Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unwanted Restarts, Unable to Run Step 4 (GMER)


  • This topic is locked This topic is locked

#1
jinsai

jinsai

    Member

  • Member
  • PipPip
  • 16 posts
Problem: Two nights ago, I noticed my computer had restarted itself after I had shut it down for the night.

Background: A few months back, the same computer had a nasty cryptor virus that prevented me from opening any desktop icons or system files. A friend helped me wipe the harddrive, and we replaced AVG with Avast. I've run several boot and system scans which have come up clear.

On Sunday, my wireless router died. Until it could be fixed, I switched to the ethernet cord. That night, I shut down the computer, only to wake up to find it on the next morning. Assuming I had been tired and made a mistake, I shrugged it off. However, last night it happened again! Not only that but after RE-shutting it down, some time later it restarted again! (Around midnight and again around 4 am, waking me up.)

Fearing a hijacking, I raced to this page and forum. I downloaded and ran steps 1-3 but I'm unable to complete step 4, the GMER rookit scanner. Twice I got the blue screen of death and my computer restarted. Then it froze. I had to shut it down via the power key, and restarted it in safe mode. Ran avast, which came up clear. Tried again. This time the scan began, then stopped half-way through, freezing the computer. I tried to rename the file as was recommend for the malwarebytes part. This time, the blue screen of death came up with the message "pwrcrub say PAGE FAULT IN NON-PAGE AREA", which is all I could read before it restarted.


I have windows vista on this laptop, which is about 4 years old. The ethernet cord actually ceased working at one point - that is, I had no internet at all for a time. It seems to be working now however. I typically use google chrome as my browser.

Please tell me where I should go from here! Should I skip the rootkit and run the next step?


Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4573

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

9/9/2010 5:25:01 AM
mbam-log-2010-09-09 (05-25-01).txt

Scan type: Quick scan
Objects scanned: 133494
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



(I also have a small notebook computer, but that one is having (different) problems as well, and I don't know why. The internet browsers on that computer are slow to open and only do so after multiple clicks. ARGH!)

EDIT: I tried once more but was only able to get partway through the scan before the blue screen of death came up and the computer restarted again, this time with a different reason. I would guess this means there is some kind of rootkit screwing things up, but I don`t know how I`m supposed to discover this for sure when I can`t even get the full scan to run.

I had to leave for work, so I shut everything down, pulled the plug and yanked the cord. No idea if that was the right thing to do or not.

EDIT II: OTL downloaded with the scan run. Still unable to run GMER but here are the OTL scan results:

OTL logfile created on: 9/12/2010 9:15:05 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Shinigami\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.15 Gb Total Space | 56.03 Gb Free Space | 53.80% Space Free | Partition Type: NTFS
Drive D: | 7.64 Gb Total Space | 1.11 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHINIGAMI-PC
Current User Name: Shinigami
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/12 20:48:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Shinigami\Downloads\OTL.exe
PRC - [2010/09/08 00:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 00:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/12 21:15:19 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/12 21:15:19 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/13 03:17:14 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2010/07/13 03:06:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/26 23:40:03 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2007/04/24 10:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/04/24 10:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/02/12 23:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 23:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/07 23:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2006/10/26 14:54:52 | 000,401,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPCMNT.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/12 20:48:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Shinigami\Downloads\OTL.exe
MOD - [2010/07/10 02:06:37 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll
MOD - [2010/07/10 02:06:37 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll
MOD - [2006/11/02 18:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
MOD - [2006/11/02 18:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2006/11/02 18:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006/10/26 14:55:14 | 001,248,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPTIP.DLL
MOD - [2006/10/26 14:55:14 | 001,146,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IMJP12K.DLL
MOD - [2006/10/26 14:55:12 | 001,019,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPAPI.DLL
MOD - [2006/10/26 14:55:10 | 000,999,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IMJP12.IME
MOD - [2006/10/26 14:55:02 | 000,672,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMETIP.DLL
MOD - [2006/10/26 14:54:48 | 000,308,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPPRED.DLL
MOD - [2006/10/26 14:54:34 | 000,174,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMJKAPI.DLL
MOD - [2006/10/26 14:54:12 | 000,090,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\SHARED\IMECFM.DLL
MOD - [2006/10/26 14:53:38 | 000,019,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPCMPS.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 00:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 00:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 00:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/12 21:15:19 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/13 03:17:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/24 10:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/24 10:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 23:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/07 23:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/10 06:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/06/22 16:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 23:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 23:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 23:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 23:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 23:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 21:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 21:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/29 01:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/01 21:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/22 09:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/12/01 02:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/17 21:19:30 | 000,143,872 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/16 02:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 21:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 19:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 18:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 18:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 18:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 16:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 16:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 16:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/29 01:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/12 21:56:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 21:56:21 | 000,000,000 | ---D | M]

[2010/07/21 15:24:41 | 000,000,000 | ---D | M] -- C:\Users\Shinigami\AppData\Roaming\Mozilla\Extensions
[2010/09/12 20:08:56 | 000,000,000 | ---D | M] -- C:\Users\Shinigami\AppData\Roaming\Mozilla\Firefox\Profiles\rf0dt08n.default\extensions
[2010/07/21 15:35:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shinigami\AppData\Roaming\Mozilla\Firefox\Profiles\rf0dt08n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 15:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/11 19:25:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IME JPN 2007 Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/26 23:18:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/12 00:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\temp
[2010/09/11 19:31:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/11 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/11 19:07:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/11 19:07:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/11 19:07:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/11 19:07:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/11 19:06:41 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/11 18:50:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/09 06:10:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/09 05:17:48 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Malwarebytes
[2010/09/09 05:17:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/09 05:17:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/09 05:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 05:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/09 05:15:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/09 05:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/09 04:56:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/09/09 04:56:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/09 04:55:52 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Sunbelt Software
[2010/09/09 04:54:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/09 04:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/09 04:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/02 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Adobe
[2010/08/21 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Desktop\Cosplay
[2010/08/08 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/08 19:07:09 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\BitTorrent
[2010/07/30 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\CyberLink
[2010/07/22 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\vlc
[2010/07/21 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/21 15:48:53 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Microsoft Help
[2010/07/21 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Mozilla
[2010/07/21 15:24:20 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Mozilla
[2010/07/21 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/14 22:00:28 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Real
[2010/07/14 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Google
[2010/07/14 21:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/07/14 21:54:54 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/07/14 21:54:53 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/07/14 21:54:49 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/07/14 21:54:45 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/07/14 21:54:29 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/07/14 21:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/14 21:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/07/14 21:53:16 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/07/14 21:53:16 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/07/14 21:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/14 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/10 16:45:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/10 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\HP
[2010/07/10 01:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/10 01:06:43 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Hewlett-Packard
[2010/07/10 01:06:22 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\QuickPlay
[2010/07/10 01:05:59 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Adobe
[2010/07/10 01:05:44 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Searches
[2010/07/10 01:05:37 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Identities
[2010/07/10 01:05:33 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Contacts
[2010/07/10 01:04:36 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\VirtualStore
[2010/07/10 01:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bioscrypt
[2010/07/10 01:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
[2010/07/10 01:01:31 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Macromedia
[2010/07/10 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Roaming\Hewlett-Packard
[2010/07/10 00:58:45 | 000,000,000 | --SD | C] -- C:\Users\Shinigami\AppData\Roaming\Microsoft
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Videos
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Saved Games
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Pictures
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Music
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Links
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Favorites
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Downloads
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Documents
[2010/07/10 00:58:45 | 000,000,000 | R--D | C] -- C:\Users\Shinigami\Desktop
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\AppData\Local\Temporary Internet Files
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Templates
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Start Menu
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\SendTo
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Recent
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\PrintHood
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\NetHood
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Documents\My Videos
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Documents\My Pictures
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Documents\My Music
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\My Documents
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Local Settings
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\AppData\Local\History
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Cookies
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\Application Data
[2010/07/10 00:58:45 | 000,000,000 | -HSD | C] -- C:\Users\Shinigami\AppData\Local\Application Data
[2010/07/10 00:58:45 | 000,000,000 | -H-D | C] -- C:\Users\Shinigami\AppData
[2010/07/10 00:58:45 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\AppData\Local\Microsoft
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/07/10 00:47:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/07/09 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Poetry
[2010/07/09 22:47:18 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Hetalia
[2010/07/09 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Gundam Wing
[2010/07/09 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Gravitation ffn
[2010/07/09 22:45:23 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Eroica
[2010/07/09 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Documents\Channel
[2010/07/09 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\Shinigami\Desktop\ANGIEEEE

========== Files - Modified Within 90 Days ==========

[2010/09/12 21:17:43 | 001,572,864 | -HS- | M] () -- C:\Users\Shinigami\NTUSER.DAT
[2010/09/12 21:00:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 20:58:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 20:58:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 20:04:52 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/12 20:04:52 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/12 20:04:52 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/12 20:00:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/12 19:58:51 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/12 19:58:09 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 19:58:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 19:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 19:51:59 | 000,000,680 | ---- | M] () -- C:\Users\Shinigami\AppData\Local\d3d9caps.dat
[2010/09/12 19:48:34 | 001,458,315 | -H-- | M] () -- C:\Users\Shinigami\AppData\Local\IconCache.db
[2010/09/11 20:17:55 | 323,438,665 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/11 19:26:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/11 19:25:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/11 18:40:28 | 000,014,336 | ---- | M] () -- C:\Users\Shinigami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 17:03:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/09 04:54:15 | 000,001,031 | ---- | M] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/09 04:54:15 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/09/08 22:29:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/08 00:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/08 00:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 23:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 23:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 23:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 23:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 23:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/12 21:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/12 21:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/08/03 20:10:56 | 000,032,202 | ---- | M] () -- C:\Users\Shinigami\Documents\PSOH.docx
[2010/07/27 23:08:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010/07/21 16:05:13 | 000,104,952 | ---- | M] () -- C:\Users\Shinigami\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/21 16:03:54 | 000,392,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/21 15:49:23 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/07/21 15:22:48 | 000,001,748 | ---- | M] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/21 15:22:48 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/21 14:46:58 | 000,000,943 | ---- | M] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/14 21:56:08 | 000,001,955 | ---- | M] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/14 21:54:46 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/13 22:52:17 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2010/07/13 22:45:08 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2010/07/13 03:45:43 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/07/13 03:22:31 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/07/10 10:52:50 | 000,524,288 | -HS- | M] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/07/10 10:52:50 | 000,524,288 | -HS- | M] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 10:52:50 | 000,065,536 | -HS- | M] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/07/10 02:12:36 | 022,020,096 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/07/10 02:12:36 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/07/10 02:12:36 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/07/10 01:02:36 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE72141YF_E439783-002_4A_I30CD_SWistron_V80.23_F.05_T070404_WV2-0_L409_M2038_J120_7Intel_86FD_91.80_#100709_N11AB4353;80864222_(RM922AV#ABA)_XMOBILE_CN10_Z.MRK
[2010/07/10 01:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/10 00:58:49 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG
[2010/07/10 00:58:45 | 000,000,020 | -HS- | M] () -- C:\Users\Shinigami\ntuser.ini

========== Files Created - No Company Name ==========

[2010/09/12 19:51:59 | 000,000,680 | ---- | C] () -- C:\Users\Shinigami\AppData\Local\d3d9caps.dat
[2010/09/11 19:07:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/11 19:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/11 19:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/11 19:07:06 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/11 19:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/10 16:31:20 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/09/09 06:09:30 | 323,438,665 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/09 05:05:06 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/09 04:54:15 | 000,001,031 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/09 04:54:15 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/03 16:27:27 | 000,032,202 | ---- | C] () -- C:\Users\Shinigami\Documents\PSOH.docx
[2010/07/21 15:27:42 | 000,014,336 | ---- | C] () -- C:\Users\Shinigami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 15:22:48 | 000,001,748 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/21 15:22:48 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/14 22:00:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/07/14 21:56:08 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/14 21:56:08 | 000,001,955 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/14 21:55:19 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/14 21:55:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/14 21:54:46 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/13 22:52:17 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2010/07/13 22:45:08 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010/07/13 03:22:31 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/07/10 02:09:56 | 022,020,096 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/07/10 02:09:56 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/07/10 02:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/07/10 01:09:28 | 000,000,943 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/10 01:06:29 | 000,000,000 | ---- | C] () -- C:\Users\Shinigami\AppData\Local\QSwitch.txt
[2010/07/10 01:06:29 | 000,000,000 | ---- | C] () -- C:\Users\Shinigami\AppData\Local\DSwitch.txt
[2010/07/10 01:06:29 | 000,000,000 | ---- | C] () -- C:\Users\Shinigami\AppData\Local\AtStart.txt
[2010/07/10 01:02:36 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE72141YF_E439783-002_4A_I30CD_SWistron_V80.23_F.05_T070404_WV2-0_L409_M2038_J120_7Intel_86FD_91.80_#100709_N11AB4353;80864222_(RM922AV#ABA)_XMOBILE_CN10_Z.MRK
[2010/07/10 01:02:06 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/10 00:58:49 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
[2010/07/10 00:58:45 | 001,572,864 | -HS- | C] () -- C:\Users\Shinigami\NTUSER.DAT
[2010/07/10 00:58:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/07/10 00:58:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 00:58:45 | 000,262,144 | -H-- | C] () -- C:\Users\Shinigami\ntuser.dat.LOG1
[2010/07/10 00:58:45 | 000,065,536 | -HS- | C] () -- C:\Users\Shinigami\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/07/10 00:58:45 | 000,000,258 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/10 00:58:45 | 000,000,240 | ---- | C] () -- C:\Users\Shinigami\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/10 00:58:45 | 000,000,020 | -HS- | C] () -- C:\Users\Shinigami\ntuser.ini
[2010/07/10 00:58:45 | 000,000,000 | -H-- | C] () -- C:\Users\Shinigami\ntuser.dat.LOG2
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/26 23:06:53 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/03/30 21:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 20:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/28 05:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 15:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 15:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/07 21:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/04/04 05:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/07 10:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/09/04 00:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shinigami\AppData\Roaming\BitTorrent
[2010/09/12 20:00:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/12 19:57:11 | 000,032,562 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/12 19:57:51 | 000,004,252 | ---- | M] () -- C:\aaw7boot.log
[2007/05/26 23:18:26 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 18:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2010/09/11 19:32:40 | 000,019,318 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 06:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/12 19:57:51 | 2451,374,080 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 19:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 19:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 19:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 19:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 19:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-04 00:52:33
< End of report >


OTL Extras:

OTL Extras logfile created on: 9/12/2010 9:15:05 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Shinigami\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.15 Gb Total Space | 56.03 Gb Free Space | 53.80% Space Free | Partition Type: NTFS
Drive D: | 7.64 Gb Total Space | 1.11 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHINIGAMI-PC
Current User Name: Shinigami
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC748185-365A-4AB4-AC47-D2380B994664}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A5E7EF-86FE-4E7D-9E4E-D3351B8DE336}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3E520578-73FC-4695-BF52-90E718418374}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{42322249-3FB8-4E8F-96CE-F68FBBC640FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B5D6D0D-B36A-4C43-8C88-A7D2D8AD35A1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8A72B648-1175-43E5-89A4-3925801E90DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9892B18A-AD5A-4AF4-9A5B-84E5EB93E54E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ADFE06B4-DFD4-4C99-9118-B3CFDDD1770C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C550A306-0628-43F2-A9C0-C5DAA60F04E9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E276846A-1E05-41AB-A115-7C69FDC5B5BE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F5CF0D19-0D73-45D0-9B65-0BA33F1B9B2F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{39911F6C-C01F-442C-AB13-6722879E0AD8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{89BD7E71-0A39-47B3-800A-11A29E076F02}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{FB44EA67-B876-4EAD-AB96-4B9C7F7339C3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0D58706F-0538-4961-9911-86F064201005}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{8FCFB5DC-600C-41D1-9D3C-7989E843F181}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{EC7DAAF9-9725-4132-8A65-0EFDBAC7C29E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EF3164C1-4AE9-43CB-AD7A-F1A9AD2DC065}" = HP User Guides 0060
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PERSONALR" = Microsoft Office Personal 2007 Subscription
"Rhapsody" = Rhapsody
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 1.1.0
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2010 8:00:05 AM | Computer Name = Shinigami-PC | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 8:07:14 AM | Computer Name = Shinigami-PC | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 8:26:25 AM | Computer Name = Shinigami-PC | Source = EventSystem | ID = 4609
Description =

Error - 9/11/2010 8:31:12 AM | Computer Name = Shinigami-PC | Source = Perflib | ID = 1008
Description =

Error - 9/11/2010 8:31:13 AM | Computer Name = Shinigami-PC | Source = PerfNet | ID = 2004
Description =

Error - 9/11/2010 8:31:13 AM | Computer Name = Shinigami-PC | Source = PerfNet | ID = 2002
Description =

Error - 9/12/2010 6:43:49 AM | Computer Name = Shinigami-PC | Source = Google Update | ID = 20
Description =

Error - 9/12/2010 6:50:57 AM | Computer Name = Shinigami-PC | Source = Google Update | ID = 20
Description =

Error - 9/12/2010 6:56:44 AM | Computer Name = Shinigami-PC | Source = Google Update | ID = 20
Description =

Error - 9/12/2010 7:48:39 AM | Computer Name = Shinigami-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c802ab2,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x32256d6f, process id 0x74c, application start time 0x01cb526aa21c0d5e.

[ System Events ]
Error - 9/2/2010 5:08:53 AM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/2/2010 6:04:24 PM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2010 2:14:05 AM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2010 2:53:01 AM | Computer Name = Shinigami-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 9/3/2010 5:22:54 AM | Computer Name = Shinigami-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 9/3/2010 8:47:22 PM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2010 9:12:47 PM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/4/2010 3:46:37 AM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/5/2010 5:33:22 AM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/5/2010 10:28:17 AM | Computer Name = Shinigami-PC | Source = Service Control Manager | ID = 7000
Description =

[ VeriSoft Events ]
Error - 7/12/2010 3:34:00 AM | Computer Name = Shinigami-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/13/2010 9:13:03 AM | Computer Name = Shinigami-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8/12/2010 7:01:55 AM | Computer Name = Shinigami-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/8/2010 6:01:33 PM | Computer Name = Shinigami-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/11/2010 5:47:14 AM | Computer Name = Shinigami-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.


< End of report >

Edited by jinsai, 12 September 2010 - 07:16 AM.

  • 0

Advertisements


#2
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi jinsai and sorry for the delay.

:) My name is krazzdav (pronounced crazy dave) :) and I will be helping you fix your problem.

If you have requested help elsewhere, please inform me so that one of the topics can be closed.
  • Please read all of my responses through at least once before attempting to follow the procedures described.
  • You may want to print each of my responses to make it easier to follow or save them as a text file on your desktop so that you can still access it because some steps may need to have your computer restarted or in safe mode with no internet access.
  • Do not attach any logs unless I specifically ask for them, rather just copy and paste the text in your replies.
  • If you have any questions or are unsure of a step, please don't guess what needs to be done but ask in a reply. :) This will help both of us in trying to get your computer back to normal sooner.
  • Please do not do any fixes, installs or uninstalls unless I specifically mention them here as this may cause the repair process to take longer.
  • Absence of symptoms does not always mean the computer is clean so please follow these steps until I give you an 'all clear' :)

Note: I am still in training here at Geeks to go! so there may be a delay between my replies as each one must be approved by a resident expert before I can post it to you.

Try and be patient and follow all the steps in the order provided and you will have your computer back in good working order. :)


If you haven't done this already, you may want to make sure that you are set to get notifications for this topic so that when I do reply you will get an email as well.
  • Towards the top of this topic you should see 3 buttons. You want to make sure the first button says "Stop watching topic". If it does NOT say "Stop watching topic", you want to click the button that says "Start watching topic" and it should change to say "Stop watching topic"
    Posted Image
  • Next click My Settings link towards the top of the board (see image above), click Notification Options, scroll down to where you see Topics & Posts and in the 2nd line where it says "Notification method to use for topic replies and reply digests" make sure there is a check mark in the first column for Email.
Posted Image





____________

(I also have a small notebook computer, but that one is having (different) problems as well, and I don't know why. The internet browsers on that computer are slow to open and only do so after multiple clicks. ARGH!)

We'll deal with this one after if you would like :)

I had to leave for work, so I shut everything down, pulled the plug and yanked the cord. No idea if that was the right thing to do or not.

That is a guaranteed way to make sure it doesn't boot but all you have to do is unplug the power cord when you aren't using it if it is a desktop computer and the battery as well if it is a laptop. :)


____________

Don't worry about GMER--lets try this one instead. :)

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Thanks,
krazzdav :)
  • 0

#3
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you so much for replying!

I downloaded RootRepeal, but I received an error message when I opened it to run it.

This is the first error message I received:

21:17:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)
21:17:49: DeviceIoControl Error! Error Code = 0x1e7
21:17:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)
21:22:27: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)
21:22:27: DeviceIoControl Error! Error Code = 0x1e7
21:22:27: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)


Then, when I went to try and run it anyways, I received these error messages:

Could not initialize driver! Please contact the author!
Error dumping SSDT (0xc0000024)!
Attempt to read from address: 0x00000004
DeviceIOControl Error! Error Code = 0x0
**Details of the last:
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: DeviceIoControl Error! Error Code = 0x0
21:28:54: Could not scan drive C (error 0xc0000024)
21:28:55: Could not scan drive D (error 0xc0000024)
21:28:59: Could not get the name for PID 4.
21:28:59: Could not get the name for PID 444.
21:28:59: Could not get the name for PID 576.
21:28:59: Could not get the name for PID 616.
21:28:59: Could not get the name for PID 628.
21:28:59: Could not get the name for PID 660.
21:28:59: Could not get the name for PID 676.
21:28:59: Could not get the name for PID 684.
21:28:59: Could not get the name for PID 752.
21:28:59: Could not get the name for PID 856.
21:28:59: Could not get the name for PID 908.
21:28:59: Could not get the name for PID 956.
21:28:59: Could not get the name for PID 1000.
21:28:59: Could not get the name for PID 1072.
21:28:59: Could not get the name for PID 1104.
21:28:59: Could not get the name for PID 1136.
21:28:59: Could not get the name for PID 1248.
21:28:59: Could not get the name for PID 1272.
21:28:59: Could not get the name for PID 1308.
21:28:59: Could not get the name for PID 1332.
21:28:59: Could not get the name for PID 1516.
21:28:59: Could not get the name for PID 1728.
21:28:59: Could not get the name for PID 1744.
21:28:59: Could not get the name for PID 320.
21:28:59: Could not get the name for PID 384.
21:28:59: Could not get the name for PID 2084.
21:28:59: Could not get the name for PID 2096.
21:28:59: Could not get the name for PID 2104.
21:28:59: Could not get the name for PID 2156.
21:28:59: Could not get the name for PID 2200.
21:28:59: Could not get the name for PID 2220.
21:28:59: Could not get the name for PID 2676.
21:28:59: Could not get the name for PID 2772.
21:28:59: Could not get the name for PID 2872.
21:28:59: Could not get the name for PID 2944.
21:28:59: Could not get the name for PID 2984.
21:28:59: Could not get the name for PID 3072.
21:28:59: Could not get the name for PID 3112.
21:28:59: Could not get the name for PID 3212.
21:28:59: Could not get the name for PID 3232.
21:28:59: Could not get the name for PID 3500.
21:28:59: Could not get the name for PID 3616.
21:28:59: Could not get the name for PID 3924.
21:28:59: Could not get the name for PID 1488.
21:28:59: Could not get the name for PID 852.
21:28:59: Could not get the name for PID 716.
21:28:59: Could not get the name for PID 580.
21:28:59: Could not get the name for PID 1796.
21:28:59: Could not get the name for PID 2444.
21:28:59: Could not get the name for PID 2652.
21:28:59: Could not get the name for PID 1268.
21:28:59: Could not get the name for PID 1064.
21:28:59: Could not get the name for PID 1700.
21:28:59: Could not get the name for PID 1692.
21:28:59: Could not get the name for PID 1764.
21:28:59: Could not get the name for PID 2400.
21:28:59: Could not get the name for PID 1544.
21:28:59: Could not get the name for PID 2728.
21:28:59: Could not get the name for PID 2608.
21:28:59: Could not get the name for PID 1988.
21:28:59: Could not get the name for PID 2620.
21:28:59: Could not get the name for PID 4236.
21:28:59: Could not get the name for PID 4900.
21:28:59: Could not get the name for PID 5840.
21:28:59: Could not get the name for PID 4608.
21:28:59: Could not get the name for PID 4492.
21:28:59: Could not get the name for PID 5964.
21:28:59: Could not get the name for PID 3460.
21:28:59: Could not get the name for PID 5680.
21:28:59: Could not get the name for PID 4968.
21:28:59: DeviceIoControl Error! Error Code = 0xc0000024
21:28:59: DeviceIoControl Error! Error Code = 0xc0000024
21:30:01: Warning - the number of SSDT entries from the kernel and the number on-disk are different (0 and 398).
21:30:01: DeviceIoControl Error! Error Code = 0x0
21:30:01: WARNING: The SSDT in our driver has been faked (0x00000250)!
21:30:01: DeviceIoControl Error! Error Code = 0x0
21:30:02: Could not get loaded modules!
21:30:02: DeviceIoControl Error! Error Code = 0x0
21:30:02: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000f0)
21:30:02: Could not read system registry! Please contact the author!
21:30:02: DeviceIoControl Error! Error Code = 0x0


Then I got a windows message saying the rootrepeal had stopped working and had been closed.


Yikes! I don't know what any of that means, other than it sounds scary. T_T What should I do?
  • 0

#4
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts

Yikes! I don't know what any of that means, other than it sounds scary. T_T What should I do?

:) Sometimes these programs are finicky with different computers and doesn't necessarily mean anything is bad.


____________


I am still reviewing your logs but would also like you to paste your C:\Combofix.txt log please.

You don't want to run a powerful program like that without guidance as it can damage your computer, make it inoperable or maybe even start up in the middle of the night. :) (just kidding about the last part--but it is a dangerous program to run.


____________


If you do not access your computer remotely go ahead and disable any wake function that may be set.

To do this you need to go into your BIOS.

  • Restart your computer and when it first boots up, look closely for a message informing you of the key you need to hit to enter setup. Usually this message will appear on the bottom-center or top-right of your screen. The message varies, but will look similar to, "Press the [key] to access the BIOS," or "Press [key] to enter set-up."
  • Once you see which key you need to press (a lot of the time will be the F2 key), press this key to enter the BIOS. If there is only a logo or picture you should be able to hit the escape key and then you will see the option to enter into your BIOS.
  • Every BIOS screen is different but you may see screens like these below.

    Posted Image


    Once you're in the BIOS, head to the Power management section and look for a Wake-on-LAN setting and any other "power on" or "resume" setting.
    If you find one, go ahead and make sure it's disabled, then save and exit your BIOS and start up your computer.

    Not all BIOS will have the same setting, it varies from board to board.
    Posted Image
    Posted Image





    To disable Wake-on-LAN in Windows, right-click My Computer (or Computer in Vista), select Properties, then click on Device Manager (in XP that's in the Hardware tab).
    [list]
  • Find your network card in the hardware list, right-click it and click Properties again.
  • First go to the Power Management tab and untick the checkbox next to Allow this device to wake the computer.
Posted Image


Now head to the Advanced tab, which is full of options for your network adapter. We're concerned with two options here.
  • The first is the Wake From Shutdown entry near the end of the list. Scroll down to it and change the value to Off.
  • The next setting is Wake-Up Capabilities (right below Wake From Shutdown), setting the value to None.
  • Hit OK and everything should be set so your computer shouldn't start up anymore from the Internet.
Posted Image


____________

Thanks :)
krazzdav
  • 0

#5
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry, this is probably a dumb question, but how do I run Combofix? I`ve never run it before, and I`m afraid I don`t live anywhere near someone I could ask personally. ^^; Any instructions/guidance would be welcome.


On a side note, I just wanted to alert you that I`ll be going away for a couple days, so I won`t be able to reply during that time. However, I very much appreciate your help and will follow your advice upon my return. Thank you!
  • 0

#6
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts

Sorry, this is probably a dumb question, but how do I run Combofix? I`ve never run it before, and I`m afraid I don`t live anywhere near someone I could ask personally. ^^; Any instructions/guidance would be welcome.


On a side note, I just wanted to alert you that I`ll be going away for a couple days, so I won`t be able to reply during that time. However, I very much appreciate your help and will follow your advice upon my return. Thank you!

I don't actually want you to run ComboFix but it was already done on your computer. Perhaps your friend that helped you fix your computer had already ran ComboFix. If you go to your C: drive there is a text file called ComboFix.txt Open that up and paste the contents of it please. :)

Thanks for letting me know you will be gone and let me know about the settings in your bios and the device manager settings.
  • 0

#7
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
AH! He had said he'd run a program, but not the name of it. Here is the combofix log:

ComboFix 10-09-09.04 - Shinigami 09/11/2010 19:15:54.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.1000 [GMT 9:00]
Running from: c:\users\Shinigami\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 10:22 . 2010-09-11 10:26 -------- d-----w- c:\users\Shinigami\AppData\Local\temp
2010-09-11 10:22 . 2010-09-11 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 10:06 . 2010-09-11 10:07 -------- d-----w- C:\32788R22FWJFW
2010-09-10 07:31 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-08 20:17 . 2010-09-08 20:17 -------- d-----w- c:\users\Shinigami\AppData\Roaming\Malwarebytes
2010-09-08 20:17 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 20:17 . 2010-09-08 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 20:17 . 2010-09-08 20:17 -------- d-----w- c:\programdata\Malwarebytes
2010-09-08 20:17 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 20:15 . 2010-09-08 20:15 -------- d-----w- c:\program files\ERUNT
2010-09-08 19:56 . 2010-09-08 19:56 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-08 19:56 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-08 19:55 . 2010-09-08 19:55 -------- d-----w- c:\users\Shinigami\AppData\Local\Sunbelt Software
2010-09-08 19:54 . 2010-09-08 19:54 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-08 19:53 . 2010-09-08 19:56 -------- d-----w- c:\programdata\Lavasoft
2010-09-08 19:53 . 2010-09-08 19:53 -------- d-----w- c:\program files\Lavasoft
2010-09-02 13:32 . 2010-09-02 13:34 -------- d-----w- c:\users\Shinigami\AppData\Local\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-07-14 12:53 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-14 12:53 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-14 12:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-14 12:54 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-14 12:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-14 12:54 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-07-14 12:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 12:36 . 2007-05-26 13:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-03 15:48 . 2010-08-08 10:07 -------- d-----w- c:\users\Shinigami\AppData\Roaming\BitTorrent
2010-08-12 12:32 . 2010-07-22 07:42 -------- d-----w- c:\users\Shinigami\AppData\Roaming\vlc
2010-08-12 12:16 . 2010-09-08 19:54 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-08 10:18 . 2010-08-08 10:18 -------- d-----w- c:\program files\BitTorrent
2010-07-29 22:20 . 2010-07-29 22:20 -------- d-----w- c:\users\Shinigami\AppData\Roaming\CyberLink
2010-07-21 07:05 . 2010-07-09 16:06 104952 ----a-w- c:\users\Shinigami\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 07:01 . 2007-05-26 13:52 -------- d-----w- c:\programdata\Microsoft Help
2010-07-21 06:39 . 2007-05-26 14:12 -------- d-----w- c:\program files\HP Games
2010-07-21 05:58 . 2007-05-26 14:19 -------- d-----w- c:\program files\Vongo
2010-07-14 12:55 . 2010-07-14 12:54 -------- d-----w- c:\program files\Google
2010-07-14 12:54 . 2010-07-14 12:54 -------- d-----w- c:\program files\VideoLAN
2010-07-14 12:53 . 2010-07-14 12:53 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-07-14 12:52 . 2010-07-14 12:52 -------- d-----w- c:\programdata\Alwil Software
2010-07-14 12:52 . 2010-07-14 12:52 -------- d-----w- c:\program files\Alwil Software
2010-07-13 14:11 . 2007-05-26 13:31 -------- d-----w- c:\programdata\Symantec
2010-07-13 14:11 . 2007-05-26 13:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 14:10 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-07-13 13:43 . 2007-05-26 12:52 -------- d-----w- c:\program files\CONEXANT
2010-07-13 13:43 . 2010-07-13 13:43 268800 ----a-w- c:\windows\system32\es.dll
2010-07-13 13:37 . 2010-07-13 13:37 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-07-13 13:37 . 2010-07-13 13:37 272384 ----a-w- c:\windows\system32\schannel.dll
2010-07-12 18:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-12 18:32 . 2010-07-12 18:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-07-12 18:32 . 2010-07-12 18:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-12 18:32 . 2010-07-12 18:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-07-12 18:32 . 2010-07-12 18:32 24064 ----a-w- c:\windows\system32\lpk.dll
2010-07-12 18:32 . 2010-07-12 18:32 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-07-12 18:32 . 2010-07-12 18:32 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-07-12 18:30 . 2010-07-12 18:30 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-07-12 18:27 . 2010-07-12 18:27 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-07-12 18:27 . 2010-07-12 18:27 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-07-12 18:27 . 2010-07-12 18:27 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-07-12 18:27 . 2010-07-12 18:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-07-12 18:27 . 2010-07-12 18:27 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-12 18:27 . 2010-07-12 18:27 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-12 18:26 . 2010-07-12 18:26 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-07-12 18:26 . 2010-07-12 18:26 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-07-12 18:26 . 2010-07-12 18:26 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-07-12 18:25 . 2010-07-12 18:25 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-07-12 18:25 . 2010-07-12 18:25 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-07-12 18:25 . 2010-07-12 18:25 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-07-12 18:24 . 2010-07-12 18:24 15360 ----a-w- c:\windows\system32\netevent.dll
2010-07-12 18:24 . 2010-07-12 18:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-07-12 18:24 . 2010-07-12 18:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-07-12 18:24 . 2010-07-12 18:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-07-12 18:24 . 2010-07-12 18:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-07-12 18:24 . 2010-07-12 18:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-07-12 18:24 . 2010-07-12 18:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-07-12 18:24 . 2010-07-12 18:24 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-12 18:24 . 2010-07-12 18:24 10240 ----a-w- c:\windows\system32\finger.exe
2010-07-12 18:23 . 2010-07-12 18:23 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-07-12 18:23 . 2010-07-12 18:23 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-07-12 18:23 . 2010-07-12 18:23 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-07-12 18:23 . 2010-07-12 18:23 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-07-12 18:23 . 2010-07-12 18:23 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-07-12 18:23 . 2010-07-12 18:23 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-07-12 18:23 . 2010-07-12 18:23 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-07-12 18:23 . 2010-07-12 18:23 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-07-12 18:23 . 2010-07-12 18:23 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-07-12 18:23 . 2010-07-12 18:23 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-07-12 18:23 . 2010-07-12 18:23 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-07-12 18:22 . 2010-07-12 18:22 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-07-12 18:22 . 2010-07-12 18:22 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-07-12 18:22 . 2010-07-12 18:22 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-07-12 18:22 . 2010-07-12 18:22 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-07-12 18:22 . 2010-07-12 18:22 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-07-12 18:22 . 2010-07-12 18:22 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-07-12 18:21 . 2010-07-12 18:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-07-12 18:21 . 2010-07-12 18:21 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-07-12 18:21 . 2010-07-12 18:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-07-12 18:21 . 2010-07-12 18:21 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-07-12 18:20 . 2010-07-12 18:20 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-12 18:20 . 2010-07-12 18:20 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-12 18:20 . 2010-07-12 18:20 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-12 18:20 . 2010-07-12 18:20 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-12 18:20 . 2010-07-12 18:20 7680 ----a-w- c:\windows\system32\lsass.exe
2010-07-12 18:20 . 2010-07-12 18:20 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-12 18:20 . 2010-07-12 18:20 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-12 18:20 . 2010-07-12 18:20 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-12 18:20 . 2010-07-12 18:20 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-12 18:19 . 2010-07-12 18:19 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-07-12 18:19 . 2010-07-12 18:19 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-07-12 18:19 . 2010-07-12 18:19 2855424 ----a-w- c:\windows\system32\mf.dll
2010-07-12 18:19 . 2010-07-12 18:19 98816 ----a-w- c:\windows\system32\mfps.dll
2010-07-12 18:19 . 2010-07-12 18:19 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-07-12 18:19 . 2010-07-12 18:19 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-07-12 18:19 . 2010-07-12 18:19 2048 ----a-w- c:\windows\system32\mferror.dll
2010-07-12 18:18 . 2010-07-12 18:18 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-07-12 18:18 . 2010-07-12 18:18 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-12 18:15 . 2010-07-12 18:15 71680 ----a-w- c:\windows\system32\atl.dll
2010-07-12 18:14 . 2010-07-12 18:14 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-07-12 18:14 . 2010-07-12 18:14 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-07-09 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-07-12 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-26 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2006-10-26 59184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP12.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 aswSP;aswSP; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 12:54]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 12:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Shinigami\AppData\Roaming\Mozilla\Firefox\Profiles\rf0dt08n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 19:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_avast5_\unp26025935.tmp 827956 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2944)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-09-11 19:32:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 10:32

Pre-Run: 60,316,397,568 bytes free
Post-Run: 59,991,920,640 bytes free

- - End Of File - - 96B34F5F43F7487688EF13085999C1B0
  • 0

#8
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi, wanted to let you know I'm back from my trip!

I'm struggling with getting into the Bios (the F2 button didn't work) but I did as you said on the device manager settings. The power management tab was unchecked, but the two under the Advanced tab were both on. I've switched both of them to off and none, as instructed.

I look forward to hearing from you again!
  • 0

#9
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts

Hi, wanted to let you know I'm back from my trip!

Hope you had a good time. :D

What model of computer do you have and I will try and see how you should be able to get into the BIOS? Also what does your computer look like/do on the screen when it first starts?

In the mean time try and keep tapping the Esc key when you start your computer and see if it will show you how to get into the BIOS/startup.

I see another common one for newer HP computers is F10...
  • 0

#10
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have a HP Pavilion dv2000. F10 took me into a black with white text boot set-up screen. It then gave me the choice of clicking on the operating system. Does that sound right? I didn't see any actual BIOS title however.

(And I had a great time, thank you. :D )
  • 0

Advertisements


#11
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi jinsai,

To open the BIOS Setup screen:

1.
Turn off the computer and wait five seconds.
2.
Turn on the computer.
3.
When the first screen displays, immediately press the F10 key if your computer was built in 2006 or later (came with Vista or Windows 7). Press the F1 key if your computer was built before 2006 (XP or earlier). Press the key once every second until a BIOS Setup utility screen opens.


According to HP all you have to do is hit F10 as soon as you turn on your computer and just keep tapping it until you get into the BIOS. (it usually is just named setup) If F10 still doesn't work try F1 though this should only be for older models that originally came w/ XP.

You should then come to a screen similar to this--
Posted Image


and you want to use your right arrow button to navigate to the Power Tab that looks similar to this--
Posted Image


If we still can't get into the BIOS we will just continue :D

krazzdav
  • 0

#12
jinsai

jinsai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, so, when I shut-down the computer (instead of restarting) I was able to get into BIOS Set-up by hitting F10.

It took me to a screen with these options: Main, Security, System Configuration, Diagnostics, and Exit.

There was nothing really under the main category so I went to System Configuration. There was the sub-categories were: Language, Button Sound, Virtualization Technology, and Boot Options.

I went to Boot Options and had this displayed for me:
CD Rom Boot [Enabled]
Floppy Boot [Enabled]
Internal Network Adapter Boot [Disabled]


...so, I'm assuming that last one was it?
  • 0

#13
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi jinsai ;)

Internal Network Adapter Boot

This is if you wanted to start your computer getting information from a network/global system and isn't typically used. Feel free to browse around all of the different menu's and subcategories and see if you find anything. From what you listed there may not be any other selections in the BIOS.

That being said I don't see anything that would really cause your computer to start automatically unless you didn't actually shut down completely. There is the hibernate and sleep options also. If you were in hibernate or sleep and a scheduled scan ran, your computer would 'start back up'.

Clicking the power Posted Image button Posted Image is only putting your computer to Sleep by default. (This applies both to the physical power button and to its software counterpart)

These are the basic differences between the three--
Shutdown completely powers off your computer.
Sleep energy-saving mode that stores the information in RAM, thus complete loss of power means loss of unsaved data.
Hibernate saves the contents of memory into a physical file called hiberfil.sys, thus you would not lose unsaved data in a power outage.

Posted Image


If you prefer to always have Windows shut down instead of sleeping when you click the Power button (or its physical counterpart), you can change the button's default setting:
  • Open Power Options by clicking the Start button Picture of the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking Power Options.
  • On the Select a power plan page, click Change plan settings under the selected plan.
  • On the Change settings for the plan page, click Change advanced power settings.
  • On the Advanced settings tab, expand Power buttons and lid, expand Start menu power button, and then do one of the following:
    • If you are using a mobile PC, click On battery or Plugged in (or both), click the arrow, and then click Sleep, Hibernate, or Shut Down.
    • If you are using a desktop computer, click Setting, click the arrow, and then click Sleep, Hibernate, or Shut Down.
  • Click OK, and then click Save changes.

Posted Image



____________

Ok now let's do some stuff ;)


Step .One

Your Java is out of date which can leave your computer open to vulnerabilities and reinfection.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step .Two

Posted Image
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/09/11 19:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/07/10 00:58:49 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
    
    :Files
    type C:\autoexec.bat /c
    type D:\AUTOMODE /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, if the program doesn't do it on it's own, reboot the PC when it is done. Save the file as Fixed.txt to your desktop and post the contents in your next reply.



Step .Three

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Close all open Windows including this one.
  • Open notepad and copy/paste the text in the codebox below into it:

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step .Four

Start RootRepeal again
  • Double click Posted Image to start the program
    • Click on Settings at the top
    • In the General Tab move the Disk Access Level pointer to Special Level
    • Click the red X in the top right to close this window

      Posted Image

  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the Attach This File button
  • Once it has uploaded, click Add to Post


NOTE--If you still receive errors running RootRepeal, please go back to the settings option and select Middle Level; If that is still giving you problems running please select High Level
Please post all error messages you receive so we can trouble shoot why it's not running properly.


Step .Five

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Users\Shinigami\AppData\Local\d3d9caps.dat
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.






____________

In your next reply please post the new ComboFix log, the RootRepeal log and any errors, the OTL log and the scan results for the file.


Thanks,
krazzdav :D
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#15
krazzdav

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
:D Hi jinsai,

I was told you returned....go ahead and continue from the last post--#13 ;)

thanks,
krazzdav
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP