Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit prevents XP from booting


  • This topic is locked This topic is locked
7 replies to this topic

#1 Art-Tistic

Art-Tistic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 May 2011 - 07:12 AM

Hello Surgeon General,

I have a similar problem as noted in this thread http://www.bleepingcomputer.com/forums/topic393619.html

I followed the same recommendations and have uploaded the zip file of reports just as you instructed the original poster to do...i did however reference this thread...

Any help would be greatly appreciated. This is my partner's business machine and she is starting to pull her hair out ;p

Thanks in advance!

Anthony

BC AdBot (Login to Remove)

 


#2 Art-Tistic

Art-Tistic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 May 2011 - 07:19 AM

(report.txt)

Tue May 17 07:37:07 UTC 2011
Driver report for /mnt/sda1/WINDOWS/system32/drivers
d26e26ea516450af9d072635c60387f4 secdrv.sys has NO Company Name!

2b3ab725f78e3e5bf476c4a4764c486a 1394bus.sys
Microsoft Corporation

914a9709fc3bf419ad2f85547f2a4832 61883.sys
Microsoft Corporation

9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation

94ddd4b3acbd7a9558e1762cd58386f9 acpi.sys
Microsoft Corporation

e696e749bedcda8b23757b8b5ea93780 aeaudio.sys
Andrea Electronics Corporation

ff773feda15e8bd97fd54fe87a0acdbe aec.sys
Microsoft Corporation

51b1872b62d1c335bac53313913c8d5b afd.sys
Microsoft Corporation

65880045c51aa36184841cee915a61df agp440.sys
Microsoft Corporation

bef1a1ba294959466ab6bc54b01b08a7 agpcpq.sys
Microsoft Corporation

38f4bae3b4b9531425dff9f3af9d1afa aksclass.sys
tHVS_VERSION_INFOr*r*?banStringFileInfoB^CompanyNameAladdinKnowledgeSystemsLtd.RFileDescriptionAladdinClassDriverLFileVersion.builtby:WinDDKNInternalNameaksclass.sysforWIN.LegalCopyrightAladdinKnowledgeSystemsLtd.©-.BrOriginalFilenameaksclass.sysProductNameAladdinWDMDeviceDriverforUSBProtectionDevices.ProductVersion.DVarFileInfo$Translationt*

3f9f42085ab5b6a55498a539c54575ab akshasp.sys
tH`ttVS_VERSION_INFOb>b>?baStringFileInfoB^CompanyNameAladdinKnowledgeSystemsLtd.TFileDescriptionAKSHASPDeviceDriverLFileVersion.builtby:WinDDK:rInternalNameakshspx.sys.LegalCopyrightAladdinKnowledgeSystemsLtd.©-.BrOriginalFilenameakshspx.sysh$ProductNameAladdinHASPFunctionDeviceDriver.ProductVersion.DVarFileInfo$Translationt*

d2b95315cc47f9230006fdbcba394d8d aksusb.sys
tHvVS_VERSION_INFObb?baStringFileInfoB^CompanyNameAladdinKnowledgeSystemsLtd.VFileDescriptionAladdinUSBKeyDriverLFileVersion.builtby:WinDDKJInternalNameaksusb.sysforWIN.LegalCopyrightAladdinKnowledgeSystemsLtd.©-.>vOriginalFilenameaksusb.sysProductNameAladdinWDMDeviceDriverforUSBProtectionDevices.ProductVersion.DVarFileInfo$Translationt*

c793db379f9e81f6efe56e43df6b31d8 alim1541.sys
Microsoft Corporation

8d49db427f7c6eb6a044fea26cfad4ff amdagp.sys
Advanced Micro Devices

9db64a52f764ea5e822636dc4bd347a1 amdk6.sys
Microsoft Corporation

e1f2a5f066a6656c8cd5056947a73723 amdk7.sys
Microsoft Corporation

e47ae30589d7195bb044847fbb63a06e arp1394.sys
Microsoft Corporation

03f403b07a884fc2aa54a0916c410931 asyncmac.sys
Microsoft Corporation

95b858761a00e1d4f81f79a0da019aca atapi.sys
Microsoft Corporation

d649c57da6fa762c64013747e5d7d2d6 ati1btxx.sys
ATI Technologies

60b6aa2dc1521da343f781b70eb7895a ati1mdxx.sys
ATI Technologies

6fdc61e8e8e17f6ecc2d9a10fa8df347 ati1pdxx.sys
ATI Technologies

9d318099bf3876a4af4bc75966d27603 ati1raxx.sys
ATI Technologies

bcaf267b10620f8c93f6e87ab726e145 ati1rvxx.sys
ATI Technologies

dac7d785cf62f5bd41441e9d6f5a6efe ati1snxx.sys
ATI Technologies

f7706dae7d101f1b19ce552d772ebfce ati1ttxx.sys
ATI Technologies

6f714b4720dd80ffa9f8d2731594ea4c ati1tuxx.sys
ATI Technologies

67ffbc158dd4d27ba3fc92c6acd87f73 ati1xbxx.sys
ATI Technologies

0d8cab1f08f7d3c4de228b49e12e596a ati1xsxx.sys
ATI Technologies

2d030c2f6b036ca0bc243e1b16d924d1 ati2mtaa.sys
ATI Technologies

8759322ffc1a50569c1e5528ee8026b7 ati2mtag.sys
ATI Technologies

993e7bd6438fe989e328c6b4bca246a9 atinbtxx.sys
ATI Technologies

ed4c2bf8403f4437987c0ba09cf48716 atinmdxx.sys
ATI Technologies

e90ac2b14e98f1a4372e5891b4278784 atinpdxx.sys
ATI Technologies

da36687d701c833430605a298731410b atinraxx.sys
ATI Technologies

a7a01b907db63898d40b0a14248ff9a2 atinrvxx.sys
ATI Technologies

ceddee2e0591894d19654d458fd3b9be atinsnxx.sys
ATI Technologies

d80a8f6c0a717446496c3a06d33b0d9c atinttxx.sys
ATI Technologies

edd66332608d27f4fd5069bcd0bc5164 atintuxx.sys
ATI Technologies

3e7d485cbd0b0d9f6ea2ad9442411831 atinxbxx.sys
ATI Technologies

77b575d7aab35d5908ae6ce681608d62 atinxsxx.sys
ATI Technologies

8d735ca1cbdb0081b0e3b9ff0eb222d0 atmarpc.sys
Microsoft Corporation

39a0a59180f19946374275745b21aeba atmepvc.sys
Microsoft Corporation

882c3a43bbf994f092e0bc9f9e180cf7 atmlane.sys
Microsoft Corporation

e7ef69b38d17ba01f914ae8f66216a38 atmuni.sys
Microsoft Corporation

7bb8ff81847d1769497a1e12cc2f7d5d atwpkt264.sys
America Online

fb7921a88753a93e09e3eb5cf11f01a8 atwpkt2.sys
America Online

d9f724aa26c010a217c97606b160ed68 audstub.sys
Microsoft Corporation

e625773d7b950842d582f713656859c0 avcstrm.sys
Microsoft Corporation

f8e6956a614f15a0860474c5e2a7de6b avc.sys
Microsoft Corporation

e75ad5123e069bd5c72c1d4621218662 bdasup.sys
Microsoft Corporation

da1f27d85e0d1525f6621372e7b685e9 beep.sys
Microsoft Corporation

dba7442096f025a0490ec348f82acdbe bridge.sys
Microsoft Corporation

b279426e3c0c344893ed78a613a73bde bthenum.sys
Microsoft Corporation

fca6f069597b62d42495191ace3fc6c1 bthmodem.sys
Microsoft Corporation

80602b8746d3738f5886ce3d67ef06b6 bthpan.sys
Microsoft Corporation

662bfd909447dd9cc15b1a1c366583b4 bthport.sys
Microsoft Corporation

bb68cebffd181e18a26112d1b9f90f3d bthprint.sys
Microsoft Corporation

61364cd71ef63b0f038b7e9df00f1efa bthusb.sys
Microsoft Corporation

90a673fc8e12a79afbed2576f6a7aaf9 cbidf2k.sys
Microsoft Corporation

0be5aef125be881c4f854c554f2b025c ccdecode.sys
Microsoft Corporation

c1b486a7658353d33a10cc15211a873b cdaudio.sys
Microsoft Corporation

049a38451f2611caf2fd528e023a0b5a cdfs.sys
Microsoft Corporation

f19940a117a4f540805c3680e747fd90 cdrblock.sys
H`JllVS_VERSION_INFO?baStringFileInfobDCompanyNameCanopusCo,.Ltd.^FileDescriptionCD-ROMBlockFilterDrivervFileVersion,,,:rInternalNamecdrblock.sys?LegalCopyrightCopyright©-CanopusCo.,Ltd.Allrightsreserved.BrOriginalFilenamecdrblock.sysTProductNameCanopusDREngineLiibrary:vProductVersion,,,DVarFileInfo$Translation*

6506e033ad04cfec9ee56dbefd1083dd cdrom.sys
Microsoft Corporation

0d116214017a394b08897c3e4bde0607 cdrport.sys
HrLLVS_VERSION_INFO?baStringFileInfobDCompanyNameCanopusCo,.Ltd.j!FileDescriptionCanopusDREnginePortI/ODrivervFileVersion,,,bInternalNamecdrport.sys.LegalCopyright©CanopusCorporation.Allrightsreserved.@bOriginalFilenamecdrport.sysTProductNameCanopusDREngineLiibrary:vProductVersion,,,DVarFileInfo$Translation*

7e6f7da1c4de5680820f964562548949 cfwids.sys
McAfee

b562592b7f5759c99e179ca467ecfb4c cinemst2.sys
Ravisent Technologies

4e86b33aff1a6af46889cbcf90f0c8f0 classpnp.sys
Microsoft Corporation

9624293e55ad405415862b504ca95b73 cpqdap01.sys
Compaq Computer Corp

fc6368cbf164066ecc583dd27185bcfd crusoe.sys
Microsoft Corporation

2ac98caaf07009fbd461208386e6e3c0 CygF32x.sys
tH`DDVS_VERSION_INFO?StringFileInfobCommentsVCompanyNameCygnalIntegratedProductsHFileDescriptionCygFx_USB.sysvFileVersion,,,.aInternalNameUSBINT$LegalCopyright(LegalTrademarksHOriginalFilenameCygFx_USB.sysPrivateBuildbProductNameUSBExpress:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt*

e7095379375be297280ba5e68595a01d CygLib.sys
tH`VS_VERSION_INFO?StringFileInfobCommentsVCompanyNameCygnalIntegratedProductsFileDescriptionCygLibWDMSupportDrivervFileVersion,,,.aInternalNameCygLib|,LegalCopyrightCopyrightCygnalIntegratedProducts(LegalTrademarks>vOriginalFilenameCygLib.sysPrivateBuildProductName:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt

188eb90ac2b70c41fdd41ee36ae2a592 diskdump.sys
Microsoft Corporation

d1b16340ceaceecbf52340a0cbdf43e1 disk.sys
Microsoft Corporation

e18132d39407aadca6b1d19adf408a8a dmboot.sys
Microsoft Corp

aca44e9a8e2ff7c833664263c8478629 dmio.sys
Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys
Microsoft Corp

8a208dfcf89792a484e76c40e5f50b45 dmusic.sys
Microsoft Corporation

fd859e517fa2abb53654afa7ec9e3a94 drmkaud.sys
Microsoft Corporation

eef84aeba94e204f0a15d633a85a216d drmk.sys
Microsoft Corporation

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys
Microsoft Corporation

3d1383ae689ebc3a0f938b0aaece5596 dxg.sys
Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys
Microsoft Corporation

98b46b331404a951cabad8b4877e1276 e100b325.sys
Intel Corporation

80d1b490b60e74e002dc116ec5d41748 enum1394.sys
Microsoft Corporation

e4a3a8f3e60b542a747b10e86faa5dad fastfat.sys
Microsoft Corporation

19c5c7eac0190a42522290bf002f64ea fdc.sys
Microsoft Corporation

e153ab8a11de5452bcf5ac7652dbf3ed fips.sys
Microsoft Corporation

8f70d1f7606f7442e2f7383f3701d728 flpydisk.sys
Microsoft Corporation

b2cf4b0786f8212cb92ed2b50c6db6b0 fltmgr.sys
Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys
Microsoft Corporation

455f778ee14368468560bd7cb8c854d0 fsvga.sys
Microsoft Corporation

6ac26732762483366c3969c9e4d2259d ftdisk.sys
Microsoft Corporation

3a74c423cf6bcca6982715878f450a3b gagp30kx.sys
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

d95554949082fd29a04d351b58396718 hardlock.sys
?aStringFileInfoB^CompanyNameAladdinKnowledgeSystemsLtd.t&FileDescriptionHardlockDeviceDriverforWindowsNT*FileVersion.:rInternalNamehardlock.sys.LegalCopyrightAladdinKnowledgeSystemsLtd.©-.BrOriginalFilenamehardlock.sysl&ProductNameHardlockDeviceDriverforWindowsNT.ProductVersion.DVarFileInfo$Translationta`

573c7d0a32852b48f3058cfd8026f511 hdaudbus.sys
Windows Server DDK provider

7bd2de4c85eb4241eed57672b16a7d8d hidbth.sys
Microsoft Corporation

151b49e5cc28b76d84225ae2b69e02da hidclass.sys
Microsoft Corporation

bb1a6fb7d35a91e599973fa74a619056 hidir.sys
Microsoft Corporation

d099d5a07e97b09ca6a8070ca58678e7 hidparse.sys
Microsoft Corporation

1de6783b918f540149aa69943bdfeba8 hidusb.sys
Microsoft Corporation

970178e8e003eb1481293830069624b9 hsfbs2s2.sys
Conexant

1225ebea76aac3c84df6c54fe5e5d8be hsfcxts2.sys
Conexant

ebb354438a4c5a3327fb97306260714a hsfdpsp2.sys
Conexant

f80a415ef82cd06ffaf0d971528ead38 http.sys
Microsoft Corporation

7080f46568108cc6ea73e460ee6ee702 i8042prt.sys
Microsoft Corporation

3cb4410747f2330d97b10b656d5bb2ac imapi.sys
Microsoft Corporation

8c953733d8f36eb2133f5bb58808b66b intelppm.sys
Microsoft Corporation

3bb22519a194418d5fec05d800a19ad0 ip6fw.sys
Microsoft Corporation

731f22ba402ee4b62748adaf6363c182 ipfltdrv.sys
Microsoft Corporation

f56dd863ba732a4e8ee58d486c31250f ipinip.sys
Microsoft Corporation

fc672ad6e9676814a0c844912f2abcff ipnat.sys
Microsoft Corporation

1c4802409cfd4a7051f458b744cfcaa5 ipsec.sys
Microsoft Corporation

b43b36b382aea10861f7c7a37f9d4ae2 irbus.sys
Microsoft Corporation

c93c9ff7b04d772627a3646d89f7bf89 irenum.sys
Microsoft Corporation

e504f706ccb699c2596e9a3da1596e87 isapnp.sys
Microsoft Corporation

1e7f78c2fc393356cd884c6fde7966f9 kbdclass.sys
Microsoft Corporation

4e33c6dea3bcc50776f02a1c1ae28671 kbdhid.sys
Microsoft Corporation

10e0feb086d8c1419b958c9034e4668a kmixer.sys
Microsoft Corporation

abc70e8b89cce44731a346deb764bf95 ksecdd.sys
Microsoft Corporation

29f4584e6bdf44b39123622a65e25314 ks.sys
Microsoft Corporation

d1f8be91ed4ddb671d42e473e3fe71ab mcd.sys
Microsoft Corporation

195741aee20369980796b557358cd774 mdmxsdk.sys
Conexant

84d59a3eddfb9438fb94f7f80d37859d mfeapfk.sys
McAfee

67e961988312b1a28d6f93357b0bf998 mfeavfk.sys
McAfee

19161b1796cf74a6a326abde309062ba mfebopk.sys
McAfee

d723b22a3003711d3106dd2689768491 mfeclnk.sys
McAfee

d5f89b4934960c70882924d992c6abfc mfefirek.sys
McAfee

0efab2b91b27543fe589de700de07136 mfehidk.sys
McAfee

549dd4966bf0b1d1fc205ca0755a745b mfendisk.sys
McAfee

c9eda1eada2ab6e34cd1a10c3a24ab25 mferkdet.sys
McAfee

e6c5f7aade5a31c057d73201acfe8adf mfetdi2k.sys
McAfee

9c46695db5d49d9a7333807430a43be2 mf.sys
Microsoft Corporation

63c34814492aa65fc517b002de77b191 MidiSyn.sys
Analog Devices

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys
Microsoft Corporation

7760873e4ec17f288e61f00044dea000 modem.sys
Microsoft Corporation

81fb25d6ee5e0728d2c0630c58d7d908 mouclass.sys
Microsoft Corporation

b1c303e17fb9d46e87a98e4ba6769685 mouhid.sys
Microsoft Corporation

d4face53a1c48cf8419b4cf494d2ee2e mountmgr.sys
Microsoft Corporation

9821d854cdef4fb87c496bc9d9abbf54 mpe.sys
Microsoft Corporation

395b13bec1ef76b01ac4be8487ac65b2 mqac.sys
Microsoft Corporation

d30cba20cc355d3648b9fed5bb55a9d5 mrxdav.sys
Microsoft Corporation

7a3a2be44e12e2abde1af891e83ac130 mrxsmb.sys
Microsoft Corporation

1477849772712bac69c144dcf2c9ce81 msdv.sys
Microsoft Corporation

a1831538e119363d0d90d757ac8a2012 msfs.sys
Microsoft Corporation

13591e0a02e85de2a388f3ec4bd206df msgpc.sys
Microsoft Corporation

9686ded76afb73b48905c77a002c3ad5 mskssrv.sys
Microsoft Corporation

bd8a0dcf208c27e20416bf9e8aed9cf9 mspclock.sys
Microsoft Corporation

f6a726b8832db1f88326b8be98b11981 mspqm.sys
Microsoft Corporation

af5f4f3f14a8ea2c26de30f7a1e17136 mssmbios.sys
Microsoft Corporation

5c3f9bdf4db23b75306388fc26a0a8e5 mstape.sys
Microsoft Corporation

e53736a9e30c45fa9e7b5eac55056d1d mstee.sys
Microsoft Corporation

c53775780148884ac87c455489a0c070 mtlmnt5.sys
Smart Link

54886a652bf5685192141df304e923fd mtlstrm.sys
Smart Link

6dda78a0be692b61b668fab860f276cf mtxparhm.sys
Matrox Graphics

08c56887f06473b09fc1b39e7dec0fb6 mup.sys
Microsoft Corporation

b538dcd9816ea35fa4f637cfc261aaa8 mutohpen.sys
Microsoft Corporation

5b50f1b2a2ed47d560577b221da734db nabtsfec.sys
Microsoft Corporation

46dde6cdaa4677eb2d9b7df35a25f9a2 ndisip.sys
Microsoft Corporation

3b350e5a2a5e951453f3993275a4523a ndis.sys
Microsoft Corporation

08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys
Microsoft Corporation

e6b6d5e4c9c199b7bb56d7862ea68fbc ndisuio.sys
Microsoft Corporation

15787deca8c5428beeaa8044f544fd85 ndiswan.sys
Microsoft Corporation

59fc3fb44d2669bc144fd87826bb571f ndproxy.sys
Microsoft Corporation

e351339fa17c4a70940e15b5e3dae6e2 netbios.sys
Microsoft Corporation

d96f3bc5a6e7452b0e3275b560dc8528 netbt.sys
Microsoft Corporation

ff4ceca01030be87d530e2c5859738db nic1394.sys
Microsoft Corporation

be984d604d91c217355cdd3737aad25d nikedrv.sys
Diamond Multimedia Systems

bb7af7f10c210e3712ed703d0f047e09 nmnt.sys
Microsoft Corporation

20aba9f035e3a98877480e34fcc4dcb3 npfs.sys
Microsoft Corporation

e3ae9c79498210a5f39fe5a9ad62bc55 ntfs.sys
Microsoft Corporation

15a72d5b8f0b6a718207f14bd5ebb8ff NTIDrvr.sys
NewTech Infosystems

576b34ceae5b7e5d9fd2775e93b3db53 ntmtlfax.sys
Smart Link

73c1e1f395918bc2c6dd67af7591a3ad null.sys
Microsoft Corporation

839bf4e6352551af1f055997856f17ed nv4_mini.sys
NVIDIA Corporation

b305f3fad35083837ef46a0bbce2fc57 nwlnkflt.sys
Microsoft Corporation

c99b3415198d1aab7227f2c88fd664b9 nwlnkfwd.sys
Microsoft Corporation

e700e93f7c4acb65dca2b7dda9b36ce3 nwlnkipx.sys
Microsoft Corporation

56d34a67c05e94e16377c60609741ff8 nwlnknb.sys
Microsoft Corporation

c0bb7d1615e1acbdc99757f6ceaf8cf0 nwlnkspx.sys
Microsoft Corporation

fbbf2c101bc0b9a8abe55ae884003ba6 nwrdr.sys
Microsoft Corporation

52c36c911f83f200130b2f84e01f3511 ohci1394.sys
Microsoft Corporation

4bb30ddc53ebc76895e38694580cdfe9 oprghdlr.sys
Microsoft Corporation

1fc8a7e5c3aed31f00940c6ab2fd9b49 ov550i.sys
tH`bVS_VERSION_INFOa)n?<StringFileInfobCommentsCompanyNameOmnivisionTechnologies,Inc.ZFileDescriptionStreamClassMiniDrivervFileVersion...vInternalNameovi.sysLegalCopyrightCopyrightOmnivisionTechnologies,Inc.-(LegalTrademarks>vOriginalFilenameovi.sysPrivateBuildVProductNameOmnivisionUSBCameraMosqbProductVersion...SpecialBuildDVarFileInfo$Translationt*

a724b79af03c0f38cfbd8ef3a49829e6 p3.sys
Microsoft Corporation

803cf09c795290825607505d37819135 PalmUSBD.sys
tHVS_VERSION_INFO?StringFileInfobvCompanyNamePalm,Inc.x(FileDescriptionUSBDriverforPalmOSHandheldDevicesvFileVersion,,,@InternalNamePalmUSBDriverLegalCopyrightCopyrightPalm,Inc.LegalTrademarksHotSyncisaregisteredtrademarkofPalm,Inc.BrOriginalFilenamePalmUSBD.sysBProductNameHotSyncManager:vProductVersion,,,DVarFileInfo$Translationt

67fd105f525a94c0246c9088e85a2f3b parport.sys
Microsoft Corporation

3334430c29dc338092f79c38ef7b4cd0 partmgr.sys
Microsoft Corporation

70e98b3fd8e963a6a46a2e6247e0bea1 parvdm.sys
Microsoft Corporation

ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys
Microsoft Corporation

146d37a214304bd3432cfd3360ff067f pciidex.sys
Microsoft Corporation

9390447f3b1be5064a3ebe98c555a1e5 pci.sys
Microsoft Corporation

4ca446e011e2f61ac45eb2e3bc3f1584 pcmcia.sys
Microsoft Corporation

da86016f0672ada925f589ede715f185 pfc.sys
Padus

560220102acc7edc5f22d791e7e39058 portcls.sys
Microsoft Corporation

0f8a31ab9d8963f66ad93d3f69a1914c processr.sys
Microsoft Corporation

944440247fe6988c88b376ed85a0cd1a psched.sys
Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys
Parallel Technologies

b572ed0c3e6165643fa116af20425a54 pxhelp20.sys
Sonic Solutions

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys
Microsoft Corporation

4c242c79a9c0d98d52d6f8cb9248d528 rasl2tp.sys
Microsoft Corporation

888335b3be346119cf7b4eff3a3fca7c raspppoe.sys
Microsoft Corporation

fed674d73eb56c35444f701e847bf85b raspptp.sys
Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys
Microsoft Corporation

01524cd237223b18adbb48f70083f101 rawwan.sys
Microsoft Corporation

df80c149c96fcfbb8a3dc3d5dd950aa8 rdbss.sys
Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys
Microsoft Corporation

15cabd0f7c00c47c70124907916af3f1 rdpdr.sys
Microsoft Corporation

6728e45b66f93c08f11de2e316fc70dd rdpwd.sys
Microsoft Corporation

e9aaa0092d74a9d371659c4c38882e12 recagent.sys
Smart Link

f828dd7e1419b6653894a8f97a0094c5 redbook.sys
Microsoft Corporation

851c30df2807fcfa21e4c681a7d6440e rfcomm.sys
Microsoft Corporation

a56fe08ec7473e8580a390bb1081cdd7 rio8drv.sys
Diamond Multimedia Systems

0a854df84c77a0be205bfeab2ae4f0ec riodrv.sys
Diamond Multimedia Systems

35e81b908ae4e97fc7bdf4607c516ff4 RMCast.sys
Microsoft Corporation

f18e651e4b6c7d8bd367454e016ab5d4 rndismp.sys
Microsoft Corporation

726548542afeca56257ff01eb13bb6d7 rndismpx.sys
Microsoft Corporation

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys
Microsoft Corporation

0dbcc071a268e0340a2ba6bdd98bace4 s3gnbm.sys
SGraphics

f1d2d6d805ae2856f3d923e949ad917d scsiport.sys
Microsoft Corporation

8d04819a3ce51b9eb47e5689b44d43c4 sdbus.sys
Microsoft Corporation

d26e26ea516450af9d072635c60387f4 secdrv.sys

65a7c4d86c153c82e33a552c217abb29 serenum.sys
Microsoft Corporation

dc7cbfec14b1b38bcf32aba922ffeaad serial.sys
Microsoft Corporation

0fa803c64df0914b41f807ea276bf2a6 sffdisk.sys
Microsoft Corporation

d66d22d76878bf3483a6be30183fb648 sffp_mmc.sys
Microsoft Corporation

c17c331e435ed8737525c86a7557b3ac sffp_sd.sys
Microsoft Corporation

4e1b8866f3d208dee3906a191cb493e3 sfloppy.sys
Microsoft Corporation

e8cc4ba7b2e962bd932c7bf678e762e0 sf.sys
tHnVS_VERSION_INFO?tXStringFileInfobp,CommentsDSPServicedriverforIntel®mainboardsBCompanyNameSonicFocus,IncNFileDescriptionDSPservicedriverbFileVersion....aInternalNamesf.syst(LegalCopyrightCopyright©,SonicFocusInc(LegalTrademarksaOriginalFilenamesf.sysPrivateBuild^ProductNameSonicFocusDSPservicedriver<bProductVersion...SpecialBuildDVarFileInfo$Translationt

6fbba21e5ad173ecad3144ddff3a89bf SIODRV.SYS
Intel Corporation

5a61f7f9dfb3d3bf5c5c72c36a375428 sisagp.sys
Silicon Integrated Systems

80b86f9b9ec4cd0e25627e4a7c54826a slip.sys
Microsoft Corporation

d9673011648a71ed1e1f77b831bc85e6 slnt7554.sys
Smart Link

2c1779c0feb1f4a6033600305eba623a slntamr.sys
Smart Link

f9b8e30e82ee95cf3e1d3e495599b99c slnthal.sys
Smart Link

db56bb2c55723815cf549d7fc50cfceb slwdmsup.sys
Smart Link

a50c1a6d6952c977b58e981264deab2c smbali.sys
Microsoft Corporation

d72a21424ca66c7a745bd995eca6a710 SMBios.sys
Intel Corporation

067114712715d88e1fccaba33e418e24 smb.sys
Intel Corporation

017daecf0ed3aa731313433601ec40fa smclib.sys
Microsoft Corporation

f1771926a47a18bd3a3edac334fc78e0 smsens.sys
Analog Devices

7d9b50329af9fd94b0529282530d2cb7 smwdm.sys
Analog Devices

8970aefce5c8766bb7b04e9e51e550a8 sonydcam.sys
Microsoft Corporation

a1eceeaa5c5e74b2499eb51d38185b84 SONYPVU1.SYS
Sony Corporation

ab8b92451ecb048a4d1de7c3ffcb4a9f splitter.sys
Microsoft Corporation

1c63fe706ab797bc3c24813ff969b4de Spyder3.sys
tH`pbbVS_VERSION_INFO?balStringFileInfoHbCommentsCompanyNameZFileDescriptionSpyderUSBDriver.-vFileVersion,,,InternalNameHLegalCopyright©DatacoloraLegalTrademarksSpyder(OriginalFilenamePrivateBuildProductName:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt*

76bb022c2fb6902fd5bdd4f78fc13a5d sr.sys
Microsoft Corporation

94619eb663216f9bf12f9b950fcab3c0 srv.sys
Microsoft Corporation

503ffda14d746fbcbfb601eaccee6fd0 stmkrnl.sys
tHVS_VERSION_INFO?VStringFileInfoaDCompanyNameCanopusCo.,Ltd.TFileDescriptionDVStorm-RTWDMDrivertFileVersion..bInternalNamestmkrnlx*LegalCopyrightCopyright©-CanopusCo.,Ltd.@bOriginalFilenamestmkrnl.sysvProductNameDVStorm-RT.ProductVersion.DVarFileInfo$Translation

c0e7e159415c1d10a88297b7eba01066 streamip.sys
Microsoft Corporation

0ec1d6ad48588545d5c282e28524e385 stream.sys
Microsoft Corporation

064740c5c02de46723c4b8200ee876df swenum.sys
Microsoft Corporation

94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys
Microsoft Corporation

5c66e6aa29dad1875cc74662dd13c87e symsnap.sys
ttPxVS_VERSION_INFOGG?aStringFileInfoB:rCompanyNameStorageCraftdFileDescriptionStorageCraftVolumeSnap-ShotbFileVersion...bInternalNameSymSnap.sysELegalCopyrightCopyright-StorageCraftCorporation.Allrightsreserved.@bOriginalFilenameSymSnap.sysProductNameStorageCraftVolumeSnap-ShotDevelopmentEditionProductVersion..PlatformxDVarFileInfo$Translationt

b0b19f036f76333ab3338c7493e87b12 sysaudio.sys
Microsoft Corporation

d1570ddee0b8ad173a689f1a9a343b57 tape.sys
Microsoft Corporation

7e6d0adc725fa65bdfafd4752d9777ae tcpip6.sys
Microsoft Corporation

244a2f9816bc9b593957281ef577d976 tcpip.sys
Microsoft Corporation

fd6a09d156139030729cf5f08f5d0cb9 tdi.sys
Microsoft Corporation

6471a66807f5e104e4885f5b67349397 tdpipe.sys
Microsoft Corporation

c56b6d0402371cf3700eb322ef3aaf61 tdtcp.sys
Microsoft Corporation

88155247177638048422893737429d9e termdd.sys
Microsoft Corporation

699450901c5ccfd82357cbc531cedd23 tosdvd.sys
Microsoft Corporation

d74a8ec75305f1d3cfde7c7fc1bd62a9 tsbvcap.sys
Toshiba Corporation

fcf888ad3bf91c61501093d5b2e104ba tunmp.sys
Microsoft Corporation

d85938f272d1bcf3db3a31fc0a048928 uagp35.sys
Microsoft Corporation

01ca8ec606522d2f60820b0c0086fdd5 udfs.sys
Microsoft Corporation

1b698a51cd528d8da4ffaed66dfc51b9 ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

164cfae1d766905f56c432acfc54f28c update.sys
Microsoft Corporation

567d6c305295fea98e02fd3e5258ca89 usb8023.sys
Microsoft Corporation

b6cc50279d6cd28e090a5d33244adc9a usb8023x.sys
Microsoft Corporation

1df89c499bf45d878b87ebd4421d462d usbaapl.sys
Apple

61018ba9df6b63e51d9753c980e73ec2 usbcamd2.sys
Microsoft Corporation

2654eecc6fb13603ebddcd5c8ea943d1 usbcamd.sys
Microsoft Corporation

79fee3cfec5b14194dbe0a703d82b2a4 usbccgp.sys
Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys
Microsoft Corporation

2d0c2f3836f72e85d41d9c50aeeb5423 usbehci.sys
Microsoft Corporation

d7bf70ac85e48b6c4df953401eccb75a usbhub.sys
Microsoft Corporation

7e29fede2050071c806d8bac7700e1ad usbintel.sys
Microsoft Corporation

2ecaba73e8a4e58499bcc1fdb534ef34 usbport.sys
Microsoft Corporation

a717c8721046828520c9edf31288fc00 usbprint.sys
Microsoft Corporation

a0b8cf9deb1184fbdd20784a58fa75d4 usbscan.sys
Microsoft Corporation

4923c60f9c381eae679db04021d26abb usbstor.sys
Microsoft Corporation

49ec068278d85bc1e20ac7f3d315e940 usbuhci.sys
Microsoft Corporation

63bbfca7f390f4c49ed4b96bfb1633e0 usbvideo.sys
Microsoft Corporation

16662738e1ab857fb91ed2d4065440b0 v2imount.sys
Symantec Corporation

55e01061c74a8cefff58dc36114a8d3f vdmindvd.sys
Ravisent Technologies

08d2edfd7261242b8aea27f1fe11e120 vga.sys
Microsoft Corporation

cdb62aaa807c1a0a3a8449f83267e628 viaagp.sys
Microsoft Corporation

44056e9fee477f512ee58bcfee949621 viamraid.sys
VIA Technologies

9b900adeee167b99207ececccb5712a9 videoprt.sys
Microsoft Corporation

6fdc9523ef81617cf5028f47fcaf0fbe volsnap.sys
Microsoft Corporation

6666a8ddcf315635fc3c13f18c944b19 vproeventmonitor.sys
Symantec Corporation

aced8c149b30f8496c237bcba3727b48 wacompen.sys
Microsoft Corporation

0308aef61941e4af478fa1a0f83812f5 wadv07nt.sys
Intel Corporation

714038a8aa5de08e12062202cd7eaeb5 wadv08nt.sys
Intel Corporation

7bb3aa595e4507a788de1cdc63f4c8c4 wadv09nt.sys
Intel Corporation

36e6c405b6143d09687f4056fd9a0d10 wadv11nt.sys
Intel Corporation

484af08f15d1306ff2e8b64fe62a160c wanarp.sys
Microsoft Corporation

0a716c08cb13c3a8f4f51e882dbf7416 wanatw4.sys
America Online

352fa0e98bc461ce1ce5d41f64db558d watv06nt.sys
Intel Corporation

791cc45de6e50445be72e8ad6401ff45 watv10nt.sys
Intel Corporation

060e8cb99cc0a6751db5810c042b0d45 wdf01000.sys
Microsoft Corporation

1ae09b348931ad27e6af320acbac4bc8 wdfldr.sys
Microsoft Corporation

499b653356a9e5589ee83ac47e5d2a8c wdmaud.sys
Microsoft Corporation

f9ad3a5e3fd7e0bdb18b8202b0fdd4e4 WimFltr.sys
Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys
Microsoft Corporation

cf4def1bf66f06964dc0d91844239104 wpdusb.sys
Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys
Microsoft Corporation

c98b39829c2bbd34e454150633c62c78 wstcodec.sys
Microsoft Corporation

f15feafffbb3644ccc80c5da584e6311 WudfPf.sys
Microsoft Corporation

28b524262bce6de1f7ef9f510ba3985b WudfRd.sys
Microsoft Corporation

Driver report for /mnt/sda1/Documents and Settings/Anthony/My Documents/slide-scanner/Driver/Driver/32BitDriver/System32/Drivers
/mnt/sda1/Documents
Settings/Anthony/My Documents/slide-scanner/Driver/Driver/32BitDriver/System32/Drivers/ov550i.sys has NO Company Name!

1fc8a7e5c3aed31f00940c6ab2fd9b49 /mnt/sda1/Documents and Settings/Anthony/My Documents/slide-scanner/Driver/Driver/32BitDriver/System32/Drivers/ov550i.sys
tH`bVS_VERSION_INFOa)n?<StringFileInfobCommentsCompanyNameOmnivisionTechnologies,Inc.ZFileDescriptionStreamClassMiniDrivervFileVersion...vInternalNameovi.sysLegalCopyrightCopyrightOmnivisionTechnologies,Inc.-


(regreport.txt)


Remote Registry Report

Hive </mnt/sda1/WINDOWS/system32/config/software>
\Microsoft\Windows NT\CurrentVersion> Value <ProductName> of type REG_SZ, data length 42 [0x2a]
Microsoft Windows XP
\Microsoft\Windows NT\CurrentVersion> Value <CSDVersion> of type REG_SZ, data length 30 [0x1e]
Service Pack 1
\Microsoft\Windows NT\CurrentVersion> Value <SystemRoot> of type REG_SZ, data length 22 [0x16]
C:\WINDOWS
\Microsoft\Windows NT\CurrentVersion\Windows> Value <AppInit_DLLs> of type REG_SZ, data length 2 [0x2]
(...)\Windows NT\CurrentVersion\Winlogon> Value <Shell> of type REG_SZ, data length 26 [0x1a]
Explorer.exe
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
(...)\Windows NT\CurrentVersion\Winlogon\Notify> Node has 10 subkeys and 0 values
<crypt32chain>
<cryptnet>
<cscdll>
<EFS>
<ScCertProp>
<Schedule>
<sclgntfy>
<SensLogn>
<termsrv>
<wlballoon>
\Microsoft\Windows\CurrentVersion\Run> Node has 0 subkeys and 2 values
size type value name [value if type DWORD]
78 REG_SZ <SRFirstRun>
48 REG_SZ <SchedulingAgent>
(...)\Windows\CurrentVersion\policies\system> Node has 0 subkeys and 5 values
4 REG_DWORD <dontdisplaylastusername> 0 [0x0]
4 REG_DWORD <legalnoticecaption> 1 [0x1]
8 REG_SZ <legalnoticetext>
4 REG_DWORD <shutdownwithoutlogon> 1 [0x1]
4 REG_DWORD <undockwithoutlogon> 1 [0x1]


Hive </mnt/sda1/Documents and Settings/Anthony/ntuser.dat>
(...)\Microsoft\Windows\CurrentVersion\Run> Node has 1 subkeys and 8 values
<AdobeUpdater>
size type value name [value if type DWORD]
62 REG_SZ <ctfmon.exe>
190 REG_SZ <updateMgr>
104 REG_SZ <MSMSGS>
148 REG_SZ <swg>
90 REG_SZ <Ubitoyowuyaz>
128 REG_SZ <AdobeUpdater>
198 REG_SZ <tun70uidop.exe>
84 REG_SZ <R8388QA8U8>
(...)\Windows\CurrentVersion\Policies\Explorer> Node has 0 subkeys and 1 values
4 REG_DWORD <NoDriveTypeAutoRun> 145 [0x91]



(filefind.txt)

Search results for winlogon.exe

2246d8d8f4714a2cedb21ab9b1849abb /mnt/sda1/WINDOWS/system32/winlogon.exe
504.5K Aug 29 2002


Search results for explorer.exe

7712df0cdde3a5ac89843e61cd5b3658 /mnt/sda1/WINDOWS/$hf_mig$/KB938828/SP2QFE/explorer.exe
1009.0K Jun 13 2007

a82b28bfc2e4455fe43022a498c0ef0a /mnt/sda1/WINDOWS/explorer.exe
980.5K Aug 29 2002

a0732187050030ae399b241436565e64 /mnt/sda1/WINDOWS/$NtUninstallKB938828$/explorer.exe
1008.0K Aug 4 2004


Search results for Userinit.exe

e931e0a2b8bf0019db902e98d03662cb /mnt/sda1/WINDOWS/system32/userinit.exe
21.5K Aug 29 2002




and a partridge in a pear-tree :)

#3 Art-Tistic

Art-Tistic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 May 2011 - 07:23 AM

just uploaded the bin file....thanks for your assistance!

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 18 May 2011 - 06:29 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.



Please describe exactly what happens when you try to boot and make sure you tell me if you have the Windows XP CD for this machine.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Art-Tistic

Art-Tistic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 19 May 2011 - 06:15 AM

I have "a" windows XP professional disc that I believe was the one I used when I built this machine.

The machine started acting up on my wife and daughter a few nights ago. They received a malware/spyware message suggesting the machine was compromised and that they should purchase and download "this" software to remove the spyware...my wife knew that it was probably false and proceeded to run a McAfee scan. she noticed that computer at some point wound up in a continual boot loop. the machine would do an initial poll, go to the Window XP professional splash screen, the progress bar would cycle 2 1/2 times and then a quick "blue screen" flash and it would repeat.

I tried to boot in safe mode....no luck
I tried to rebuild/repair the OS with the OEM disc....no luck

I found your forum and a similar problem so I followed similar steps and produced the data that I posted above.

I have since pulled the hard drive, installed it in another machine and ran a malwarebytes scan on the drive.....it found and removed 17 issues, 3 of which were Rootkits...

I repeated my attempts to repair and boot the drive in the original computer but have not gotten past the original booting problems....

Thank you for your assistance in resolving this problem....

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 19 May 2011 - 07:46 AM

Can you boot into Safe Mode or Safe Mode with Command Prompt?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 25 May 2011 - 06:26 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 29 May 2011 - 06:25 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users