Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Failure of Windows to boot and win32/patched.fm

Started by younggeeza , Sep 01 2010 04:48 PM

  • This topic is locked This topic is locked

#31
Salagubang
Posted 22 December 2010 - 03:56 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi younggeeza,

Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Two

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.




Step Three

To resolve the stop codes errors, we must uninstall/reinstall the video cards drivers.

Please follow Microsoft procedure here.

Tell me how it goes. :D
  • 0

Advertisements

#32
younggeeza
Posted 22 December 2010 - 07:37 PM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Windows won't work long enough to do Step 1 in normal mode. I'll have to move the Malwarebytes and Kaspersky tools over on my iPod from this laptop in safe mode. Should i go ahead and do the first step in safe mode?

ORR

Should i do the windows repair again and then try this step?
  • 0

#33
Salagubang
Posted 22 December 2010 - 07:38 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Safe mode it is. :D
  • 0

#34
younggeeza
Posted 23 December 2010 - 09:01 AM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Ok i've done all 3 steps.

---------------------------------------------------------------------------------------------------------------------

mbamlog

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 1 (Safe Mode)
Internet Explorer 6.0.2800.1106

23/12/2010 11:08:41
mbam-log-2010-12-23 (11-08-41).txt

Scan type: Quick scan
Objects scanned: 144715
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1BA40A2-75F2-51BD-F413-04B13A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E80B4AE-DD94-4845-A6AC-4BB27958EABB}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6110B636-E929-44CD-8FDE-C2EE284CDE3A}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6110B636-E929-44CD-8FDE-C2EE284CDE3A}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C4C88BE3-1502-4FE3-8491-AD92F2A54658}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\WINDOWS\$ntuninstallmtf1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\compaq_owner\local settings\Temp\0.8409008961324111.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\application data\windows server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntuninstallmtf1011$\apuninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntuninstallmtf1011$\mmduch.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntuninstallmtf1011$\mmx.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------------------

Kas

Autoscan: completed 3 hours ago (events: 14, objects: 658694, time: 08:20:57)
23/12/2010 11:26:47 Task started
23/12/2010 11:32:04 Detected: Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\cacd423-6be16115/bpac/a.class
23/12/2010 11:32:58 Deleted: Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\cacd423-6be16115/bpac/a.class
23/12/2010 11:32:58 Detected: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\cacd423-6be16115/bpac/KAVS.class
23/12/2010 11:33:19 Deleted: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\cacd423-6be16115/bpac/KAVS.class
23/12/2010 16:01:23 Detected: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Alex\Start Menu\Programs\Startup\exiwno.exe
23/12/2010 16:01:23 Detected: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Compaq_Owner\Application Data\Ybhuf\viuzw.exe
23/12/2010 16:01:24 Detected: Trojan.Win32.FraudPack.bhfe C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Compaq_Owner\Local Settings\Application Data\ohkpunhtj\gvlmqijshdw.exe
23/12/2010 16:01:28 Deleted: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Compaq_Owner\Application Data\Ybhuf\viuzw.exe
23/12/2010 16:01:28 Detected: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Default User\Start Menu\Programs\Startup\aqec.exe
23/12/2010 16:01:28 Deleted: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Alex\Start Menu\Programs\Startup\exiwno.exe
23/12/2010 16:01:28 Deleted: Trojan.Win32.FraudPack.bhfe C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Compaq_Owner\Local Settings\Application Data\ohkpunhtj\gvlmqijshdw.exe
23/12/2010 16:01:28 Deleted: Packed.Win32.Krap.hd C:\_OTL\MovedFiles\09052010_071724\C_Documents and Settings\Default User\Start Menu\Programs\Startup\aqec.exe
23/12/2010 19:47:44 Task completed

------------------------------------------------------------------------------------------------------------------------

Whenever i try to start up in normal mode, the PC just starts restarting over and over again. There is a BSOD that flashes for 0.5 seconds before each restart cycle begins again. It's too fast to see the error code so i videod my screen a few times and went through it frame by frame after. It starts with

***STOP: 0x0000007E (0x00000005,0x00000000,0xF78E2ABC,

After that, the PC restarts.
  • 0

#35
Salagubang
Posted 23 December 2010 - 11:37 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi younggeeza,

Download OTL to your Desktop
  • Download the following file scan.txt to your Desktop.
    Attached File  scan.txt   158bytes   130 downloads
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your next reply

After this, uninstall the video card drivers again, but this time do not reinstall them when you boot into normal mode. (Well let windows use generic drivers so we can isolate this other problem). Tell me if the BSOD error still occurs.

Happy holidays. :D
  • 0

#36
younggeeza
Posted 25 December 2010 - 01:48 PM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Did the scan, here are the results. Couldn't get OTL to produce an extras document for some reason?

OTL logfile created on: 26/12/2010 04:40:26 - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\New Folder (4)
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 23.65 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive D: | 3.94 Gb Total Space | 1.01 Gb Free Space | 25.57% Space Free | Partition Type: FAT32
Drive K: | 1.78 Gb Total Space | 0.08 Gb Free Space | 4.67% Space Free | Partition Type: FAT32

Computer Name: SILVER-LIGHTNIN | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 10:25:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\New Folder (4)\OTL.exe
PRC - [2003/03/31 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 10:25:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\New Folder (4)\OTL.exe
MOD - [2006/12/01 22:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2006/12/01 22:54:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2003/03/31 12:00:00 | 000,968,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2003/03/31 12:00:00 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2003/03/31 12:00:00 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2003/03/31 12:00:00 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSIMTF.dll
MOD - [2003/03/31 12:00:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2003/03/31 12:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2003/03/31 12:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2003/03/31 12:00:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2003/03/31 12:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2003/03/31 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2003/03/31 12:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2003/03/31 12:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/02 08:33:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2003/03/31 12:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20040813.178\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - [2010/10/16 18:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/09/02 08:33:48 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/02 08:33:48 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/15 10:02:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/03 22:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/01/21 07:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/07 05:33:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/26 09:53:00 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 09:53:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/09/26 09:52:00 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/17 17:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 17:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2004/09/29 22:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 10:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 20:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 17:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/10 18:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm1K.sys -- (USBCM)
DRV - [2004/01/30 05:29:04 | 000,350,282 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTELSAP.SYS -- (PRISM_A00)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/09/04 10:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/31 12:00:00 | 000,038,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 22:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.soa-clan.info/forum/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 17:03:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 23:22:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/19 19:37:50 | 000,000,000 | ---D | M]

[2009/02/11 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2009/02/11 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/08/28 19:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r774xhi2.default\extensions
[2009/09/09 03:05:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r774xhi2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/03 15:33:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r774xhi2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/01/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r774xhi2.default\extensions\[email protected]
[2009/01/07 16:35:38 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r774xhi2.default\searchplugins\daemon-search.xml
[2010/07/03 17:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/06/19 19:37:44 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/19 19:37:44 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/19 19:37:44 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/19 19:37:44 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/21 13:20:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [NvRegisterMCTray] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [NvRegisterMCTrayNview] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231280417124 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231289923359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.co....cab?10,0,910,0 (DigWebHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 08:35:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/16 05:32:44 | 000,000,000 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{b1f171a8-9f27-11de-a26a-00051b004021}\Shell - "" = AutoRun
O33 - MountPoints2\{b1f171a8-9f27-11de-a26a-00051b004021}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b1f171a8-9f27-11de-a26a-00051b004021}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\iyvu9_32.dll ()

MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: ccApp - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSN Webcam Recorder - hkey= - key= - C:\Program Files\MSN Webcam Recorder\ml20gui.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
MsConfig - StartUpReg: SSC_UserPrompt - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 8
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2010/12/23 23:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/12/23 23:37:57 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/12/23 23:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/23 11:21:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/23 10:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/12/23 10:58:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/23 10:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/23 10:58:21 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/23 10:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/23 10:57:22 | 086,561,688 | ---- | C] ( ) -- C:\Documents and Settings\Compaq_Owner\Desktop\setup_9.0.0.722_23.12.2010_02-27.exe
[2010/12/23 10:52:20 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup(2).exe
[2010/12/23 09:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/12/22 09:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/22 09:27:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/22 09:27:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/22 09:27:40 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/12/22 09:26:47 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/22 09:23:46 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/12/22 08:52:53 | 000,000,000 | ---D | C] -- C:\50a0201dd6eca4fcb7
[2010/12/22 08:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV1084668.TMP
[2010/12/22 08:37:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/12/22 08:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV6921848.TMP
[2009/01/06 22:18:06 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm1K.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/26 04:37:36 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/26 03:54:01 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/26 03:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 23:38:47 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/23 23:38:47 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 23:38:42 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/23 23:38:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/23 10:58:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/23 10:00:40 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/12/23 01:47:46 | 086,561,688 | ---- | M] ( ) -- C:\Documents and Settings\Compaq_Owner\Desktop\setup_9.0.0.722_23.12.2010_02-27.exe
[2010/12/23 01:23:56 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup(2).exe
[2010/12/22 10:17:02 | 000,445,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/22 10:17:02 | 000,073,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/22 10:02:02 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/12/22 09:55:29 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/12/22 09:55:29 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/22 09:31:53 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/22 09:29:00 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/22 09:26:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/22 09:26:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/22 09:26:13 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/12/22 09:26:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/22 09:24:23 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/22 09:23:47 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/12/22 09:22:53 | 000,000,265 | -HS- | M] () -- C:\boot.ini
[2010/12/22 08:53:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 08:38:31 | 000,232,436 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:38 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/23 23:38:47 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/23 23:38:42 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/23 23:38:42 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 23:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/23 23:37:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/23 23:37:55 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/12/23 10:58:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 10:41:50 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/12/22 10:41:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2010/12/22 09:27:35 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/22 09:27:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/22 09:27:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/22 09:27:13 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/22 09:27:12 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/22 09:27:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/22 09:27:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/22 09:26:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/22 09:26:49 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/22 09:26:15 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/12/22 09:26:13 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/12/22 09:24:52 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/12/22 09:24:40 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/12/22 08:43:17 | 2145,386,496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/12/22 08:35:17 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/22 08:35:17 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/22 08:35:17 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/22 08:35:17 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/22 08:35:17 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/22 08:35:17 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/22 08:35:17 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/12/22 08:35:17 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/22 08:35:17 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/22 08:35:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/22 08:35:16 | 002,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/22 08:35:16 | 000,344,390 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/09/13 16:37:21 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/09/07 05:18:13 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\setup_ldm.iss
[2009/01/17 08:23:28 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 12:44:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
[2009/01/10 05:27:36 | 000,492,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/08 01:28:28 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/07 00:46:25 | 000,015,387 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/07 00:12:29 | 000,000,838 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009/01/06 22:18:06 | 000,053,725 | ---- | C] () -- C:\WINDOWS\UNDPX1K.sys
[2009/01/06 22:08:55 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/28 16:40:48 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/06 20:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/01/01 08:02:02 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/01/01 08:02:02 | 000,095,248 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/09/13 23:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/02 00:33:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/02 00:19:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/01/02 00:19:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/01/02 00:19:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/01/02 00:19:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/01/02 00:19:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/01/02 00:19:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/02 00:08:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 15:23:17 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/01 08:46:36 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 08:46:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 08:46:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 08:39:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 08:32:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 08:28:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/03/31 12:00:00 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/03/31 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/08/10 17:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 17:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/01/07 16:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/09 16:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/10 05:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2009/01/07 00:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2004/01/02 00:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/03/13 00:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/03/14 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/02 14:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/08 12:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/03/16 20:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/10 06:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/01/07 00:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/06/27 03:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
[2009/01/07 16:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools
[2009/01/08 00:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Lite
[2009/01/07 16:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Pro
[2009/06/24 23:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DMCache
[2009/01/07 00:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
[2010/08/28 22:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Gyrapi
[2004/01/02 00:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2010/06/25 17:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Iwli
[2009/01/08 01:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2009/04/23 20:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
[2010/06/24 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Luokx
[2009/01/07 00:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia
[2010/08/28 19:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Onfo
[2010/07/04 15:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Oxnu
[2009/01/07 00:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
[2004/01/02 00:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2009/01/08 12:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sports Interactive
[2009/06/25 18:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer
[2009/03/23 17:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\The Creative Assembly
[2010/06/16 23:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TS3Client
[2009/01/10 06:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ubisoft
[2010/09/05 11:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ybhuf

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2003/03/31 12:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=B82CD0AD8B605F64EAD6C46D70A2C993 -- C:\WINDOWS\system32\csrss.exe
[2003/03/31 12:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=B82CD0AD8B605F64EAD6C46D70A2C993 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2003/03/31 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\explorer.exe
[2003/03/31 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2003/03/31 12:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2003/03/31 12:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINLOGON.EXE >
[2003/03/31 12:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2003/03/31 12:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

---------------------------------------------------------------------------------

Uninstalled my video card drivers, which just so you know, isn't the graphics card that came with my pc. It's an NVIDIA GeForce 8800GT. The PC will not start into normal mode even after driver uninstallation.

Happy holidays to you too.
  • 0

#37
Salagubang
Posted 25 December 2010 - 06:45 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi younggeeza,

What part of the booting process are you encountering the BSOD error?

Start OTL again, click on the none button, in the custom scan box paste this in:

userinit.exe /md5

Click run scan and post the log.
  • 0

#38
younggeeza
Posted 26 December 2010 - 11:33 AM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
I got it to start into normal mode by selecting last known working configuration. It doesn't last for long though before crashing to BSOD again.

***STOP: 0x0000007E (0xC0000005,0x00000001,0xF78D6A8C,0xF78D678C)

I did however manage to get that scan done.

--------------------------------------------

OTL logfile created on: 27/12/2010 02:29:49 - Run 5
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\New Folder (4)
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 23.67 Gb Free Space | 10.34% Space Free | Partition Type: NTFS
Drive D: | 3.94 Gb Total Space | 1.01 Gb Free Space | 25.57% Space Free | Partition Type: FAT32
Drive K: | 1.78 Gb Total Space | 0.08 Gb Free Space | 4.66% Space Free | Partition Type: FAT32

Computer Name: SILVER-LIGHTNIN | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< userinit.exe /md5 >

< End of report >

----------------------------------

Just for reference, i got the same scan result before i did the last known configuration thing.

Edited by younggeeza, 26 December 2010 - 01:39 PM.

  • 0

#39
Salagubang
Posted 27 December 2010 - 04:01 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi younggeeza,

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#40
younggeeza
Posted 27 December 2010 - 07:18 PM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
ComboFix 10-12-26.01 - Administrator 12/28/2010 10:02:29.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.1.1252.44.1033.18.3071.2761 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msnimport.exe
c:\windows\system32\Oeminfo.ini
D:\Autorun.inf
D:\resycled

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 09:45 . 2010-12-28 09:45 -------- d-----w- c:\documents and settings\Administrator
2010-12-28 09:42 . 2010-12-28 09:42 -------- d-----w- c:\windows\LastGood
2010-12-27 01:18 . 2010-12-27 01:18 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-27 01:18 . 2010-12-27 01:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-27 01:18 . 2010-12-27 01:18 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-23 23:41 . 2010-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-12-23 23:38 . 2009-02-18 14:44 6185088 ----a-w- c:\windows\system32\nv4_disp.dll
2010-12-23 23:38 . 2009-02-18 14:44 6308224 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-12-23 23:37 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-23 23:37 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-23 23:37 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-23 23:37 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-23 23:37 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-23 23:37 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-23 23:37 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-23 23:37 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-23 23:37 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-23 23:37 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-23 23:37 . 2010-12-27 01:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-23 22:53 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\31599972.sys
2010-12-23 22:53 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\3159997.sys
2010-12-23 22:53 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\31599971.sys
2010-12-23 10:58 . 2010-12-23 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-23 10:58 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 10:58 . 2010-12-23 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-23 10:58 . 2010-12-20 18:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 09:54 . 2004-06-29 01:50 192512 ----a-w- c:\windows\system32\RTCOMDLL.dll
2010-12-23 09:54 . 2004-02-27 17:10 156160 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-12-22 09:26 . 2003-03-31 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2010-12-22 09:25 . 2010-12-22 09:25 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2010-12-22 09:25 . 2003-03-31 12:00 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-12-22 09:23 . 2003-03-31 12:00 72104 ----a-w- c:\program files\MSN\MSNCoreFiles\csapi3t1.dll
2010-12-22 09:19 . 2003-03-31 12:00 13608 ----a-r- c:\windows\SET5B.tmp
2010-12-22 09:19 . 2003-03-31 12:00 1086182 ----a-r- c:\windows\SET4F.tmp
2010-12-22 08:56 . 2001-08-17 13:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-12-22 08:56 . 2002-08-29 01:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-12-22 08:52 . 2010-12-22 08:53 -------- d-----w- C:\50a0201dd6eca4fcb7
2010-12-22 08:52 . 2010-12-22 08:52 -------- d-----w- c:\windows\NV1084668.TMP
2010-12-22 08:51 . 2003-03-31 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-22 08:51 . 2003-03-31 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-22 08:51 . 2003-03-31 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-22 08:51 . 2003-03-31 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-22 08:51 . 2003-03-31 12:00 13608 ----a-r- c:\windows\SET5A.tmp
2010-12-22 08:51 . 2003-03-31 12:00 1086182 ----a-r- c:\windows\SET4E.tmp
2010-12-22 08:38 . 2001-08-17 22:37 117248 ----a-w- c:\windows\system32\ksproxy.ax
2010-12-22 08:38 . 2001-08-17 22:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-12-22 08:38 . 2002-08-29 01:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-12-22 08:36 . 2010-12-22 08:49 -------- d-----w- c:\windows\NV6921848.TMP
2010-12-22 08:36 . 2002-08-29 03:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 12:04 . 2010-10-16 12:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 12:04 . 2010-10-16 12:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 12:04 . 2010-10-16 12:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:04 . 2010-10-16 12:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:04 . 2010-10-16 12:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 12:04 . 2010-10-16 12:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\Belkinwcui.exe" [2009-04-08 1662976]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2010-10-16 13851752]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 2551808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-03-31 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 08:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-01-07 00:33 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
2008-03-17 09:06 151552 ----a-w- c:\program files\MSN Webcam Recorder\ml20gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 16:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 07:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-01-07 00:46 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-06-28 17:21 1238352 ----a-w- c:\program files\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/7/2009 05:33 717296]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/6/2009 22:32 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/6/2009 22:32 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [8/17/2001 12:11 20160]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 20:22 34064]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [1/7/2009 00:46 152576]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [1/2/2004 00:04 350282]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\cfgwiz.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
AddRemove-Soldier of Fortune II - Double Helix - c:\docume~1\COMPAQ~1\Desktop\SOF2-M~1\Uninstall\Unwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 10:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):33,60,2a,b1,51,6b,d4,5f,e5,4a,bf,b4,30,bf,04,ca,00,00,0e,46,88,
93,21,ee,61,7f,7c,6f,31,4e,65,0a,2d,a3,ca,0e,e1,dd,bb,e6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f3cbcafc-5054-4b83-9d95-5da5ccb83342}]
@Denied: (Full) (Everyone)
"Model"=dword:00000055
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(272)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

- - - - - - - > 'explorer.exe'(508)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
c:\windows\System32\ODBC32.dll
.
Completion time: 2010-12-28 10:16:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-28 10:16

Pre-Run: 25,366,966,272 bytes free
Post-Run: 25,329,983,488 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - D4F20ECEB10DF802FC2D481144A9D525
  • 0

Advertisements

#41
Salagubang
Posted 27 December 2010 - 07:41 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Could you try booting into normal mode, if possible.
  • 0

#42
younggeeza
Posted 27 December 2010 - 10:34 PM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
I tried booting into normal mode but it kept restarting over and over again so i tried booting to last known configuration and it let me in. However, it crashed lot long after having logged in.

*** STOP: 0x0000007E (0xC0000005,0x79D5BA9E,0xF78E2A8C,0xF78E278C)
  • 0

#43
Salagubang
Posted 28 December 2010 - 03:54 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi younggeeza,

As I say this is tedious but you may get lucky the first time around

Step 1: Start the System Configuration Utility
1. Click Start, click Run, type msconfig, and then click OK.
2. The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options
1. In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.
4. Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5. Click the Services tab.
6. Click to select the Hide All Microsoft Services check box.
7. Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows
If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.


STEP 4: Troubleshoot
  • Now restart and test the issue at hand
  • If no problems, run msconfig and recheck half the disabled items on the Services tab. Reboot to test again. If the problem recurs, Uncheck half the items you just checked to narrow down the culprit.
  • If the problem does not re-occur, check the other half, so all the Services are enabled. Reboot to test again. If the problem recurs, Uncheck half the items you just checked to narrow down the culprit.

Also, zip the files under this folder, C:\Windows\MiniDump and attached it on your next reply.

Let me know how it goes.
  • 0

#44
younggeeza
Posted 28 December 2010 - 06:32 PM

younggeeza

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Every time I change anything, I start getting the BSOD at the start of windows. Should I be starting from the last known working configuration each time windows stops working? Because the last 3 or so times i've changed anything, normal mode has stopped working.

Attached Files


  • 0

#45
Salagubang
Posted 28 December 2010 - 07:15 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Were you able to disable everything and restart windows normally?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP