95,a1,91,8d,db,91,4d,08,2d,be,a6,7d,84,d3,91,18,9d,6b,\
"rkeysecu"=hex:1d,80,de,dd,8a,bc,e6,d3,bc,25,ef,2c,99,18,b4,46
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-04-02 05:10:01
ComboFix-quarantined-files.txt 2011-04-02 04:09
ComboFix2.txt 2010-08-06 04:12
.
Avant-CF: 4 243 853 312 octets libres
Après-CF: 13 641 228 288 octets libres
.
- - End Of File - - 0BE1D0BEBD83EAB85335BB09D792345F



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 01 April 2011 - 06:12 PM

We treat Ask.com as a high risk Browser Helper Object and Toolbar, please remove it from your system.

Download the enclosed file. Save it next to Combofix.

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

In the event the upload is not successful, Combofix created a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Indicate a link to this address and let me know when ready.

-------------------------

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

----------------------

Perform an online scan at Eset and post its results.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 01 April 2011 - 07:47 PM

ComboFix 11-04-01.01 - Administrateur 2011-04-02 7:53.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.3326.2465 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
.
file zipped: c:\windows\Pmabya.exe
file zipped: c:\windows\Pmabyb.exe
file zipped: c:\windows\system32\PhysXC.dll
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\zzzzzzzzz
c:\windows\zzzzzzzzz\Nouveau dossier\!Photo 063.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\!Photo 064.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 001.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 002.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 003.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 004.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 005.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 006.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 007.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 008.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 009.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 010.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 011.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 012.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 013.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 014.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 015.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 016.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 017.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 018.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 019.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 020.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 021.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 022.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 023.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 024.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 025.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 026.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 027.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 028.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 029.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 030.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 031.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 032.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 033.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 034.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 035.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 036.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 037.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 038.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 039.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 040.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 041.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 042.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 043.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 044.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 045.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 046.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 047.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 048.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 049.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 050.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 051.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 052.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 053.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 054.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 065.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 066.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 067.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 068.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 069.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 070.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 071.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 072.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 073.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 074.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 075.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 076.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 077.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 078.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 079.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 080.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 081.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 082.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 083.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 084.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 085.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 086.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 087.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 088.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 089.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 090.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 091.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 092.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 093.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 094.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 095.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 096.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 097.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 098.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Photo 099.jpg
c:\windows\zzzzzzzzz\Nouveau dossier\Thumbs.db
c:\windows\zzzzzzzzz\Photo 001.jpg
c:\windows\zzzzzzzzz\Photo 002.jpg
c:\windows\zzzzzzzzz\Photo 003.jpg
c:\windows\zzzzzzzzz\Photo 004.jpg
c:\windows\zzzzzzzzz\Photo 005.jpg
c:\windows\zzzzzzzzz\Photo 006.jpg
c:\windows\zzzzzzzzz\Photo 007.jpg
c:\windows\zzzzzzzzz\Photo 008.jpg
c:\windows\zzzzzzzzz\Photo 009.jpg
c:\windows\zzzzzzzzz\Photo 010.jpg
c:\windows\zzzzzzzzz\Photo 011.jpg
c:\windows\zzzzzzzzz\Photo 012.jpg
c:\windows\zzzzzzzzz\Photo 013.jpg
c:\windows\zzzzzzzzz\Photo 014.jpg
c:\windows\zzzzzzzzz\Photo 015.jpg
c:\windows\zzzzzzzzz\Photo 016.jpg
c:\windows\zzzzzzzzz\Photo 017.jpg
c:\windows\zzzzzzzzz\Photo 018.jpg
c:\windows\zzzzzzzzz\Photo 019.jpg
c:\windows\zzzzzzzzz\Photo 020.jpg
c:\windows\zzzzzzzzz\Photo 021.jpg
c:\windows\zzzzzzzzz\Photo 022.jpg
c:\windows\zzzzzzzzz\Photo 023.jpg
c:\windows\zzzzzzzzz\Photo 024.jpg
c:\windows\zzzzzzzzz\Photo 025.jpg
c:\windows\zzzzzzzzz\Photo 026.jpg
c:\windows\zzzzzzzzz\Photo 027.jpg
c:\windows\zzzzzzzzz\Photo 028.jpg
c:\windows\zzzzzzzzz\Photo 029.jpg
c:\windows\zzzzzzzzz\Photo 030.jpg
c:\windows\zzzzzzzzz\Photo 031.jpg
c:\windows\zzzzzzzzz\Photo 032.jpg
c:\windows\zzzzzzzzz\Photo 033.jpg
c:\windows\zzzzzzzzz\Photo 034.jpg
c:\windows\zzzzzzzzz\Photo 035.jpg
c:\windows\zzzzzzzzz\Photo 036.jpg
c:\windows\zzzzzzzzz\Photo 037.jpg
c:\windows\zzzzzzzzz\Photo 038.jpg
c:\windows\zzzzzzzzz\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-02 au 2011-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-04-02 03:04 . 2011-03-31 17:44 127488 ----a-w- c:\windows\Pmabyb.exe
2011-04-01 11:55 . 2011-04-01 12:12 -------- d-----w- C:\! USB
2011-03-31 17:44 . 2011-03-31 17:44 90112 --sha-r- c:\windows\system32\PhysXC.dll
2011-03-31 17:43 . 2011-03-31 17:43 127488 ----a-w- c:\windows\Pmabya.exe
2011-03-25 21:31 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 21:31 . 2011-03-18 17:58 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 21:31 . 2011-03-18 17:58 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 21:31 . 2011-03-18 17:58 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 21:31 . 2011-03-18 17:58 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 21:31 . 2011-03-18 17:58 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 21:31 . 2011-03-18 17:58 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 21:31 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-15 08:24 . 2011-03-15 08:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-04 01:48 . 2011-03-01 09:22 13040 ----a-w- C:\anylinkmenu.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-03-18 17:58 . 2011-03-25 21:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\! USB ----
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"C6501Sound"="c6501.cpl" [BU]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053v3011\Belkinwcui.exe [2008-4-7 1736704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^192.168.3.101 View Only.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\192.168.3.101 View Only.lnk
backup=c:\windows\pss\192.168.3.101 View Only.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 13:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 11:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2007-08-28 16:43 73728 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WScheduler]
2004-04-25 21:23 62976 ----a-w- c:\progra~1\SYSTEM~1\WScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/10/2008 22:32 717296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [05/09/2010 23:07 101904]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [16/10/2008 22:19 1310720]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/08/2010 05:06 38224]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [24/12/2010 00:41 167673]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [05/03/2009 15:21 14342]
S3 Saavideo;Description of Saavideo NT service here;c:\windows\system32\drivers\saavideo.sys [09/04/2009 16:22 30208]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
S3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x86.sys --> c:\windows\system32\Drivers\WLRAWMp50x86.sys [?]
S3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x86.sys --> c:\windows\system32\Drivers\WLRAWSp50x86.sys [?]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [31/03/2009 05:57 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2008-04-13 17:33 101888 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
2011-04-02 c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
- c:\windows\Pmabyb.exe [2011-04-02 17:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\x2gp6svi.default\
FF - prefs.js: browser.startup.homepage - hxxp://ethor.net/browse.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: Anarkhia Toolbar: {dee8c2c0-8ab4-4fdd-864c-af771635fb78} - %profile%\extensions\{dee8c2c0-8ab4-4fdd-864c-af771635fb78}
FF - Ext: www.resistance.tk Toolbar: {90400b19-4f77-46f0-9169-970af9a7e049} - %profile%\extensions\{90400b19-4f77-46f0-9169-970af9a7e049}
FF - Ext: pirate-punk Toolbar: {62191681-7f3e-4bb1-a78d-0acce63c2546} - %profile%\extensions\{62191681-7f3e-4bb1-a78d-0acce63c2546}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: @@toolbarname@@: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,ae,04,10,60,56,7b,48,ac,bd,12,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,54,14,a0,7d,02,88,47,b3,b8,bf,\
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B3520F1E-321B-549D-89B4-C6A4CB907195}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahfjgpgnapdncdligdobmofmeahek"=hex:64,61,68,70,6a,65,67,67,00,85
"oalajajhcdcmjlpjedggbfnhgmgnkl"=hex:69,61,62,63,6e,61,6b,67,62,6e,65,64,70,68,
69,6a,70,6e,00,ff
"nafplgmfemkbljclaglaekmfjolo"=hex:69,61,62,63,6e,61,6b,67,62,6e,65,64,70,68,
69,6a,70,6e,00,ff
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,59,b6,af,f2,b5,42,51,bf,72,b0,9c,79,0c,eb,71,86,d9,a4,60,c5,56,13,
c4,ba,20,75,62,6b,1b,69,b7,74,5c,e3,b5,6d,7c,3e,d2,12,a9,8f,13,4b,b3,59,56,\
"??"=hex:61,45,5b,87,b0,5d,48,5e,89,f2,6a,9e,19,91,e2,6f
.
[HKEY_USERS\S-1-5-21-1060284298-1708537768-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:df,fa,eb,3a,5d,2e,b1,14,29,8b,2f,94,1b,d1,87,84,2c,0e,17,14,78,
01,5f,2c,42,30,f6,e4,95,a1,91,8d,db,91,4d,08,2d,be,a6,7d,84,d3,91,18,9d,6b,\
"rkeysecu"=hex:1d,80,de,dd,8a,bc,e6,d3,bc,25,ef,2c,99,18,b4,46
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-04-02 08:06:59
ComboFix-quarantined-files.txt 2011-04-02 07:06
ComboFix2.txt 2011-04-02 04:10
ComboFix3.txt 2010-08-06 04:12
.
Avant-CF: 13 549 682 688 octets libres
Après-CF: 13 573 238 784 octets libres
.
- - End Of File - - FFB57C0F46BC9D639720FCA568E199BE
L'envoi a r‚ussi











i submitted the file

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 01 April 2011 - 08:20 PM

Files read clean. Post the MBAM and online scan when ready.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 02 April 2011 - 07:49 PM

Oops, sorry.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011-04-03 05:46:33
mbam-log-2011-04-03 (05-46-33).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 118012
Temps écoulé: 15 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)




I have ran the online scanner but i dont understand where is the log file.... It found 15 infections and i think it removed them.. After the scan is over (took 4+ hours) there is only a window asking me to buy their antivirus

Edited by anarchoi, 02 April 2011 - 07:50 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:50 PM

Posted 02 April 2011 - 08:04 PM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 anarchoi

anarchoi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 02 April 2011 - 11:10 PM

Looks perfect now, the virus seems to be gone and everything is running like before. Thanks a lot for your help, this forum is so useful

Is there a way i can protect my computer from getting these viruses ? I got "fake antivirus" type of virus at least 10 times, and 3 times i couldnt boot my computer anymore because of this virus...

I don't even understand how i get it, i was just surfing the web with firefox and then the virus popped up... I didn't even download anything during the past days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users