Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue screen of death and redirects


  • Please log in to reply

#1
PaulG!

PaulG!

    Member

  • Member
  • PipPip
  • 80 posts
Hello! My laptop is screwed up pretty bad; every time, on start up, only a blue screen appears with the 'Windows has detected a problem...' (or whatever it says). I can only start it if I use my Reatogo CD, then I can't connect to the internet (I'm sending this email from work). I ran the OTL that is on the Reatogo desktop (OTLPE?); here is the log it produced:

******************************************************************************************************
OTL logfile created on: 6/27/2011 4:00:10 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.70 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.11 Gb Free Space | 56.54% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/08 15:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 14:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 11:11:10 | 000,000,000 | ---D | M]

[2011/05/08 12:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/27 14:19:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/16 18:35:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 13:40:33 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\Paul_G!_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.444p - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mpng - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E74478E4-6D75-4B05-8D11-5E61F74A5CE1} - NoIE8Tour
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{7DD169D2-DA73-484D-AF90-EBC90AA15A56} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 14:22:18 | 003,082,400 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Paul G!\Desktop\install_flash_player.exe
[2011/06/21 11:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/16 04:25:08 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 06:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gG06501DcGeL06501
[2011/06/14 04:04:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2011/06/12 14:42:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 14:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 14:42:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 14:40:31 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul G!\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/12 13:49:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/06 01:14:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/04 21:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/06/04 19:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/02 11:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/06/02 11:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/02 02:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul G!\Desktop\RK_Quarantine
[2011/06/01 12:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\AppleWIPort
[2011/06/01 03:25:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\Administrative Tools
[2011/06/01 03:24:24 | 004,113,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul G!\Desktop\ComboFix.exe
[2011/05/31 11:42:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/31 04:37:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 14:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 14:47:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 14:22:28 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Paul G!\Desktop\install_flash_player.exe
[2011/06/27 14:19:10 | 000,069,987 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/06/27 14:19:08 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 14:18:45 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/27 04:51:08 | 000,005,837 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/06/26 02:09:13 | 000,013,604 | -HS- | M] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\87pv7k70panvl6a
[2011/06/26 02:09:13 | 000,013,604 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\87pv7k70panvl6a
[2011/06/21 11:12:12 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/21 11:12:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/16 04:29:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 14:42:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 14:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 14:40:31 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul G!\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/10 12:42:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/06 01:15:52 | 004,113,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul G!\Desktop\ComboFix.exe
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 11:12:12 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/21 11:12:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/21 01:36:01 | 000,013,604 | -HS- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\87pv7k70panvl6a
[2011/06/21 01:36:01 | 000,013,604 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\87pv7k70panvl6a
[2011/06/12 14:42:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 09:07:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/12 09:07:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/12 09:07:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/12 09:07:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/12 09:07:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/14 01:00:37 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,014,848 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,837 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/06/14 06:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gG06501DcGeL06501
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %temp%\smtmp\*.*

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 12:40:05 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 12:18:31 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2003/07/16 12:40:05 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ntoskrnl.exe
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/01/14 16:40:17 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ntoskrnl.exe
[2009/04/15 22:19:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2009/12/09 00:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2008/08/14 06:00:45 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=21C91DA9CB53AA8A37041BA9684A8458 -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 16:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=472059774023F80EB7227EAF9A7ACDA1 -- C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2005/03/01 20:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\$NtUninstallKB956841_0$\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\system32\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2009/08/04 21:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2010/04/27 09:50:44 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=A2ABBEC40CDB57454645D06B7EBD22F5 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2004/08/04 02:19:59 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2008/08/14 05:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- C:\WINDOWS\$NtUninstallKB981852$\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2009/02/07 19:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/04 03:56:46 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\*.* >
[2009/01/13 17:20:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/14 16:54:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/16 20:51:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/06/06 01:48:26 | 000,023,573 | ---- | M] () -- C:\ComboFix.txt
[2009/01/13 17:20:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/23 21:19:22 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2011/01/23 21:19:22 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2009/01/13 17:20:01 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2009/01/13 17:20:01 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2009/01/14 16:46:10 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2009/04/15 22:24:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/26 22:48:22 | 000,036,536 | ---- | M] () -- C:\OTL.Txt
[2011/06/27 14:18:29 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2011/04/15 18:56:27 | 000,039,216 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.04.2011_18.55.14_log.txt
[2011/04/28 17:33:49 | 000,037,714 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_17.32.52_log.txt
[2011/04/30 13:21:00 | 000,037,714 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_30.04.2011_13.19.56_log.txt
[2011/04/30 15:24:17 | 000,002,142 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_30.04.2011_15.24.14_log.txt

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Paul G!\Local Settings\Application Data\kgg.exe" -a "C:\Program Files\internet explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 12:30:45 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/27 14:19:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 14:19:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Paul G!\Local Settings\Application Data\kgg.exe" -a "C:\Program Files\internet explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 12:30:45 | 000,094,208 | ---- | M] (Microsoft Corporation)

< CREATERESTOREPOINT >


< End of report >

******************************************************************************************************

Can someone please help me? Before the 'blue screen of death' showed up, I was getting redirects (to a 'wordslife' website among others) and anytime I did a search for something and clicked on the link, it would redirect me to somewhere else (not wordslife necessarily). If I highlight the address in the search result and paste that into the address bar, 90% of the time it will go to the correct page. Most recently while on a website, a phantom advertisement could be heard, but no window shows up. I ran Malwarebytes when the problem got unbearable (it worked once before) and during the mandatory restart, the blue screen of death problem started.

Please help me get back up and running because I have no idea what's going on (the IT guy at work just wants me to wipe the laptop clean and start again using ubuntu (sp?), and I'd rather not do this because I have important files on the computer).

I greatly appreciate your time!
PaulG!
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello PaulG!,

The log shows quite a few variations of things, but difficult to nail down exactly where the current bootup problem lies. The log also shows you ran ComboFix, and it created a backup, that we might use to undo the more recent, problematic changes there. Do you have, or can borrow, an XP install CD, that we can use to access the Recovery Console? I am not familiar with Reatogo CD, so wouldn't know if it provides this access.
  • 0

#3
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hi, thanks for helping!

I'm not sure if I can get an XP install disc; I'll ask around the office today. In the meantime, I'll do some research on Reatogo, see if I can get back to the recovery point (I didn't know one was created). I made the Reatogo disc at the request of the last G2G person who helped with a previous problem; I'm thinking that problem didn't get completely resolved and is rearing it's ugly head again.
Thanks again for the reply!
PaulG!
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The log shows the use of ComboFix there. Did you allow it to install the Recovery Console? This would show as a new bootup screen, which would include that as one of the boot options.
  • 0

#5
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Thank you! You pointed me in the right direction; I started it using the last known settings option (I swear it wasn't there before!).

Another problem is the desktop isn't showing all my icons but is otherwise working normally. When trying to connect to the internet, the Explorer icon doesn't work; I have to go into the start menu and open the Dell Solution Center, then type the address. Also, while I'm connected, I keep hearing an audio voice saying: "Congratulations, you won!" or some kind of audio commercial but no apparent window showing on the bottom toolbar.

I downloaded and ran OTL, here is the log it produced:

*****************************************************************************************

OTL logfile created on: 11/7/2011 7:52:11 PM - Run 14
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul G!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 142.34 Mb Available Physical Memory | 27.84% Memory free
863.93 Mb Paging File | 522.68 Mb Available in Paging File | 60.50% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.86 Gb Free Space | 47.93% Space Free | Partition Type: NTFS

Computer Name: THEPOWER | User Name: Paul G! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 19:51:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL(1).exe
PRC - [2011/10/01 13:35:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:08 | 001,056,256 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/01 13:35:17 | 001,833,944 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/25 21:14:08 | 006,277,280 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/06/20 03:03:50 | 000,913,408 | -H-- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2005/12/19 09:08:30 | 000,757,760 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 02:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 07:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 18:34:34 | 000,049,904 | -H-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/08 14:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 13:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 15:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 09:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 11:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 11:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 11:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 11:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 11:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 13:35:18 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 00:12:02 | 000,000,000 | -H-D | M]

[2009/04/21 20:40:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Extensions
[2011/10/14 00:00:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions
[2010/08/13 13:04:13 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/01 13:30:57 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/30 20:58:28 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/05/08 11:46:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 17:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 17:35:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 13:35:18 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/16 17:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 13:35:15 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/16 02:10:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C93B559-9097-4136-80EC-0C971478975B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 16:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 19:51:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL(1).exe
[2011/10/16 02:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul G!\Desktop\GooredFix Backups
[2011/10/16 02:33:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Paul G!\Desktop\GooredFix.exe
[2011/10/16 02:10:16 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/16 02:09:07 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTM.exe
[2011/10/16 01:01:05 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/10/16 00:54:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/10/16 00:21:42 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/10/16 00:18:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul G!\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/15 14:36:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/10/15 12:44:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\System Restore
[2011/10/14 11:04:02 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul G!\Desktop\TDSSKiller.exe
[2 C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp -> ]
[10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 19:51:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL(1).exe
[2011/11/07 19:48:21 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 19:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/20 00:10:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahd.sys
[2011/10/19 23:58:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/19 22:29:06 | 000,000,376 | -H-- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/16 02:54:07 | 000,717,312 | ---- | M] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller(1).exe
[2011/10/16 02:35:02 | 001,541,014 | ---- | M] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller(1).zip
[2011/10/16 02:34:06 | 000,005,889 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/10/16 02:33:50 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Paul G!\Desktop\GooredFix.exe
[2011/10/16 02:10:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/16 02:09:08 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTM.exe
[2011/10/16 00:21:48 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 00:19:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul G!\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/15 14:38:43 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/15 14:37:39 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/15 14:37:38 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/15 14:37:37 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/15 14:35:27 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/10/15 14:34:45 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/15 14:34:22 | 000,199,344 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 12:54:30 | 000,433,346 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/15 12:54:30 | 000,068,136 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/15 12:50:10 | 000,007,054 | -H-- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/15 12:47:02 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/15 12:44:34 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\System Restore.lnk
[2011/10/14 11:04:02 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul G!\Desktop\TDSSKiller.exe
[2 C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Paul G!\Local Settings\Application Data\*.tmp -> ]
[10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/20 00:10:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahd.sys
[2011/10/16 02:54:07 | 000,717,312 | ---- | C] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller(1).exe
[2011/10/16 02:34:54 | 001,541,014 | ---- | C] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller(1).zip
[2011/10/16 00:21:48 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 14:37:38 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/15 14:37:38 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/15 14:37:36 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/15 12:44:34 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\System Restore.lnk
[2011/10/15 12:44:21 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/09/18 00:26:06 | 000,270,848 | -H-- | C] () -- C:\WINDOWS\unwise.exe
[2011/09/18 00:22:29 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/09/18 00:22:07 | 000,000,217 | -H-- | C] () -- C:\WINDOWS\KA.INI
[2011/08/13 23:14:30 | 000,007,054 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/12 08:07:51 | 000,256,000 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/12 08:07:51 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/12 08:07:51 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/05/12 08:07:51 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/05/12 08:07:51 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2010/11/14 00:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 01:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 20:14:44 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 20:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 20:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 17:58:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/16 23:21:06 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 17:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 20:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 20:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 19:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 19:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 19:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 19:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 19:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 20:39:45 | 000,005,889 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 16:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 14:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 14:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 14:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 15:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 14:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 13:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 13:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 13:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 16:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 16:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 11:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 11:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 11:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 11:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 11:43:13 | 001,033,728 | -H-- | C] () -- C:\WINDOWS\expl.dat
[2003/07/16 11:43:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\winl.dat
[2003/07/16 11:43:13 | 000,014,336 | -H-- | C] () -- C:\WINDOWS\System32\svch.dat
[2003/07/16 11:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 11:35:06 | 000,433,346 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 11:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 11:35:03 | 000,068,136 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 11:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 11:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 11:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 11:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 11:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/13 18:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/10/20 00:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\gE02401HaPiL02401
[2010/10/08 17:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 17:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/30 20:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 17:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 21:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket

========== Purity Check ==========



< End of report >

***************************************************************************************

I suppose this log is similar to the other one but you can read this stuff, I can't.lol

I appreciate your time and any suggestions you may have to fix whatever is going on.
Thanks,
PaulG!
  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I hadn't offered Last Known Good, though in hindsight, sure should have. Audio oddities like you hear suggest rootkit activity.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
  • 0

#7
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hi Jintan, thanks for your time!
OK, no problems dl the programs or running them; here are the logs:

*************************************************************************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-09 17:39:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AH rev.006C
Running: 7ytwq1eu.exe; Driver: C:\DOCUME~1\PAULG!~1\LOCALS~1\Temp\uwliipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF808A360, 0x1DF4AD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[272] Explorer.EXE 0101A55F 12 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x44; PUSH ESI; PUSH EDI; PUSH 0x10}
.text C:\WINDOWS\Explorer.EXE[272] Explorer.EXE 0101A56C 22 Bytes CALL 0100FA8F C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[272] Explorer.EXE 0101A583 13 Bytes [15, 18, 11, 00, 01, 50, E8, ...] {ADC EAX, 0x1001118; PUSH EAX; CALL 0xfffffffffffffb74; PUSH 0x10}
.text C:\WINDOWS\Explorer.EXE[272] Explorer.EXE 0101A591 15 Bytes [F0, 59, 33, C0, 8D, 7D, C0, ...]
.text C:\WINDOWS\Explorer.EXE[272] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B4464B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0063464B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00154673
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00154673
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] ws2_32.dll!send 71AB4C27 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 7FF91A15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] ws2_32.dll!recv 71AB676F 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1392] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 7FF91B07
.text C:\Program Files\internet explorer\iexplore.exe[2540] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00154673
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00154673
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3544] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\internet explorer\iexplore.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.15 ----


*************************************************************************


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-09 17:42:29
-----------------------------
17:42:29.767 OS Version: Windows 5.1.2600 Service Pack 3
17:42:29.767 Number of processors: 1 586 0xD06
17:42:29.767 ComputerName: THEPOWER UserName: Paul G!
17:42:31.029 Initialize success
17:43:35.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:43:35.212 Disk 0 Vendor: FUJITSU_MHT2040AH 006C Size: 38154MB BusType: 3
17:43:37.274 Disk 0 MBR read successfully
17:43:37.274 Disk 0 MBR scan
17:43:37.274 Disk 0 Windows XP default MBR code
17:43:37.295 Disk 0 scanning sectors +78140160
17:43:37.535 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:26.856 Service scanning
17:44:28.658 Modules scanning
17:45:07.865 Disk 0 trace - called modules:
17:45:07.905 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:45:07.915 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f91ab8]
17:45:07.915 3 CLASSPNP.SYS[f8656fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fa94d0]
17:45:07.915 Scan finished successfully
17:48:05.230 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul G!\Desktop\MBR.dat"
17:48:05.230 The log file has been saved successfully to "C:\Documents and Settings\Paul G!\Desktop\aswMBR.txt"



*************************************************************************


When I showed the hidden files and folders, I got my desktop icons back but they are kind of look like ghosts (I can see the background through them) but otherwise work fine.
Thanks again for the instruction!
PaulG!
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Something seems to be running background communications within Internet Explorer, but a lot of Yahoo activity then as well.

Malware has caused folders to be hidden. Look in the C:\Documents and Settings\Paul G!, as well as spot check a few others, and see if see any more of these ghost icons.


Go to Start > Run and type:

cmd.exe

and OK. At the prompt type or copy/paste each of the following, pressing Enter after each:

cd "C:\Documents and Settings\Paul G!"

attrib /s /d -h Desktop


In the still open command console window and type exit and press Enter to close that. Then check those desktop folders.

As a mention - Paul G!. Try to avoid the use of spaces, or special characters in user names. Can cause problems with security softwares, or automated functions that do not pick up the space or special character.

----------

Do you know what this file is, or what created it?

[2011/10/20 00:10:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahd.sys

I suspect it was created by Malwarebytes removing something, but better to not guess. If you do not know what the file is, please go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following files on your computer.

C:\WINDOWS\System32\drivers\oahd.sys

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

-----------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Delete any existing copies, and download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#9
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hi,

When I did the Start > Run thing, both times I hit 'enter', I got some kind of error message (something along the lines of: what we were trying to do wasn't getting done).

I didn't know about the spaces/special characters, in the future I won't include them in my user names. Is there a good way of me changing my current user name? Should I just create another one and delete the existing one?

I don't know what that file is. Anytime I click on a link, I get redirected. The way around this is to copy the address directly into the address bar. Can you paste the address of the link you want me to submit that file to?

I don't think I have any AV software running; ComboFix is either freezing, or my laptop is reeeeaaaaalllly slow. I let it run overnight until lunch (about 12 hours)...the laptop's screen went to screen saver mode (it just turned off, moving the mouse usually wakes it) and I couldn't get it to respond so I held the power button to restart. I tried again several times, including once in safe mode (over two hours before I decided to restart), with the same results. Running ComboFix in the past has usually been this difficult (I don't recall a specific thing I did to it in the past in order to get it to run successfully).

Overall, the laptop is running a little slow, just enough to be noticeable. A few weeks ago I tried to follow the G2G on how to fix google redirects, and that is when I first got the blue screen on startup. I'm going to be traveling this weekend, first back to my house 3 hours away, then a 3.5 hr flight to Salt Lake City, where I'll be for 2 weeks. I always take this laptop with me so I can email family and watch movies, so I will be able to continue to work with you, but this weekend, it might be tough for me to reply, but believe me, I will try! I really appreciate all the time you have (and will) put into helping me, I will do my best not to waste it! I am awaiting further instruction...lol

I hope you have a good weekend!
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The address of the upload site is:

hxxp://www.thespykiller.co.uk/index.php?board=1.0

Just change the "hxxp" to "http".

If you can, these would also be good to check. You can zip the folders, and upload the zipped files.

[2011/10/15 14:37:38 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/15 14:37:38 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

[2011/10/15 12:44:21 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/20 00:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\gE02401HaPiL02401

At that SpyKiller site, just click the "(more attachments)" next to the Browse button to upload more than one file. But DO NOT spend time trying to complete these uploads, if they become problematic.

Bit surprised aswMBR isn't picking up this type of malware activity.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.
  • 0

Advertisements


#11
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hi Jintan,
I'm having some trouble connecting to the hotels' wireless reliably (I'm not sure if it's related to my laptop's problem). Most of the attempts direct me to a secure version of the hotels' login page with user ID and Password, it's supposed to direct me to a page where 'click to accept the terms and agreements' should be all I have to do in order to connect.
Figures I'd get a connection right when I'm on my way out the door to go to work. I don't have time to run all the scans you requested, I'll do them when I get out of work.
Thanks for your patience.

Oh, a voice commercial for some kind of muscle vitamin/supplement just started playing (actually two of the same commercials are playing at the same time). G2G is the only window open.
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No problem - post when ready.
  • 0

#13
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Ok, I think I got a good workaround to get connected. Anyway, here is the TDSKiller log:

I found two logs created a couple minutes apart. I think one was created because I opened TDSkiller, then closed it (without running the scan), then I did it again and ran the scan.
To be safe, here is the first (short) log:

03:35:11.0893 1592 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
03:35:12.0534 1592 ============================================================
03:35:12.0534 1592 Current date / time: 2011/11/16 03:35:12.0534
03:35:12.0534 1592 SystemInfo:
03:35:12.0534 1592
03:35:12.0534 1592 OS Version: 5.1.2600 ServicePack: 3.0
03:35:12.0534 1592 Product type: Workstation
03:35:12.0534 1592 ComputerName: THEPOWER
03:35:12.0534 1592 UserName: Paul G!
03:35:12.0534 1592 Windows directory: C:\WINDOWS
03:35:12.0534 1592 System windows directory: C:\WINDOWS
03:35:12.0534 1592 Processor architecture: Intel x86
03:35:12.0534 1592 Number of processors: 1
03:35:12.0534 1592 Page size: 0x1000
03:35:12.0534 1592 Boot type: Normal boot
03:35:12.0534 1592 ============================================================
03:35:15.0388 1592 Initialize success
03:35:19.0784 2424 Deinitialize success






Now here is the other one (it said it didn't find anything wrong):

03:37:17.0754 0276 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
03:37:18.0335 0276 ============================================================
03:37:18.0335 0276 Current date / time: 2011/11/16 03:37:18.0335
03:37:18.0335 0276 SystemInfo:
03:37:18.0335 0276
03:37:18.0335 0276 OS Version: 5.1.2600 ServicePack: 3.0
03:37:18.0335 0276 Product type: Workstation
03:37:18.0335 0276 ComputerName: THEPOWER
03:37:18.0335 0276 UserName: Paul G!
03:37:18.0335 0276 Windows directory: C:\WINDOWS
03:37:18.0335 0276 System windows directory: C:\WINDOWS
03:37:18.0335 0276 Processor architecture: Intel x86
03:37:18.0335 0276 Number of processors: 1
03:37:18.0335 0276 Page size: 0x1000
03:37:18.0335 0276 Boot type: Normal boot
03:37:18.0335 0276 ============================================================
03:37:20.0908 0276 Initialize success
03:37:29.0220 2292 ============================================================
03:37:29.0220 2292 Scan started
03:37:29.0220 2292 Mode: Manual;
03:37:29.0220 2292 ============================================================
03:37:35.0049 2292 Abiosdsk - ok
03:37:35.0199 2292 abp480n5 - ok
03:37:35.0870 2292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:37:35.0910 2292 ACPI - ok
03:37:36.0100 2292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:37:36.0100 2292 ACPIEC - ok
03:37:36.0341 2292 adpu160m - ok
03:37:36.0451 2292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:37:36.0451 2292 aec - ok
03:37:36.0561 2292 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:37:36.0591 2292 AFD - ok
03:37:36.0691 2292 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
03:37:36.0691 2292 agp440 - ok
03:37:36.0721 2292 Aha154x - ok
03:37:36.0741 2292 aic78u2 - ok
03:37:36.0771 2292 aic78xx - ok
03:37:36.0811 2292 AliIde - ok
03:37:36.0841 2292 amsint - ok
03:37:36.0971 2292 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:37:37.0002 2292 Arp1394 - ok
03:37:37.0022 2292 asc - ok
03:37:37.0052 2292 asc3350p - ok
03:37:37.0072 2292 asc3550 - ok
03:37:37.0192 2292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:37:37.0192 2292 AsyncMac - ok
03:37:37.0242 2292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:37:37.0242 2292 atapi - ok
03:37:37.0292 2292 Atdisk - ok
03:37:37.0342 2292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:37:37.0342 2292 Atmarpc - ok
03:37:37.0462 2292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:37:37.0462 2292 audstub - ok
03:37:37.0582 2292 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
03:37:37.0582 2292 b57w2k - ok
03:37:37.0672 2292 BCM42XX (5ff4a1e41df9f1e328c955caa12cd3b0) C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
03:37:37.0682 2292 BCM42XX - ok
03:37:37.0813 2292 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
03:37:37.0843 2292 BCM43XX - ok
03:37:37.0923 2292 BCM44X2 (f13fe9a3648628b29306edb48a4e48d3) C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
03:37:37.0923 2292 BCM44X2 - ok
03:37:37.0963 2292 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
03:37:37.0963 2292 bcm4sbxp - ok
03:37:38.0043 2292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:37:38.0043 2292 Beep - ok
03:37:38.0133 2292 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
03:37:38.0133 2292 BVRPMPR5 - ok
03:37:38.0273 2292 catchme - ok
03:37:38.0444 2292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:37:38.0444 2292 cbidf2k - ok
03:37:38.0514 2292 cd20xrnt - ok
03:37:38.0604 2292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:37:38.0614 2292 Cdaudio - ok
03:37:38.0704 2292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:37:38.0714 2292 Cdfs - ok
03:37:38.0834 2292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:37:38.0834 2292 Cdrom - ok
03:37:38.0894 2292 Changer - ok
03:37:38.0984 2292 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
03:37:38.0984 2292 CmBatt - ok
03:37:39.0034 2292 CmdIde - ok
03:37:39.0135 2292 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
03:37:39.0135 2292 Compbatt - ok
03:37:39.0225 2292 Cpqarray - ok
03:37:39.0265 2292 dac2w2k - ok
03:37:39.0295 2292 dac960nt - ok
03:37:39.0385 2292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:37:39.0385 2292 Disk - ok
03:37:39.0535 2292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:37:39.0605 2292 dmboot - ok
03:37:39.0715 2292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:37:39.0715 2292 dmio - ok
03:37:39.0755 2292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:37:39.0755 2292 dmload - ok
03:37:39.0806 2292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:37:39.0806 2292 DMusic - ok
03:37:39.0846 2292 dpti2o - ok
03:37:39.0896 2292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:37:39.0896 2292 drmkaud - ok
03:37:40.0006 2292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:37:40.0006 2292 Fastfat - ok
03:37:40.0096 2292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:37:40.0096 2292 Fdc - ok
03:37:40.0236 2292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:37:40.0236 2292 Fips - ok
03:37:40.0306 2292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:37:40.0306 2292 Flpydisk - ok
03:37:40.0446 2292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:37:40.0446 2292 FltMgr - ok
03:37:40.0597 2292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:37:40.0597 2292 Fs_Rec - ok
03:37:40.0657 2292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:37:40.0657 2292 Ftdisk - ok
03:37:40.0777 2292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:37:40.0787 2292 Gpc - ok
03:37:40.0887 2292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:37:40.0887 2292 HidUsb - ok
03:37:40.0967 2292 hpn - ok
03:37:41.0057 2292 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
03:37:41.0067 2292 HPZid412 - ok
03:37:41.0168 2292 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
03:37:41.0168 2292 HPZipr12 - ok
03:37:41.0248 2292 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
03:37:41.0248 2292 HPZius12 - ok
03:37:41.0378 2292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:37:41.0418 2292 HTTP - ok
03:37:41.0498 2292 i2omgmt - ok
03:37:41.0548 2292 i2omp - ok
03:37:41.0638 2292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:37:41.0638 2292 i8042prt - ok
03:37:41.0758 2292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:37:41.0768 2292 Imapi - ok
03:37:41.0848 2292 ini910u - ok
03:37:41.0939 2292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:37:41.0939 2292 IntelIde - ok
03:37:42.0049 2292 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:37:42.0049 2292 intelppm - ok
03:37:42.0179 2292 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:37:42.0179 2292 ip6fw - ok
03:37:42.0269 2292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:37:42.0269 2292 IpFilterDriver - ok
03:37:42.0379 2292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:37:42.0379 2292 IpInIp - ok
03:37:42.0459 2292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:37:42.0459 2292 IpNat - ok
03:37:42.0630 2292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:37:42.0640 2292 IPSec - ok
03:37:42.0700 2292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:37:42.0700 2292 IRENUM - ok
03:37:42.0800 2292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:37:42.0810 2292 isapnp - ok
03:37:43.0010 2292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:37:43.0010 2292 Kbdclass - ok
03:37:43.0090 2292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:37:43.0090 2292 kmixer - ok
03:37:43.0170 2292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:37:43.0170 2292 KSecDD - ok
03:37:43.0271 2292 lbrtfdc - ok
03:37:43.0461 2292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:37:43.0461 2292 mnmdd - ok
03:37:43.0531 2292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:37:43.0541 2292 Modem - ok
03:37:43.0631 2292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:37:43.0641 2292 Mouclass - ok
03:37:43.0751 2292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:37:43.0751 2292 mouhid - ok
03:37:43.0821 2292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:37:43.0821 2292 MountMgr - ok
03:37:43.0911 2292 mraid35x - ok
03:37:43.0962 2292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:37:43.0972 2292 MRxDAV - ok
03:37:44.0082 2292 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:37:44.0132 2292 MRxSmb - ok
03:37:44.0212 2292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:37:44.0222 2292 Msfs - ok
03:37:44.0312 2292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:37:44.0312 2292 MSKSSRV - ok
03:37:44.0432 2292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:37:44.0432 2292 MSPCLOCK - ok
03:37:44.0532 2292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:37:44.0532 2292 MSPQM - ok
03:37:44.0622 2292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:37:44.0622 2292 mssmbios - ok
03:37:44.0683 2292 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:37:44.0683 2292 Mup - ok
03:37:44.0783 2292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:37:44.0783 2292 NDIS - ok
03:37:44.0873 2292 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:37:44.0883 2292 NdisTapi - ok
03:37:44.0943 2292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:37:44.0943 2292 Ndisuio - ok
03:37:45.0003 2292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:37:45.0013 2292 NdisWan - ok
03:37:45.0123 2292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:37:45.0133 2292 NDProxy - ok
03:37:45.0273 2292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:37:45.0273 2292 NetBIOS - ok
03:37:45.0354 2292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:37:45.0354 2292 NetBT - ok
03:37:45.0474 2292 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:37:45.0474 2292 NIC1394 - ok
03:37:45.0584 2292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:37:45.0594 2292 Npfs - ok
03:37:45.0704 2292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:37:45.0744 2292 Ntfs - ok
03:37:45.0854 2292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:37:45.0864 2292 Null - ok
03:37:46.0205 2292 nv (ecef9af156aafe2819a16230ad8968b7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:37:46.0465 2292 nv - ok
03:37:46.0615 2292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:37:46.0615 2292 NwlnkFlt - ok
03:37:46.0655 2292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:37:46.0655 2292 NwlnkFwd - ok
03:37:46.0736 2292 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
03:37:46.0736 2292 NwlnkIpx - ok
03:37:46.0776 2292 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
03:37:46.0776 2292 NwlnkNb - ok
03:37:46.0816 2292 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
03:37:46.0816 2292 NwlnkSpx - ok
03:37:46.0866 2292 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
03:37:46.0876 2292 NWRDR - ok
03:37:46.0916 2292 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:37:46.0916 2292 ohci1394 - ok
03:37:47.0016 2292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:37:47.0016 2292 Parport - ok
03:37:47.0096 2292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:37:47.0096 2292 PartMgr - ok
03:37:47.0186 2292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:37:47.0186 2292 ParVdm - ok
03:37:47.0236 2292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:37:47.0246 2292 PCI - ok
03:37:47.0296 2292 PCIDump - ok
03:37:47.0346 2292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:37:47.0346 2292 PCIIde - ok
03:37:47.0386 2292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
03:37:47.0386 2292 Pcmcia - ok
03:37:47.0427 2292 PDCOMP - ok
03:37:47.0477 2292 PDFRAME - ok
03:37:47.0517 2292 PDRELI - ok
03:37:47.0567 2292 PDRFRAME - ok
03:37:47.0607 2292 perc2 - ok
03:37:47.0657 2292 perc2hib - ok
03:37:47.0907 2292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:37:47.0907 2292 PptpMiniport - ok
03:37:48.0027 2292 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
03:37:48.0027 2292 Processor - ok
03:37:48.0077 2292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:37:48.0077 2292 PSched - ok
03:37:48.0128 2292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:37:48.0128 2292 Ptilink - ok
03:37:48.0148 2292 ql1080 - ok
03:37:48.0178 2292 Ql10wnt - ok
03:37:48.0208 2292 ql12160 - ok
03:37:48.0238 2292 ql1240 - ok
03:37:48.0268 2292 ql1280 - ok
03:37:48.0308 2292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:37:48.0308 2292 RasAcd - ok
03:37:48.0348 2292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:37:48.0348 2292 Rasl2tp - ok
03:37:48.0388 2292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:37:48.0398 2292 RasPppoe - ok
03:37:48.0428 2292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:37:48.0428 2292 Raspti - ok
03:37:48.0488 2292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:37:48.0498 2292 Rdbss - ok
03:37:48.0518 2292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:37:48.0518 2292 RDPCDD - ok
03:37:48.0578 2292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:37:48.0588 2292 rdpdr - ok
03:37:48.0668 2292 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:37:48.0678 2292 RDPWD - ok
03:37:48.0768 2292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:37:48.0768 2292 redbook - ok
03:37:48.0979 2292 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
03:37:48.0979 2292 ROOTMODEM - ok
03:37:49.0209 2292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:37:49.0209 2292 Secdrv - ok
03:37:49.0269 2292 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:37:49.0269 2292 serenum - ok
03:37:49.0399 2292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:37:49.0399 2292 Serial - ok
03:37:49.0479 2292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:37:49.0479 2292 Sfloppy - ok
03:37:49.0540 2292 Simbad - ok
03:37:49.0590 2292 Sparrow - ok
03:37:49.0660 2292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:37:49.0660 2292 splitter - ok
03:37:49.0730 2292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:37:49.0730 2292 sr - ok
03:37:49.0920 2292 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:37:49.0970 2292 Srv - ok
03:37:50.0241 2292 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
03:37:50.0271 2292 STAC97 - ok
03:37:50.0411 2292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:37:50.0431 2292 swenum - ok
03:37:50.0571 2292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:37:50.0571 2292 swmidi - ok
03:37:50.0641 2292 symc810 - ok
03:37:50.0691 2292 symc8xx - ok
03:37:50.0781 2292 sym_hi - ok
03:37:50.0861 2292 sym_u3 - ok
03:37:50.0992 2292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:37:51.0022 2292 sysaudio - ok
03:37:51.0222 2292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:37:51.0262 2292 Tcpip - ok
03:37:51.0362 2292 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
03:37:51.0372 2292 Tcpip6 - ok
03:37:51.0522 2292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:37:51.0542 2292 TDPIPE - ok
03:37:51.0673 2292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:37:51.0673 2292 TDTCP - ok
03:37:51.0733 2292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:37:51.0733 2292 TermDD - ok
03:37:51.0903 2292 TosIde - ok
03:37:52.0063 2292 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
03:37:52.0063 2292 tunmp - ok
03:37:52.0173 2292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:37:52.0183 2292 Udfs - ok
03:37:52.0253 2292 ultra - ok
03:37:52.0334 2292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:37:52.0374 2292 Update - ok
03:37:52.0504 2292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:37:52.0504 2292 usbccgp - ok
03:37:52.0584 2292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:37:52.0604 2292 usbehci - ok
03:37:52.0724 2292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:37:52.0744 2292 usbhub - ok
03:37:52.0864 2292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:37:52.0864 2292 usbprint - ok
03:37:53.0055 2292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:37:53.0055 2292 usbscan - ok
03:37:53.0175 2292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:37:53.0175 2292 USBSTOR - ok
03:37:53.0305 2292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:37:53.0335 2292 usbuhci - ok
03:37:53.0445 2292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:37:53.0475 2292 VgaSave - ok
03:37:53.0555 2292 ViaIde - ok
03:37:53.0645 2292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:37:53.0645 2292 VolSnap - ok
03:37:53.0986 2292 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
03:37:54.0156 2292 w29n51 - ok
03:37:54.0387 2292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:37:54.0387 2292 Wanarp - ok
03:37:54.0467 2292 WDICA - ok
03:37:54.0537 2292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:37:54.0537 2292 wdmaud - ok
03:37:54.0877 2292 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:37:54.0877 2292 WudfPf - ok
03:37:55.0168 2292 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:37:55.0178 2292 WudfRd - ok
03:37:55.0308 2292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:37:55.0498 2292 \Device\Harddisk0\DR0 - ok
03:37:55.0508 2292 Boot (0x1200) (cf26c8788dd17c1e58310f216dcff1bd) \Device\Harddisk0\DR0\Partition0
03:37:55.0508 2292 \Device\Harddisk0\DR0\Partition0 - ok
03:37:55.0508 2292 ============================================================
03:37:55.0508 2292 Scan finished
03:37:55.0508 2292 ============================================================
03:37:55.0548 0356 Detected object count: 0
03:37:55.0548 0356 Actual detected object count: 0
03:38:37.0288 1004 Deinitialize success





This is indeed turning out to be a tricky one, huh?
Thanks for letting me twist your brain! lol

When I click on my Start button and hover over All Programs, it shows (empty). The Desktop icon are also still 'ghosted' but otherwise seem to work.
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I received the files, thanks, which nudged me that I completely forgot about our work here. My apologies. That oahd.sys file was part of Malwarebytes, used to remove tougher items, and the remainder of the files just contained encrypted code, so useless unless some other function acts on them.

I sense your system is infected with a newish bootkit, which infects the master Boot Record, but also adds hidden, boot level malware that acts during each bootup. And remains unseen at any other time. We will need to check things, using a version of Linux, which can load to RAM, and look "into" the Windows files without Windows being loaded. This will require a clean, other computer, and a flash/thumb/usb drive.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net...loads/driver.sh to your USB
  • Remove the USB and insert it in the infected computer
  • Boot the infected computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1

    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply.

For the mbr.bin file, please zip a copy of it, and send it to [noparse][email protected][/noparse] as an attachment. Please place "Submitted Files -PaulG/g2g/mbr" as the email Subject.

Again my apologies for fading on you here.
  • 0

#15
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I would like to add one additional task you can apply right away.

Download TdlFsReader.exe from here, and place a copy of that directly in your C drive folder (so it will then be C:\TdlFsReader.exe).

Go to Start > Run and type:

cmd.exe

and OK. At the prompt type or copy/paste each of the following, pressing Enter after each:

cd\

wmic


The prompt should change to wmic:root\cli> Next enter:

process call create tdlfsreader.exe

Then type exit and press Enter to close the command window. That scan will have created a C:\TDL_FS folder. If that folder contains any files, please zip a copy of the folder, and go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select that zipped folder file on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP