Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue screen bootup


  • Please log in to reply

#1
pjgoodman2

pjgoodman2

    Member

  • Member
  • PipPip
  • 64 posts
I don't know if this is a malware problem, but I figured I should start here.

I started getting a blue screen error message at bootup and now can only boot my computer in the Windows (Recovered) mode. I am also unable to access Windows explorer files (says I don't have a file associated with command and to create a file association) and my disc drives/burner no longer works. I had been having problems and attempted a clean install of the Windows 7 using the reinstall disk that came with my computer. The blue screen I get is this:

“A problem has been detected and Windows has been shut down to prevent damage to your computer.
If this is the first time you’ve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run chkdsk /F to check for hard drive corruption, and then restart your computer.”
Technical information:
***STOP: 0x0000007B (0xFFF880009A9928, 0xFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

I can't run a chkdsk or boot in safe mode, as the above screen appears and I can go no further.

My OTL log is this:

OTL logfile created on: 3/7/2011 12:55:50 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.58 Gb Total Space | 391.74 Gb Free Space | 85.80% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/06 14:45:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2011/03/05 19:17:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 09:41:13 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2011/02/16 09:41:13 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2011/02/03 18:08:28 | 001,898,208 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2011/01/30 18:56:06 | 001,573,720 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/30 21:03:26 | 013,473,408 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe
PRC - [2010/08/10 21:42:21 | 002,842,288 | ---- | M] () -- C:\Users\Public\New Tier\CommunicatorV3\tray_stub_v3.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/05/01 11:24:33 | 001,512,448 | ---- | M] (Michel Krämer) -- C:\Program Files (x86)\Spamihilator\spamihilator.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/14 15:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010/01/14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010/01/06 16:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/12 01:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/06 14:45:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/01/14 15:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFWAH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/04/10 16:25:46 | 000,342,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/02/16 10:36:28 | 000,745,476 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe -- (MSRSService)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/01/07 18:44:02 | 001,143,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe -- (SynchronizationService.exe)
SRV - [2010/01/06 16:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 01:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/07 16:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/01/06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/12/28 00:26:53 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/26 18:02:20 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/22 16:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/03/15 07:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 15:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 15:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/02/11 10:04:54 | 000,130,696 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/01/14 15:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 15:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 15:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/01/07 18:42:20 | 000,074,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\bdisk.sys -- (bdisk)
DRV - [2010/01/07 18:41:34 | 000,140,760 | ---- | M] (COMODO Security Solutions Inc.) [File_System | Boot | Running] -- C:\Windows\sysWOW64\DRIVERS\CBUFS.sys -- (CBUfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 97 02 5A 8D BD CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/22 16:19:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/23 03:00:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:17:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:17:39 | 000,000,000 | ---D | M]

[2011/01/26 09:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/17 15:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 09:56:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/08 08:09:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010/11/05 20:44:18 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/11/06 08:38:19 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober83700994.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Aston2] C:\Program Files\Aston2\Aston2.exe (Gladiators Software)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 17:48:27 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2011/03/04 17:48:27 | 000,000,000 | ---D | C] -- \$WINDOWS.~LS
[2011/03/04 17:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/02/26 06:53:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2011/02/25 14:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/23 15:15:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/02/23 14:05:25 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/02/23 12:28:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/02/23 12:19:57 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/02/23 12:19:22 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/02/23 10:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/02/23 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/22 15:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quick Recovery for Incredimail - Trial Version
[2011/02/22 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Recovery
[2011/02/16 10:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSRS Recording System
[2011/02/15 10:09:08 | 000,000,000 | ---D | C] -- C:\Conduit
[2011/02/15 10:09:08 | 000,000,000 | ---D | C] -- \Conduit
[2011/02/15 10:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/13 11:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2 C:\*.tmp files -> C:\*.tmp -> ]
[2 \*.tmp files -> \*.tmp -> ]
[2 \*.tmp files -> \*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/07 00:55:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 00:50:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 00:50:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 00:43:59 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/03/07 00:43:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/07 00:43:46 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/07 00:42:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/07 00:42:39 | 509,452,287 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 14:05:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2011/03/06 12:20:30 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/03/04 18:18:14 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (weekly).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/03/04 18:00:49 | 000,026,380 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/03/04 18:00:49 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/03/04 17:28:19 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft IntelliType Pro.lnk
[2011/03/04 17:26:28 | 000,419,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/04 17:13:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/03/04 09:57:35 | 000,743,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/04 09:57:35 | 000,634,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/04 09:57:35 | 000,111,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/03 20:29:59 | 000,000,272 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/02/28 08:21:15 | 000,001,439 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/28 08:11:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/28 08:11:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/25 20:08:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/02/25 14:43:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/25 08:33:17 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/02/23 10:58:24 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/23 10:58:10 | 000,756,668 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/23 10:45:21 | 000,932,096 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/02/16 09:42:11 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011/02/16 09:42:11 | 000,002,007 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/02/13 11:11:08 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 18:18:14 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (weekly).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/03/04 17:28:19 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft IntelliType Pro.lnk
[2011/03/04 17:13:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/03/04 16:53:33 | 000,026,380 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/03/04 16:53:33 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/03/02 14:02:06 | 000,000,272 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/03/02 14:02:06 | 000,000,272 | -H-- | C] () -- \aaw7boot.cmd
[2011/02/28 08:11:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/28 08:11:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/25 20:08:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/02/23 12:21:26 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/02/23 12:18:32 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/02/23 12:18:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/02/23 12:18:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/02/23 12:17:41 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/02/23 10:58:24 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/23 10:58:10 | 000,756,668 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/23 10:57:58 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/13 11:11:13 | 000,031,112 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2011/02/13 11:11:12 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2011/02/13 11:11:08 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2010/12/22 16:18:12 | 000,002,012 | ---- | C] () -- C:\Program Files (x86)\DriversHQ.DriverDetective.Client.InstallState
[2010/11/06 08:19:22 | 000,000,970 | ---- | C] () -- \File Shredder.lnk
[2010/08/11 06:19:19 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010/07/16 09:09:53 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/17 08:05:23 | 000,004,305 | ---- | C] () -- C:\Windows\unins000.dat
[2010/05/07 17:32:20 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/07 17:32:19 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/05/07 17:32:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/07 17:32:17 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/05/07 17:32:16 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/05/04 13:33:38 | 002,097,152 | ---- | C] () -- C:\Windows\SysWow64\drivers\CTMMOUNT.sys
[2010/05/04 13:33:38 | 002,097,152 | ---- | C] () -- C:\Windows\SysWow64\drivers\CTMFLT.sys
[2010/05/04 13:33:37 | 002,097,152 | ---- | C] () -- C:\Windows\SysWow64\drivers\CTMSHD.sys
[2010/05/04 07:48:06 | 000,142,456 | ---- | C] () -- C:\Windows\hpwins10.dat
[2010/05/04 07:48:06 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2010/05/01 13:57:31 | 2110,926,847 | -HS- | C] () --
[2010/05/01 13:57:29 | 509,452,287 | -HS- | C] () --
[2010/01/07 18:42:20 | 000,074,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdisk.sys
[2009/10/30 16:36:37 | 000,004,728 | RH-- | C] () -- \dell.sdr
[2009/08/13 20:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/04 18:18:14 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Scan (weekly).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2011/03/04 18:18:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2011/03/07 00:43:59 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011/03/07 00:43:46 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/03/06 12:20:30 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2009/07/14 00:08:49 | 000,031,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 00:08:49 | 000,028,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU[1].TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0656FCD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP