Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose - No explorer.exe running.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mustang27

Mustang27

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 17 October 2009 - 06:18 PM

:(

The OS is Win 2k3 Enterprise version R2.

Few weeks ago, my desktop and task bar disappeared. Checked that Explorer.exe was not running. Tried running the exe, thru TaskMgr. It would start and go in a flash. Went through the actions of removing malfunctioning explorer.exe routines - by running some software available on the net. No improvement.

Reinstalled the OS. No difference. I am enlcosing the HJT log and Root Repeal Log. Please help identify/diagnose and suggest a remedy for the issue.

Pardon any violation of etiquette of this forum.

Deeply thankful.

**************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:00 PM, on 10/17/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
D:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\msdtc.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Fox Meadows\Medinotes\dbsrv9.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Fox Meadows\Medinotes\MediHL7s.exe
D:\WINDOWS\system32\PrintCtrl.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\locator.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\lserver.exe
D:\Program Files\UPHClean\uphclean.exe
D:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
D:\Program Files\Extended Systems\Advantage 8.1\Server\ADS.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Fox Meadows\Medinotes\cpserver.exe
D:\Fox Meadows\Medinotes\dbremote.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\rdpclip.exe
D:\Medisoft\Bin\MAPA.EXE
D:\WINDOWS\system32\ctfmon.exe
G:\Utilities\Proc Explorer\procexp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daveramsey.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PrintDisp] D:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] "D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [IObit Security 360] D:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HL7Messenger] D:\Medisoft\Bin\HL7Messaging.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "D:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-302103705-823050570-526503478-1039\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SyMedPrez')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: HL7 Client.lnk = Medinotes\expHL7.exe
O4 - Global Startup: AutoReceive.lnk = D:\Program Files\AutoReceive\eMaxxAutoReceive.exe
O4 - Global Startup: Drobo Dashboard.lnk = D:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe
O4 - Global Startup: expHL7.exe
O4 - Global Startup: MediHL7 Server.exe.lnk = Medinotes\MediHL7Server.exe
O4 - Global Startup: MediHL7s.exe
O4 - Global Startup: medihl7server.ini
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'd:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://images.crucial.com
O15 - ESC Trusted Zone: http://*.crucial.com
O15 - ESC Trusted Zone: http://www.foxmeadows.com
O15 - ESC Trusted Zone: http://www.frankwilliams.com
O15 - ESC Trusted Zone: http://www.medisoft.com
O15 - ESC Trusted Zone: http://custcenter.medplus.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://reg.talk4free.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {15772FF0-B907-4D98-B770-0000B63DB314} (VBPrinter.VBPrinterCtrl) - https://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177309396453
O16 - DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} (BarCodeLabelActiveX.SpecimenLabels) - https://cas2.questdiagnostics.com/EREQ_SSLc...abelControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (TIClientControl Object) - https://techinline.net/Client/TIClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4D1EF3-A6A2-4380-BC26-1666D0A8293C}: NameServer = 4.2.2.2,4.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E62DF718-4228-4DA6-9D6E-814D759B1C48}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: TPAutoConnect - TPAutoConnect.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Advantage Database Server (Advantage) - Extended Systems, Inc. - D:\Program Files\Extended Systems\Advantage 8.1\Server\ADS.EXE
O23 - Service: AutoReceive - Unknown owner - D:\Program Files\AutoReceive\wrapper.exe
O23 - Service: CP Communication Server (CP32SERVER_CP_Communication_Server) - Unknown owner - D:\Fox Meadows\Medinotes\cpserver.exe
O23 - Service: AutoSync Service (CP32SYNC_AutoSync_Service) - iAnywhere Solutions, Inc. - D:\Fox Meadows\Medinotes\dbremote.exe
O23 - Service: CP32_MediServer - iAnywhere Solutions, Inc. - D:\Fox Meadows\Medinotes\dbsrv9.exe
O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Service (LogMeIn) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Medinotes HL7 Server (MediHL7s) - Medinotes - D:\Fox Meadows\Medinotes\MediHL7s.exe
O23 - Service: Printer Control - Unknown owner - D:\WINDOWS\system32\PrintCtrl.exe

--
End of file - 8699 bytes

**************************************************************************
Root Repeal Log


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/17 19:11
Program Version: Version 1.3.5.0
Windows Version: Windows Server 2003 SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7352000 Size: 212992 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x80800000 Size: 2465792 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: D:\WINDOWS\System32\drivers\afd.sys
Address: 0xF4E40000 Size: 172032 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF72A2000 Size: 118784 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF77EF000 Size: 32768 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: D:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xF6103000 Size: 176128 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: D:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF781F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: D:\WINDOWS\system32\BOOTVID.dll
Address: 0xF770F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF4C29000 Size: 86016 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: D:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF6084000 Size: 86016 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF728F000 Size: 77824 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: crcdisk.sys
Address: 0xF74F7000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Dfs.sys
Image Path: Dfs.sys
Address: 0xF74E7000 Size: 49152 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF74D7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF72E9000 Size: 180224 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF771F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4C0C000 Size: 118784 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF5EB7000 Size: 36864 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: D:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF5EA7000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: D:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9D0000 Size: 94208 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: D:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF779F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xF4CAC000 Size: 393216 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xF4C8E000 Size: 122880 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF3CCA000 Size: 172032 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: D:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7697000 Size: 45056 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF4D0C000 Size: 69632 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: D:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7537000 Size: 40960 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF726A000 Size: 151552 File Visible: - Signed: -
Status: -

Name: framebuf.dll
Image Path: D:\WINDOWS\System32\framebuf.dll
Address: 0xBFF40000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7807000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7315000 Size: 159744 File Visible: - Signed: -
Status: -

Name: giveio.sys
Image Path: D:\WINDOWS\system32\giveio.sys
Address: 0xF7AA3000 Size: 1664 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: D:\WINDOWS\system32\hal.dll
Address: 0x80A5A000 Size: 180224 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF60C6000 Size: 77824 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF75D7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: D:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF75B7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF4E6A000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF4F55000 Size: 102400 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7497000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7527000 Size: 45056 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: D:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7707000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6049000 Size: 159744 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7244000 Size: 155648 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: D:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7737000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7567000 Size: 40960 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74B7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF4D1D000 Size: 483328 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7577000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: D:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7627000 Size: 57344 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF6A6E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF70FB000 Size: 126976 File Visible: - Signed: -
Status: -

Name: naveng.sys
Image Path: D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080529.003\naveng.sys
Address: 0xF5C26000 Size: 75552 File Visible: - Signed: -
Status: -

Name: navex15.sys
Image Path: D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080529.003\navex15.sys
Address: 0xF5C39000 Size: 888704 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7170000 Size: 258048 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF6ACE000 Size: 36864 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xF4BDC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF601C000 Size: 102400 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: D:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF6A5E000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7647000 Size: 53248 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF4E94000 Size: 200704 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF75E7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF71AF000 Size: 610304 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: D:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x80800000 Size: 2465792 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: D:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7817000 Size: 28672 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: D:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF60AE000 Size: 98304 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF74C7000 Size: 45056 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: D:\WINDOWS\system32\DRIVERS\parvdm.sys
Address: 0xF77CF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF733C000 Size: 90112 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7717000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF74A7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x80800000 Size: 2465792 File Visible: - Signed: -
Status: -

Name: PROCEXP111.SYS
Image Path: D:\WINDOWS\system32\Drivers\PROCEXP111.SYS
Address: 0xF7A07000 Size: 7872 File Visible: No Signed: -
Status: -

Name: ptilink.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF6A9E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: RaInfo.sys
Image Path: D:\Program Files\LogMeIn\x86\RaInfo.sys
Address: 0xF7995000 Size: 6144 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7767000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF6035000 Size: 81920 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF6ABE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF600A000 Size: 73728 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF6A8E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x80800000 Size: 2465792 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF4DBB000 Size: 196608 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: D:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF773F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RDPDD.dll
Image Path: D:\WINDOWS\System32\RDPDD.dll
Address: 0xBFF60000 Size: 122880 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF5FD3000 Size: 225280 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: D:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xF3ED4000 Size: 176128 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: D:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF6070000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF413F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF6981000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF4DEB000 Size: 151552 File Visible: - Signed: -
Status: -

Name: savrt.sys
Image Path: D:\Program Files\Symantec AntiVirus\savrt.sys
Address: 0xF5D48000 Size: 360448 File Visible: - Signed: -
Status: -

Name: Savrtpel.sys
Image Path: D:\Program Files\Symantec AntiVirus\Savrtpel.sys
Address: 0xF5D12000 Size: 81920 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: D:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7597000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: D:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF6099000 Size: 86016 File Visible: - Signed: -
Status: -

Name: snapman.sys
Image Path: snapman.sys
Address: 0xF711A000 Size: 96320 File Visible: - Signed: -
Status: -

Name: speedfan.sys
Image Path: D:\WINDOWS\system32\speedfan.sys
Address: 0xF79BD000 Size: 5248 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: D:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xF46D6000 Size: 385024 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: D:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79AD000 Size: 4736 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: D:\Program Files\Symantec\SYMEVENT.SYS
Address: 0xF5D26000 Size: 139264 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: D:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF4EC5000 Size: 589824 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF6AAE000 Size: 45056 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: D:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF4067000 Size: 45056 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF6A7E000 Size: 61440 File Visible: - Signed: -
Status: -

Name: tifsfilt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Address: 0xF77B7000 Size: 30688 File Visible: - Signed: -
Status: -

Name: timntr.sys
Image Path: timntr.sys
Address: 0xF7132000 Size: 250016 File Visible: - Signed: -
Status: -

Name: truecrypt.sys
Image Path: D:\WINDOWS\system32\Drivers\truecrypt.sys
Address: 0xF4E10000 Size: 193632 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: D:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF5F74000 Size: 389120 File Visible: - Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: D:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xF45DE000 Size: 8960 File Visible: No Signed: -
Status: -

Name: USBD.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79B1000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77E7000 Size: 27520 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF5F17000 Size: 86016 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF60D9000 Size: 172032 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF7547000 Size: 49152 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77DF000 Size: 20864 File Visible: - Signed: -
Status: -

Name: vgapnp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\vgapnp.sys
Address: 0xF7517000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF612E000 Size: 114688 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: volsnap.sys
Address: 0xF72BF000 Size: 172032 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF75C7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: D:\WINDOWS\system32\DRIVERS\watchdog.sys
Address: 0xF7607000 Size: 36864 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1900544 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: D:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1900544 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7487000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x80800000 Size: 2465792 File Visible: - Signed: -
Status: -

********************************************************************
**************************************************************************

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:19 PM

Posted 29 October 2009 - 05:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:19 PM

Posted 03 November 2009 - 05:17 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users