Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR or atapi Rootkit - multiple BSODs


  • This topic is locked This topic is locked
36 replies to this topic

#1 chris_in_cal

chris_in_cal

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 27 September 2010 - 01:32 AM

I have multiple programs crashing MSE, Firefox, IE8, and MSE updates repeatedly failed. Additionally the box throws a BSOD
with different error messages and in a variety of situation like "restarting" using a browser, updating a virus definition in MSE.

There have been dozens of different apps failing and different BSODs, the following is one set of failed app messages

------------------------------------------
Generic Host Process for Win32 Services

Generic Host Process for Win32 Services has encountered a
Problem and needs to close. We are sorry for the ....

For more information about this error click here
------------------------------------------------

After "click here"
------------------------------
Error signature
szAppName svchost.exe szAppVer 5.1.2600.5512 szModName:msi.dll
szModVer 4.5.6001.22159 offset:00117177

To view technical information......click here
--------------------------------------------------

After "click here"
------------------------------------
Error Report Content
The follinw titles will be included in this error report
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER7cd9.dir00\svchost.exe.mdmp
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER7cd9.dir00\appcompat.txt
-------------------------------------------------------------------------



----
DDS.txt
----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dell at 21:24:20.98 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.554 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [D-Link Air USB Utility] "c:\program files\d-link\air usb utility\AirCFG.exe"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1284914214984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\sgndbwfs.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\videolan\vlc1.1.4\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-25 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2008-7-25 636502]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-18 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-27 04:20:07 0 ----a-w- c:\documents and settings\dell\defogger_reenable
2010-09-27 02:30:13 0 d-----w- C:\WINSSLog
2010-09-25 23:30:43 38848 ----a-w- c:\windows\avastSS.scr
2010-09-25 23:30:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-25 22:38:28 0 d-----w- c:\program files\NirSoft
2010-09-24 23:53:21 0 d-----w- c:\program files\Microsoft Security Essentials
2010-09-24 23:11:25 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-09-24 23:11:25 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-09-24 23:11:18 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-09-24 21:57:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-09-24 19:41:13 0 d-sha-r- C:\cmdcons
2010-09-24 19:39:52 98816 ----a-w- c:\windows\sed.exe
2010-09-24 19:39:52 77312 ----a-w- c:\windows\MBR.exe
2010-09-24 19:39:52 256512 ----a-w- c:\windows\PEV.exe
2010-09-24 19:39:52 161792 ----a-w- c:\windows\SWREG.exe
2010-09-24 17:49:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 17:43:56 0 d-sh--w- c:\documents and settings\dell\IECompatCache
2010-09-24 05:55:56 0 d-----w- c:\windows\Performance
2010-09-24 05:55:07 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-24 01:38:28 97792 ----a-w- c:\windows\system32\LGUICOM.DLL
2010-09-24 01:38:28 3568 ----a-w- c:\windows\system32\LMOUSE16.DLL
2010-09-24 01:38:28 16896 ----a-w- c:\windows\system32\LMOUSE32.DLL
2010-09-24 01:38:28 104960 ----a-w- c:\windows\system32\COMNCTR.DLL
2010-09-24 01:38:28 0 d-----w- c:\program files\common files\Logitech
2010-09-24 01:38:26 70801 ----a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2010-09-24 01:38:26 25505 ------w- c:\windows\system32\drivers\LHIDFLT2.SYS
2010-09-24 01:38:26 23375 ----a-w- c:\windows\system32\LCoInst.Dll
2010-09-24 01:38:26 19968 ------w- c:\windows\LOGI_MWX.EXE
2010-09-24 01:38:26 152064 ------w- c:\windows\system32\lmoufrc.dll
2010-09-24 01:38:25 51729 ----a-w- c:\windows\system32\drivers\L8042pr2.Sys
2010-09-24 01:38:25 37887 ------w- c:\windows\system32\drivers\LHIDUSB.SYS
2010-09-24 01:38:25 14095 ------w- c:\windows\system32\drivers\LCCFLTR.SYS
2010-09-21 00:48:59 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2010-09-21 00:46:22 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-09-21 00:45:47 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-09-19 21:50:56 420352 ----a-w- c:\windows\system32\SET1E.tmp
2010-09-19 21:44:06 0 d-sh--w- c:\documents and settings\dell\PrivacIE
2010-09-19 21:42:29 0 d-sh--w- c:\documents and settings\dell\IETldCache
2010-09-19 21:40:48 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-19 21:40:32 0 d-----w- c:\windows\ie8updates
2010-09-19 21:39:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-19 21:39:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-19 21:39:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-19 21:37:37 0 dc-h--w- c:\windows\ie8
2010-09-19 03:56:05 0 d-----w- c:\windows\pss
2010-09-19 02:54:46 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-09-19 02:54:38 0 d-----w- c:\program files\VS Revo Group
2010-09-19 02:38:48 0 d-----w- c:\windows\system32\CatRoot2
2010-09-18 23:49:12 0 d-----w- C:\e28233143046b63d0d0463
2010-09-18 03:47:08 0 d-----w- C:\4c4ea43c08a618f5dbcec9ddc1
2010-09-16 00:23:05 0 d-----w- c:\program files\common files\xing shared
2010-09-07 15:28:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-09-03 01:20:52 0 d-----w- c:\program files\iPod
2010-09-03 01:20:46 0 d-----w- c:\program files\iTunes
2010-08-29 00:48:57 0 d-----w- c:\program files\Kyocera Wireless Corp

==================== Find3M ====================

2010-09-16 00:20:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 00:20:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2009-11-17 17:33:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009111720091118\index.dat

============= FINISH: 21:24:48.68 ===============

oops, I just got an iTunes update notice, and clicked yes, it downloaded but I stopped it before the install.
This may screw up the logs I sent, but I hope not.

chris_in_cal

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 27 September 2010 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 01 October 2010 - 01:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 01 October 2010 - 10:21 AM

Hi Gringo,

Thanks for working with me.

I had eight error messages while running DDS. The first was a box saying
(efPathS.exe had problems and click close) then there were seven in a row saying:
(exP.exe had problems ...) clicking all eight of these the script continued to completion.

No log files were created for DDS.

Here is the RKUnhooker log "Report.txt"
----------------------------------------------
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF746E000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF72E0000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF70FA000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7239000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF764D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA539000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7060000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA66C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA99A2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF71D1000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF7402000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF777E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9AE9000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7620000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA5A9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7211000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xAA5F6000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA512000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xAA646000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF71AD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7436000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF73DF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA5D4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7716000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF774E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7606000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7736000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA432000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAA173000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF76ED000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF70CF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9D26000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF70E6000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF745A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA6C5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF76DA000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7704000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF776D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF70BE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF78DD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF79DD000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF79AD000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF79BD000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF797D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF79ED000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA033000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF784D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF780D000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF798D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79FD000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF77ED000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF799D000 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys 49152 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xF7A1D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78BD000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF79CD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF77DD000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7A0D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF787D000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF77CD000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF783D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7A3D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF77FD000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF78ED000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF796D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7A2D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF789D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAA4A2000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF788D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B05000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B9D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AFD000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B15000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B85000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7A4D000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BAD000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7B2D000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7B5D000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B1D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7AE5000 C:\WINDOWS\system32\NIOC.SYS 24576 bytes (D-Link Corporation, NIOC (NT5) Driver )
0xF7AF5000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B8D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BA5000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7B75000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7B95000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A55000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B45000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B55000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7B3D000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BC5000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7C89000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7CA5000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA31E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C65000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7C95000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAA42E000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7BDD000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAA70C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7C81000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA9B1E000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7C99000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF75BD000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D11000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D1D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D0F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7CD1000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7CCD000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D13000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D51000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D17000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D09000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D0D000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7CCF000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F08000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DF1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7DB3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D95000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================




#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 01 October 2010 - 11:50 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 01 October 2010 - 12:52 PM

ComboFix seems to have run smoothly, the log is below.
After it ran I opened IE8 and clicked to watch an episode of The Office
http://www.hulu.com/watch/178526/the-offic...tism#s-p1-so-i0

It began, then IE8 popped a box saying there is an error on the tab
and it needs to restart. This has been happening for about a week.
It has never happened before. (If things are as usual the last couple
of weeks there will be many other little crashes and errors.)

One other thing, this morning I woke up my computer and it seemed
to have been frozen with the screen blacked out. I did a hard reboot.

After boot up I went to open this browser and got a BSOD. After
another reboot it has been running for a few hours now.

I have "BlueScreenView" so if you want any BSOD reports I can add them.

A question: I fully removed MSE, why are there remnants showing on these
logs. It doesn't appear anywhere on my desktop, toolbar, or control panel?

Here is the combofix log:
------------------------------------
ComboFix 10-09-30.05 - Dell 10/01/2010 10:36:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.544 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\gringo\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4

.
((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-29 10:00 . 2010-09-29 10:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-29 00:17 . 2010-09-29 00:17 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 2
2010-09-27 02:30 . 2010-09-27 02:30 -------- d-----w- C:\WINSSLog
2010-09-25 23:30 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-25 23:30 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-25 23:30 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-25 23:30 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-25 23:30 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-25 23:30 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-25 23:30 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-25 23:30 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-25 23:30 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-25 23:30 . 2010-09-25 23:30 -------- d-----w- c:\program files\Alwil Software
2010-09-25 23:30 . 2010-09-25 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-25 22:38 . 2010-09-25 22:38 -------- d-----w- c:\program files\NirSoft
2010-09-24 23:53 . 2010-09-25 21:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-24 23:11 . 2001-08-17 19:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-09-24 23:11 . 2001-08-17 19:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-09-24 23:11 . 2001-08-17 21:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-09-24 20:25 . 2010-09-24 20:25 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ahead
2010-09-24 17:49 . 2010-09-24 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 17:43 . 2010-09-24 17:43 -------- d-sh--w- c:\documents and settings\Dell\IECompatCache
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\windows\Performance
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Microsoft Corporation
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-22 21:32 . 2010-08-12 08:52 85464 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-09-22 21:32 . 2010-08-12 08:52 38872 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-09-21 03:06 . 2010-09-21 03:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-21 00:48 . 2001-08-17 19:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2010-09-21 00:46 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-09-21 00:45 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-09-19 21:44 . 2010-09-19 21:44 -------- d-sh--w- c:\documents and settings\Dell\PrivacIE
2010-09-19 21:43 . 2010-09-19 21:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-19 21:42 . 2010-09-19 21:42 -------- d-sh--w- c:\documents and settings\Dell\IETldCache
2010-09-19 21:40 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-19 21:40 . 2010-09-19 21:52 -------- d-----w- c:\windows\ie8updates
2010-09-19 21:39 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-19 21:39 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-19 21:39 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-19 21:37 . 2010-09-19 21:39 -------- dc-h--w- c:\windows\ie8
2010-09-19 02:55 . 2010-09-19 02:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\VS Revo Group
2010-09-19 02:54 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-09-19 02:54 . 2010-09-19 02:54 -------- d-----w- c:\program files\VS Revo Group
2010-09-19 02:38 . 2010-10-01 17:36 -------- d-----w- c:\windows\system32\CatRoot2
2010-09-18 23:49 . 2010-09-18 23:49 -------- d-----w- C:\e28233143046b63d0d0463
2010-09-18 18:32 . 2010-09-18 18:32 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Mozilla
2010-09-18 03:47 . 2010-09-18 03:48 -------- d-----w- C:\4c4ea43c08a618f5dbcec9ddc1
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-16 00:25 . 2010-09-16 00:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-16 00:25 . 2010-09-16 00:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-16 00:25 . 2010-09-16 00:25 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-16 00:25 . 2010-09-16 00:25 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-16 00:23 . 2010-09-16 00:23 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-16 00:13 . 2010-09-16 00:13 497160 ----a-w- c:\documents and settings\Dell\Application Data\Real\RealPlayer\setup\AU_setup17.exe
2010-09-07 15:28 . 2010-09-07 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-09-07 03:27 . 2010-09-07 03:27 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\PackageAware
2010-09-03 01:20 . 2010-09-03 01:20 -------- d-----w- c:\program files\iPod
2010-09-03 01:20 . 2010-09-03 01:22 -------- d-----w- c:\program files\iTunes
2010-09-03 01:13 . 2010-09-03 01:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 10:48 . 2010-02-06 05:00 -------- d-----w- c:\documents and settings\Dell\Application Data\uTorrent
2010-09-30 15:24 . 2010-03-30 19:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-26 23:03 . 2010-01-25 08:12 -------- d-----w- c:\program files\DivX
2010-09-25 01:15 . 2010-02-06 05:01 -------- d-----w- c:\program files\uTorrent
2010-09-24 23:41 . 2008-06-26 03:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 17:49 . 2009-11-30 21:08 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2010-09-24 17:49 . 2009-11-16 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 01:38 . 2010-09-24 01:38 -------- d-----w- c:\program files\Common Files\Logitech
2010-09-24 01:38 . 2010-09-24 01:38 -------- d-----w- c:\program files\Logitech
2010-09-19 03:25 . 2008-06-26 05:14 -------- d-----w- c:\program files\MUSICMATCH
2010-09-19 03:15 . 2008-07-25 22:20 -------- d-----w- c:\program files\Common Files\HP
2010-09-19 03:14 . 2008-07-25 22:17 -------- d-----w- c:\program files\HP
2010-09-19 02:41 . 2008-06-26 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-18 03:51 . 2010-09-01 01:35 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-09-16 00:25 . 2010-03-17 19:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-16 00:24 . 2010-03-17 19:51 -------- d-----w- c:\program files\Common Files\Real
2010-09-16 00:23 . 2010-03-17 19:51 -------- d-----w- c:\program files\Real
2010-09-16 00:20 . 2010-03-17 19:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 00:20 . 2007-01-03 04:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-07 17:33 . 2009-11-16 23:08 -------- d-----w- c:\program files\CCleaner
2010-09-03 01:20 . 2008-10-14 03:06 -------- d-----w- c:\program files\Common Files\Apple
2010-09-01 01:27 . 2010-03-16 15:41 -------- d-----w- c:\program files\VideoLAN
2010-08-29 00:48 . 2010-08-29 00:48 -------- d-----w- c:\program files\Kyocera Wireless Corp
2010-08-26 15:32 . 2010-08-26 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 15:31 . 2010-01-22 05:08 -------- d-----w- c:\program files\Java
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 03:18 . 2010-04-01 00:43 -------- d-----w- c:\program files\QuickTime
2010-08-05 21:16 . 2010-08-05 21:16 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\msvcp71.dll
2010-08-05 21:16 . 2010-08-05 21:16 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\jmc.dll
2010-08-05 21:16 . 2010-08-05 21:16 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\msvcr71.dll
2010-08-05 21:16 . 2010-08-05 21:16 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6726faa0-n\decora-sse.dll
2010-08-05 21:16 . 2010-08-05 21:16 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6726faa0-n\decora-d3d.dll
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-17 21:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00 . 2010-04-23 03:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 03:56 . 2009-12-09 02:51 70608 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 4CBE9A3902D6ABA680C052EBD93FD284 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[7] 2004-08-12 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_19.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-10-01 14:09 . 2010-10-01 14:09 16384 c:\windows\Temp\Perflib_Perfdata_378.dat
+ 2008-06-26 20:39 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-06-26 20:39 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2010-06-04 06:13 . 2010-09-02 02:40 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 06:13 . 2010-09-29 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-09-26 00:41 . 2010-09-26 00:41 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2010-09-26 00:41 . 2010-09-26 00:41 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
+ 2008-04-14 13:41 . 2008-04-14 13:41 102509 c:\windows\system32\dllcache\fp4atxt.dll
+ 2010-09-27 03:14 . 2010-09-27 03:14 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
+ 2010-09-25 23:30 . 2010-09-25 23:30 219648 c:\windows\Installer\3cc64f.msi
+ 2010-09-24 23:53 . 2010-09-24 23:53 272384 c:\windows\Installer\2071a.msi
+ 2010-09-24 23:53 . 2010-09-24 23:53 301056 c:\windows\Installer\20710.msi
+ 2010-09-03 01:22 . 2010-09-29 00:17 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
- 2010-09-03 01:22 . 2010-09-16 20:01 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
+ 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-09-29 10:00 . 2010-09-29 10:00 20303872 c:\windows\Installer\187a1d9.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-16 202256]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/25/2010 4:30 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/25/2010 4:30 PM 17744]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [7/25/2008 5:06 PM 636502]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/18/2010 7:54 PM 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 7:06 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-57989841-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-57989841-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VideoLAN\VLC1.1.4\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-MsMpSvc



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 10:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-01 10:43:08
ComboFix-quarantined-files.txt 2010-10-01 17:43
ComboFix2.txt 2010-09-24 19:47

Pre-Run: 24,819,781,632 bytes free
Post-Run: 24,888,684,544 bytes free

- - End Of File - - F0DE8DEAFCF76818A5408F6A626E31B8


#6 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 01 October 2010 - 01:08 PM

Firefox crashed repeatedly, I did a reboot, which has helped in the past.

Upon reboot two error boxes popped up:

1) "Outlook Express" - To free up disc space, Outlook Express can compact messages.
This may take a few minutes. <"ok", "cancel>

---I don't run or use Outlook Express

2) "Spooler SubSystem App" - Spooler Subsystem APp has encountered a problem and needs to close.
We are sorry for the inconvenience. <"debug", "close">

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 01 October 2010 - 09:51 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.



Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 01 October 2010 - 10:52 PM

Thanks again Gringo_pr,

I am still getting the "Outlook would I like to compact files" message on boot up.

Firefox crashed once while on the Malwarebytes site just before I downloaded it,
it D/L successfully the second time.

When running Malwarebytes I got a BSOD, upon reboot I ran it again and it completed.
I can include the BlueScreenView log if it will help.



------ Malwarebytes Log ---------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/1/2010 8:40:01 PM
mbam-log-2010-10-01 (20-40-01).txt

Scan type: Quick scan
Objects scanned: 133936
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------------------

----------------- Hijackthis Log -----------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:39 PM, on 10/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [D-Link Air USB Utility] "C:\Program Files\D-Link\Air USB Utility\AirCFG.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1284914214984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 6650 bytes


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 01 October 2010 - 11:03 PM

let me see the BlueScreenView log. I am not seeing any maleware to cause the bluescreens


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 02 October 2010 - 12:49 AM

==================================================
Filename : hal.dll
Address In Stack : hal.dll+2a4c
From Address : 0x806ff000
To Address : 0x8071fd00
Size : 0x00020d00
Time Stamp : 0x4802517f
Time String : 4/13/2008 11:31:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\hal.dll
==================================================

==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+11dc4
From Address : 0x804d7000
To Address : 0x806ff000
Size : 0x00228000
Time Stamp : 0x4bd6eda6
Time String : 4/27/2010 6:59:02 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\ntoskrnl.exe
==================================================

==================================================
Filename : kdcom.dll
Address In Stack :
From Address : 0xf7ccd000
To Address : 0xf7cceb80
Size : 0x00001b80
Time Stamp : 0x3b7d8346
Time String : 8/17/2001 1:49:10 PM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Debugger HW Extension DLL
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\kdcom.dll
==================================================

==================================================
Filename : BOOTVID.dll
Address In Stack :
From Address : 0xf7bdd000
To Address : 0xf7be0000
Size : 0x00003000
Time Stamp : 0x3b7d8345
Time String : 8/17/2001 1:49:09 PM
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\BOOTVID.dll
==================================================

==================================================
Filename : ACPI.sys
Address In Stack :
From Address : 0xf777e000
To Address : 0xf77abd80
Size : 0x0002dd80
Time Stamp : 0x480252b1
Time String : 4/13/2008 11:36:33 AM
Product Name : Microsoft® Windows® Operating System
File Description : ACPI Driver for NT
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ACPI.sys
==================================================

==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : 0xf7ccf000
To Address : 0xf7cd0100
Size : 0x00001100
Time Stamp : 0x3b7d878b
Time String : 8/17/2001 2:07:23 PM
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\WMILIB.SYS
==================================================

==================================================
Filename : pci.sys
Address In Stack :
From Address : 0xf776d000
To Address : 0xf777da80
Size : 0x00010a80
Time Stamp : 0x480252bb
Time String : 4/13/2008 11:36:43 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Plug and Play PCI Enumerator
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\pci.sys
==================================================

==================================================
Filename : isapnp.sys
Address In Stack :
From Address : 0xf77cd000
To Address : 0xf77d6180
Size : 0x00009180
Time Stamp : 0x480252b8
Time String : 4/13/2008 11:36:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : PNP ISA Bus Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\isapnp.sys
==================================================

==================================================
Filename : PCIIde.sys
Address In Stack :
From Address : 0xf7d95000
To Address : 0xf7d95d00
Size : 0x00000d00
Time Stamp : 0x3b7d83e5
Time String : 8/17/2001 1:51:49 PM
Product Name : Microsoft® Windows® Operating System
File Description : Generic PCI IDE Bus Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\PCIIde.sys
==================================================

==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : 0xf7a4d000
To Address : 0xf7a53180
Size : 0x00006180
Time Stamp : 0x4802539d
Time String : 4/13/2008 11:40:29 AM
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\PCIIDEX.SYS
==================================================

==================================================
Filename : intelide.sys
Address In Stack :
From Address : 0xf7cd1000
To Address : 0xf7cd2580
Size : 0x00001580
Time Stamp : 0x4802539d
Time String : 4/13/2008 11:40:29 AM
Product Name : Microsoft® Windows® Operating System
File Description : Intel PCI IDE Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\intelide.sys
==================================================

==================================================
Filename : MountMgr.sys
Address In Stack :
From Address : 0xf77dd000
To Address : 0xf77e7580
Size : 0x0000a580
Time Stamp : 0x48025371
Time String : 4/13/2008 11:39:45 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mount Manager
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\MountMgr.sys
==================================================

==================================================
Filename : ftdisk.sys
Address In Stack :
From Address : 0xf774e000
To Address : 0xf776c880
Size : 0x0001e880
Time Stamp : 0x3b7d8419
Time String : 8/17/2001 1:52:41 PM
Product Name : Microsoft® Windows® Operating System
File Description : FT Disk Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ftdisk.sys
==================================================

==================================================
Filename : PartMgr.sys
Address In Stack :
From Address : 0xf7a55000
To Address : 0xf7a59d00
Size : 0x00004d00
Time Stamp : 0x480253b0
Time String : 4/13/2008 11:40:48 AM
Product Name : Microsoft® Windows® Operating System
File Description : Partition Manager
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\PartMgr.sys
==================================================

==================================================
Filename : VolSnap.sys
Address In Stack :
From Address : 0xf77ed000
To Address : 0xf77f9c80
Size : 0x0000cc80
Time Stamp : 0x480253bc
Time String : 4/13/2008 11:41:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Shadow Copy Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\VolSnap.sys
==================================================

==================================================
Filename : atapi.sys
Address In Stack :
From Address : 0xf7736000
To Address : 0xf774d900
Size : 0x00017900
Time Stamp : 0x4802539d
Time String : 4/13/2008 11:40:29 AM
Product Name : Microsoft® Windows® Operating System
File Description : IDE/ATAPI Port Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\atapi.sys
==================================================

==================================================
Filename : disk.sys
Address In Stack :
From Address : 0xf77fd000
To Address : 0xf7805e00
Size : 0x00008e00
Time Stamp : 0x480253ae
Time String : 4/13/2008 11:40:46 AM
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\disk.sys
==================================================

==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : 0xf780d000
To Address : 0xf7819180
Size : 0x0000c180
Time Stamp : 0x48025c05
Time String : 4/13/2008 12:16:21 PM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\CLASSPNP.SYS
==================================================

==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : 0xf7716000
To Address : 0xf7735b00
Size : 0x0001fb00
Time Stamp : 0x480251da
Time String : 4/13/2008 11:32:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Filesystem Filter Manager
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\fltmgr.sys
==================================================

==================================================
Filename : sr.sys
Address In Stack :
From Address : 0xf7704000
To Address : 0xf7715f00
Size : 0x00011f00
Time Stamp : 0x480252c2
Time String : 4/13/2008 11:36:50 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Restore Filesystem Filter Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\sr.sys
==================================================

==================================================
Filename : KSecDD.sys
Address In Stack :
From Address : 0xf76ed000
To Address : 0xf7703b00
Size : 0x00016b00
Time Stamp : 0x4a420b90
Time String : 6/24/2009 4:18:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\KSecDD.sys
==================================================

==================================================
Filename : WudfPf.sys
Address In Stack :
From Address : 0xf76da000
To Address : 0xf76ecf00
Size : 0x00012f00
Time Stamp : 0x451c7d1f
Time String : 9/28/2006 6:55:43 PM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Driver Foundation - User-mode Driver Framework Platform Driver
File Version : 6.0.5716.32 (winmain(wmbla).060928-1756)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\WudfPf.sys
==================================================

==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : 0xf764d000
To Address : 0xf76d9600
Size : 0x0008c600
Time Stamp : 0x48025be5
Time String : 4/13/2008 12:15:49 PM
Product Name : Microsoft® Windows® Operating System
File Description : NT File System Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Ntfs.sys
==================================================

==================================================
Filename : NDIS.sys
Address In Stack :
From Address : 0xf7620000
To Address : 0xf764c980
Size : 0x0002c980
Time Stamp : 0x48025d03
Time String : 4/13/2008 12:20:35 PM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 5.1 wrapper driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\NDIS.sys
==================================================

==================================================
Filename : Mup.sys
Address In Stack :
From Address : 0xf7606000
To Address : 0xf761fb80
Size : 0x00019b80
Time Stamp : 0x48025c31
Time String : 4/13/2008 12:17:05 PM
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Mup.sys
==================================================

==================================================
Filename : intelppm.sys
Address In Stack :
From Address : 0xf79cd000
To Address : 0xf79d5e00
Size : 0x00008e00
Time Stamp : 0x48025183
Time String : 4/13/2008 11:31:31 AM
Product Name : Microsoft® Windows® Operating System
File Description : Processor Device Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\intelppm.sys
==================================================

==================================================
Filename : ialmnt5.sys
Address In Stack :
From Address : 0xf746e000
To Address : 0xf75ac0a0
Size : 0x0013e0a0
Time Stamp : 0x43503c04
Time String : 10/14/2005 4:15:16 PM
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
File Description : Intel Graphics Miniport Driver
File Version : 6.14.10.4410
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\drivers\ialmnt5.sys
==================================================

==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : 0xf745a000
To Address : 0xf746df00
Size : 0x00013f00
Time Stamp : 0x48025497
Time String : 4/13/2008 11:44:39 AM
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\VIDEOPRT.SYS
==================================================

==================================================
Filename : usbuhci.sys
Address In Stack :
From Address : 0xf7aed000
To Address : 0xf7af2080
Size : 0x00005080
Time Stamp : 0x480254ce
Time String : 4/13/2008 11:45:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : UHCI USB Miniport Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\usbuhci.sys
==================================================

==================================================
Filename : USBPORT.SYS
Address In Stack :
From Address : 0xf7436000
To Address : 0xf7459200
Size : 0x00023200
Time Stamp : 0x480254ce
Time String : 4/13/2008 11:45:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB 1.1 & 2.0 Port Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\USBPORT.SYS
==================================================

==================================================
Filename : usbehci.sys
Address In Stack :
From Address : 0xf7af5000
To Address : 0xf7afc600
Size : 0x00007600
Time Stamp : 0x480254ce
Time String : 4/13/2008 11:45:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : EHCI eUSB Miniport Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\usbehci.sys
==================================================

==================================================
Filename : HSFHWBS2.sys
Address In Stack :
From Address : 0xf7402000
To Address : 0xf7435d00
Size : 0x00033d00
Time Stamp : 0x3fb8d436
Time String : 11/17/2003 6:59:18 AM
Product Name : SoftK56 Modem Driver
File Description : HSF_HWB2 WDM driver
File Version : 7.06.00
Company : Conexant Systems, Inc.
Full Path : C:\WINDOWS\system32\drivers\HSFHWBS2.sys
==================================================

==================================================
Filename : ks.sys
Address In Stack :
From Address : 0xf73df000
To Address : 0xf7401700
Size : 0x00022700
Time Stamp : 0x48025c12
Time String : 4/13/2008 12:16:34 PM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel CSA Library
File Version : 5.3.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ks.sys
==================================================

==================================================
Filename : HSF_DP.sys
Address In Stack :
From Address : 0xf72e0000
To Address : 0xf73de800
Size : 0x000fe800
Time Stamp : 0x3fb8d37d
Time String : 11/17/2003 6:56:13 AM
Product Name : SoftK56 Modem Driver
File Description : HSF_DP driver
File Version : 7.06.00
Company : Conexant Systems, Inc.
Full Path : C:\WINDOWS\system32\drivers\HSF_DP.sys
==================================================

==================================================
Filename : HSF_CNXT.sys
Address In Stack :
From Address : 0xf7239000
To Address : 0xf72df300
Size : 0x000a6300
Time Stamp : 0x3fb8d3e8
Time String : 11/17/2003 6:58:00 AM
Product Name : SoftK56 Modem Driver
File Description : HSF_CNXT driver
File Version : 7.06.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\WINDOWS\system32\drivers\HSF_CNXT.sys
==================================================

==================================================
Filename : Modem.SYS
Address In Stack :
From Address : 0xf7afd000
To Address : 0xf7b04580
Size : 0x00007580
Time Stamp : 0x48025842
Time String : 4/13/2008 12:00:18 PM
Product Name : Microsoft® Windows® Operating System
File Description : Modem Device Driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Modem.SYS
==================================================

==================================================
Filename : e100b325.sys
Address In Stack :
From Address : 0xf7211000
To Address : 0xf7238c00
Size : 0x00027c00
Time Stamp : 0x42adf359
Time String : 6/13/2005 1:58:01 PM
Product Name : Intel® PRO/100 Adapter
File Description : Intel® PRO/100 Adapter NDIS 5.1 driver
File Version : 8.0.21.0 built by: WinDDK
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\drivers\e100b325.sys
==================================================

==================================================
Filename : smwdm.sys
Address In Stack :
From Address : 0xf71d1000
To Address : 0xf7210900
Size : 0x0003f900
Time Stamp : 0x41f94f88
Time String : 1/27/2005 1:31:04 PM
Product Name : SoundMAX Digital Audio Driver
File Description : SoundMAX Integrated Digital Audio
File Version : 5.12.01.5246
Company : Analog Devices, Inc.
Full Path : C:\WINDOWS\system32\drivers\smwdm.sys
==================================================

==================================================
Filename : portcls.sys
Address In Stack :
From Address : 0xf71ad000
To Address : 0xf71d0a80
Size : 0x00023a80
Time Stamp : 0x48025ccc
Time String : 4/13/2008 12:19:40 PM
Product Name : Microsoft® Windows® Operating System
File Description : Port Class (Class Driver for Port/Miniport Devices)
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\portcls.sys
==================================================

==================================================
Filename : drmk.sys
Address In Stack :
From Address : 0xf79dd000
To Address : 0xf79ebb00
Size : 0x0000eb00
Time Stamp : 0x480254b8
Time String : 4/13/2008 11:45:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Kernel DRM Descrambler Filter
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\drmk.sys
==================================================

==================================================
Filename : senfilt.sys
Address In Stack :
From Address : 0xf70fa000
To Address : 0xf71acf00
Size : 0x000b2f00
Time Stamp : 0x414a45cc
Time String : 9/16/2004 7:02:52 PM
Product Name :
File Description : Creative WDM Audio Driver
File Version : 5.10.00.3614
Company : Creative Technology Ltd.
Full Path : C:\WINDOWS\system32\drivers\senfilt.sys
==================================================

==================================================
Filename : fdc.sys
Address In Stack :
From Address : 0xf7b05000
To Address : 0xf7b05000
Size : 0x00000000
Time Stamp : 0x00000000
Time String :
Product Name : Microsoft® Windows® Operating System
File Description : Floppy Disk Controller Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\fdc.sys
==================================================

==================================================
Filename : i8042prt.sys
Address In Stack :
From Address : 0xf79ed000
To Address : 0xf79f9d00
Size : 0x0000cd00
Time Stamp : 0x48025c67
Time String : 4/13/2008 12:17:59 PM
Product Name : Microsoft® Windows® Operating System
File Description : i8042 Port Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\i8042prt.sys
==================================================

==================================================
Filename : L8042pr2.Sys
Address In Stack :
From Address : 0xf79fd000
To Address : 0xf7a08880
Size : 0x0000b880
Time Stamp : 0x3fe0b0a2
Time String : 12/17/2003 12:38:10 PM
Product Name : Logitech MouseWare™
File Description : Logitech PS/2 Mouse Filter Driver.
File Version : 9.79.24.0
Company : Logitech, Inc.
Full Path : C:\WINDOWS\system32\drivers\L8042pr2.Sys
==================================================

==================================================
Filename : LMouFlt2.Sys
Address In Stack :
From Address : 0xf7a0d000
To Address : 0xf7a1c760
Size : 0x0000f760
Time Stamp : 0x3fe0b0b3
Time String : 12/17/2003 12:38:27 PM
Product Name : Logitech MouseWare™
File Description : Logitech Filter Driver for Mouse Class.
File Version : 9.79.24.0
Company : Logitech, Inc.
Full Path : C:\WINDOWS\system32\drivers\LMouFlt2.Sys
==================================================

==================================================
Filename : mouclass.sys
Address In Stack :
From Address : 0xf7b0d000
To Address : 0xf7b12a00
Size : 0x00005a00
Time Stamp : 0x48025373
Time String : 4/13/2008 11:39:47 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mouse Class Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\mouclass.sys
==================================================

==================================================
Filename : parport.sys
Address In Stack :
From Address : 0xf70e6000
To Address : 0xf70f9900
Size : 0x00013900
Time Stamp : 0x48025389
Time String : 4/13/2008 11:40:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : Parallel Port Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\parport.sys
==================================================

==================================================
Filename : serial.sys
Address In Stack :
From Address : 0xf7a1d000
To Address : 0xf7a2cc00
Size : 0x0000fc00
Time Stamp : 0x48025be0
Time String : 4/13/2008 12:15:44 PM
Product Name : Microsoft® Windows® Operating System
File Description : Serial Device Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\serial.sys
==================================================

==================================================
Filename : serenum.sys
Address In Stack :
From Address : 0xf7c91000
To Address : 0xf7c94d80
Size : 0x00003d80
Time Stamp : 0x4802538c
Time String : 4/13/2008 11:40:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : Serial Port Enumerator
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\serenum.sys
==================================================

==================================================
Filename : imapi.sys
Address In Stack :
From Address : 0xf7a2d000
To Address : 0xf7a37480
Size : 0x0000a480
Time Stamp : 0x480253b9
Time String : 4/13/2008 11:40:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : IMAPI Kernel Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\imapi.sys
==================================================

==================================================
Filename : cdrom.sys
Address In Stack :
From Address : 0xf7a3d000
To Address : 0xf7a4c600
Size : 0x0000f600
Time Stamp : 0x480253ad
Time String : 4/13/2008 11:40:45 AM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI CD-ROM Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\cdrom.sys
==================================================

==================================================
Filename : redbook.sys
Address In Stack :
From Address : 0xf782d000
To Address : 0xf783b100
Size : 0x0000e100
Time Stamp : 0x4802539b
Time String : 4/13/2008 11:40:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : Redbook Audio Filter Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\redbook.sys
==================================================

==================================================
Filename : GEARAspiWDM.sys
Address In Stack :
From Address : 0xf7b15000
To Address : 0xf7b1a280
Size : 0x00005280
Time Stamp : 0x4a1151b5
Time String : 5/18/2009 5:16:53 AM
Product Name : CD DVD Filter
File Description : CD DVD Filter
File Version : 2.02.00.01
Company : GEAR Software Inc.
Full Path : C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
==================================================

==================================================
Filename : audstub.sys
Address In Stack :
From Address : 0xf7ef5000
To Address : 0xf7ef5c00
Size : 0x00000c00
Time Stamp : 0x3b7d85bc
Time String : 8/17/2001 1:59:40 PM
Product Name : Microsoft® Windows® Operating System
File Description : AudStub Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\audstub.sys
==================================================

==================================================
Filename : rasl2tp.sys
Address In Stack :
From Address : 0xf783d000
To Address : 0xf7849880
Size : 0x0000c880
Time Stamp : 0x48025ccf
Time String : 4/13/2008 12:19:43 PM
Product Name : Microsoft® Windows® Operating System
File Description : RAS L2TP mini-port/call-manager driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\rasl2tp.sys
==================================================

==================================================
Filename : ndistapi.sys
Address In Stack :
From Address : 0xf7c95000
To Address : 0xf7c97780
Size : 0x00002780
Time Stamp : 0x48025797
Time String : 4/13/2008 11:57:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 3.0 connection wrapper driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ndistapi.sys
==================================================

==================================================
Filename : ndiswan.sys
Address In Stack :
From Address : 0xf70cf000
To Address : 0xf70e5580
Size : 0x00016580
Time Stamp : 0x48025d09
Time String : 4/13/2008 12:20:41 PM
Product Name : Microsoft® Windows® Operating System
File Description : MS PPP Framing Driver (Strong Encryption)
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ndiswan.sys
==================================================

==================================================
Filename : raspppoe.sys
Address In Stack :
From Address : 0xf784d000
To Address : 0xf7857200
Size : 0x0000a200
Time Stamp : 0x4802579b
Time String : 4/13/2008 11:57:31 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS PPPoE mini-port/call-manager driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\raspppoe.sys
==================================================

==================================================
Filename : raspptp.sys
Address In Stack :
From Address : 0xf785d000
To Address : 0xf7868d00
Size : 0x0000bd00
Time Stamp : 0x48025cd3
Time String : 4/13/2008 12:19:47 PM
Product Name : Microsoft® Windows® Operating System
File Description : Peer-to-Peer Tunneling Protocol
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\raspptp.sys
==================================================

==================================================
Filename : TDI.SYS
Address In Stack :
From Address : 0xf7b1d000
To Address : 0xf7b21a80
Size : 0x00004a80
Time Stamp : 0x48025834
Time String : 4/13/2008 12:00:04 PM
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\TDI.SYS
==================================================

==================================================
Filename : psched.sys
Address In Stack :
From Address : 0xf70be000
To Address : 0xf70cee00
Size : 0x00010e00
Time Stamp : 0x48025764
Time String : 4/13/2008 11:56:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS QoS Packet Scheduler
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\psched.sys
==================================================

==================================================
Filename : msgpc.sys
Address In Stack :
From Address : 0xf786d000
To Address : 0xf7875900
Size : 0x00008900
Time Stamp : 0x48025760
Time String : 4/13/2008 11:56:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS General Packet Classifier
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\msgpc.sys
==================================================

==================================================
Filename : ptilink.sys
Address In Stack :
From Address : 0xf7b25000
To Address : 0xf7b29580
Size : 0x00004580
Time Stamp : 0x3b7d8371
Time String : 8/17/2001 1:49:53 PM
Product Name : Microsoft® Windows® Operating System
File Description : Parallel Technologies DirectParallel IO Library
File Version : 1.10 (XPClient.010817-1148)
Company : Parallel Technologies, Inc.
Full Path : C:\WINDOWS\system32\drivers\ptilink.sys
==================================================

==================================================
Filename : raspti.sys
Address In Stack :
From Address : 0xf7b2d000
To Address : 0xf7b31080
Size : 0x00004080
Time Stamp : 0x3b7d84c4
Time String : 8/17/2001 1:55:32 PM
Product Name : Microsoft® Windows® Operating System
File Description : PTI DirectParallel® mini-port/call-manager driver
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\raspti.sys
==================================================

==================================================
Filename : termdd.sys
Address In Stack :
From Address : 0xf787d000
To Address : 0xf7886f00
Size : 0x00009f00
Time Stamp : 0x4802532c
Time String : 4/13/2008 11:38:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Terminal Server Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\termdd.sys
==================================================

==================================================
Filename : kbdclass.sys
Address In Stack :
From Address : 0xf7b35000
To Address : 0xf7b3b000
Size : 0x00006000
Time Stamp : 0x48025372
Time String : 4/13/2008 11:39:46 AM
Product Name : Microsoft® Windows® Operating System
File Description : Keyboard Class Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\kbdclass.sys
==================================================

==================================================
Filename : swenum.sys
Address In Stack :
From Address : 0xf7cf3000
To Address : 0xf7cf4100
Size : 0x00001100
Time Stamp : 0x48025378
Time String : 4/13/2008 11:39:52 AM
Product Name : Microsoft® Windows® Operating System
File Description : Plug and Play Software Device Enumerator
File Version : 5.3.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\swenum.sys
==================================================

==================================================
Filename : update.sys
Address In Stack :
From Address : 0xf7060000
To Address : 0xf70bdf00
Size : 0x0005df00
Time Stamp : 0x48025372
Time String : 4/13/2008 11:39:46 AM
Product Name : Microsoft® Windows® Operating System
File Description : Update Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\update.sys
==================================================

==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : 0xf7ca1000
To Address : 0xf7ca4c80
Size : 0x00003c80
Time Stamp : 0x480252bd
Time String : 4/13/2008 11:36:45 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\mssmbios.sys
==================================================

==================================================
Filename : NDProxy.SYS
Address In Stack :
From Address : 0xf789d000
To Address : 0xf78a6e80
Size : 0x00009e80
Time Stamp : 0x48025798
Time String : 4/13/2008 11:57:28 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS Proxy
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\NDProxy.SYS
==================================================

==================================================
Filename : usbhub.sys
Address In Stack :
From Address : 0xf78cd000
To Address : 0xf78db880
Size : 0x0000e880
Time Stamp : 0x480254d0
Time String : 4/13/2008 11:45:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Default Hub Driver for USB
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\usbhub.sys
==================================================

==================================================
Filename : USBD.SYS
Address In Stack :
From Address : 0xf7cf5000
To Address : 0xf7cf6280
Size : 0x00001280
Time Stamp : 0x3b7d8682
Time String : 8/17/2001 2:02:58 PM
Product Name : Microsoft® Windows® Operating System
File Description : Universal Serial Bus Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\USBD.SYS
==================================================

==================================================
Filename : flpydisk.sys
Address In Stack :
From Address : 0xf7b45000
To Address : 0xf7b4a000
Size : 0x00005000
Time Stamp : 0x48025398
Time String : 4/13/2008 11:40:24 AM
Product Name : Microsoft® Windows® Operating System
File Description : Floppy Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\flpydisk.sys
==================================================

==================================================
Filename : Fs_Rec.SYS
Address In Stack :
From Address : 0xf7cff000
To Address : 0xf7d00f00
Size : 0x00001f00
Time Stamp : 0x3b7d8361
Time String : 8/17/2001 1:49:37 PM
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Fs_Rec.SYS
==================================================

==================================================
Filename : Null.SYS
Address In Stack :
From Address : 0xf7e34000
To Address : 0xf7e34b80
Size : 0x00000b80
Time Stamp : 0x3b7d82eb
Time String : 8/17/2001 1:47:39 PM
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Null.SYS
==================================================

==================================================
Filename : Beep.SYS
Address In Stack :
From Address : 0xf7d01000
To Address : 0xf7d02080
Size : 0x00001080
Time Stamp : 0x3b7d82e5
Time String : 8/17/2001 1:47:33 PM
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Beep.SYS
==================================================

==================================================
Filename : HIDPARSE.SYS
Address In Stack :
From Address : 0xf7b55000
To Address : 0xf7b5b180
Size : 0x00006180
Time Stamp : 0x480254c2
Time String : 4/13/2008 11:45:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Parsing Library
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\HIDPARSE.SYS
==================================================

==================================================
Filename : vga.sys
Address In Stack :
From Address : 0xf7b5d000
To Address : 0xf7b62200
Size : 0x00005200
Time Stamp : 0x48025498
Time String : 4/13/2008 11:44:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\vga.sys
==================================================

==================================================
Filename : mnmdd.SYS
Address In Stack :
From Address : 0xf7d03000
To Address : 0xf7d04080
Size : 0x00001080
Time Stamp : 0x3b7d8538
Time String : 8/17/2001 1:57:28 PM
Product Name : Microsoft® Windows® Operating System
File Description : Frame buffer simulator
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\mnmdd.SYS
==================================================

==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : 0xf7d05000
To Address : 0xf7d06080
Size : 0x00001080
Time Stamp : 0x3b7d82c0
Time String : 8/17/2001 1:46:56 PM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\RDPCDD.sys
==================================================

==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : 0xf7b65000
To Address : 0xf7b69a80
Size : 0x00004a80
Time Stamp : 0x480251c6
Time String : 4/13/2008 11:32:38 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Msfs.SYS
==================================================

==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : 0xf7b6d000
To Address : 0xf7b74880
Size : 0x00007880
Time Stamp : 0x480251c6
Time String : 4/13/2008 11:32:38 AM
Product Name : Microsoft® Windows® Operating System
File Description : NPFS Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Npfs.SYS
==================================================

==================================================
Filename : rasacd.sys
Address In Stack :
From Address : 0xf75b1000
To Address : 0xf75b3280
Size : 0x00002280
Time Stamp : 0x3b7d84cb
Time String : 8/17/2001 1:55:39 PM
Product Name : Microsoft® Windows® Operating System
File Description : RAS Automatic Connection Driver
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\rasacd.sys
==================================================

==================================================
Filename : ipsec.sys
Address In Stack :
From Address : 0xaa6c5000
To Address : 0xaa6d7600
Size : 0x00012600
Time Stamp : 0x48025cce
Time String : 4/13/2008 12:19:42 PM
Product Name : Microsoft® Windows® Operating System
File Description : IPSec Driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ipsec.sys
==================================================

==================================================
Filename : tcpip.sys
Address In Stack :
From Address : 0xaa66c000
To Address : 0xaa6c4480
Size : 0x00058480
Time Stamp : 0x485b99ad
Time String : 6/20/2008 4:51:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Protocol Driver
File Version : 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\tcpip.sys
==================================================

==================================================
Filename : aswTdi.SYS
Address In Stack :
From Address : 0xf78fd000
To Address : 0xf7906c00
Size : 0x00009c00
Time Stamp : 0x4c8651a7
Time String : 9/7/2010 7:52:23 AM
Product Name : avast! Antivirus System
File Description : avast! TDI Filter Driver
File Version : 5.0.677.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\aswTdi.SYS
==================================================

==================================================
Filename : ipnat.sys
Address In Stack :
From Address : 0xaa646000
To Address : 0xaa66b500
Size : 0x00025500
Time Stamp : 0x48025786
Time String : 4/13/2008 11:57:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : IP Network Address Translator
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ipnat.sys
==================================================

==================================================
Filename : netbt.sys
Address In Stack :
From Address : 0xaa5f6000
To Address : 0xaa61dc00
Size : 0x00027c00
Time Stamp : 0x48025d1b
Time String : 4/13/2008 12:20:59 PM
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\netbt.sys
==================================================

==================================================
Filename : wanarp.sys
Address In Stack :
From Address : 0xf790d000
To Address : 0xf7915700
Size : 0x00008700
Time Stamp : 0x48025790
Time String : 4/13/2008 11:57:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\wanarp.sys
==================================================

==================================================
Filename : afd.sys
Address In Stack :
From Address : 0xaa5d4000
To Address : 0xaa5f5d00
Size : 0x00021d00
Time Stamp : 0x48a40333
Time String : 8/14/2008 3:04:35 AM
Product Name : Microsoft® Windows® Operating System
File Description : Ancillary Function Driver for WinSock
File Version : 5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\afd.sys
==================================================

==================================================
Filename : netbios.sys
Address In Stack :
From Address : 0xf791d000
To Address : 0xf7925780
Size : 0x00008780
Time Stamp : 0x48025741
Time String : 4/13/2008 11:56:01 AM
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\netbios.sys
==================================================

==================================================
Filename : rdbss.sys
Address In Stack :
From Address : 0xaa5a9000
To Address : 0xaa5d3e80
Size : 0x0002ae80
Time Stamp : 0x48025ee6
Time String : 4/13/2008 12:28:38 PM
Product Name : Microsoft® Windows® Operating System
File Description : Redirected Drive Buffering SubSystem Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\rdbss.sys
==================================================

==================================================
Filename : OMCI.SYS
Address In Stack :
From Address : 0xf7c71000
To Address : 0xf7c74240
Size : 0x00003240
Time Stamp : 0x3b83e111
Time String : 8/22/2001 9:42:57 AM
Product Name : OMCI Driver
File Description : OMCI Device Driver
File Version : 6, 1, 0, 242
Company : Dell Computer Corporation
Full Path : C:\WINDOWS\system32\drivers\OMCI.SYS
==================================================

==================================================
Filename : mrxsmb.sys
Address In Stack :
From Address : 0xaa539000
To Address : 0xaa5a8400
Size : 0x0006f400
Time Stamp : 0x4b852569
Time String : 2/24/2010 6:11:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT SMB Minirdr
File Version : 5.1.2600.5944 (xpsp_sp3_gdr.100224-1415)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\mrxsmb.sys
==================================================

==================================================
Filename : Fips.SYS
Address In Stack :
From Address : 0xf793d000
To Address : 0xf7947e00
Size : 0x0000ae00
Time Stamp : 0x480251f7
Time String : 4/13/2008 11:33:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : FIPS Crypto Driver
File Version : 5.1.2600.5512 (xpsp.080413-2113)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Fips.SYS
==================================================

==================================================
Filename : aswSP.SYS
Address In Stack :
From Address : 0xaa512000
To Address : 0xaa538c80
Size : 0x00026c80
Time Stamp : 0x4c865191
Time String : 9/7/2010 7:52:01 AM
Product Name : avast! Antivirus System
File Description : avast! self protection module
File Version : 5.0.677.0
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\aswSP.SYS
==================================================

==================================================
Filename : Aavmker4.SYS
Address In Stack :
From Address : 0xf7b7d000
To Address : 0xf7b82680
Size : 0x00005680
Time Stamp : 0x4c865059
Time String : 9/7/2010 7:46:49 AM
Product Name : avast! Antivirus System
File Description : avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP
File Version : 5.0.677.0
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\Aavmker4.SYS
==================================================

==================================================
Filename : Cdfs.SYS
Address In Stack :
From Address : 0xf795d000
To Address : 0xf796c900
Size : 0x0000f900
Time Stamp : 0x48025b8d
Time String : 4/13/2008 12:14:21 PM
Product Name : Microsoft® Windows® Operating System
File Description : CD-ROM File System Driver
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Cdfs.SYS
==================================================

==================================================
Filename : hidusb.sys
Address In Stack :
From Address : 0xaa71c000
To Address : 0xaa71e880
Size : 0x00002880
Time Stamp : 0x480254c7
Time String : 4/13/2008 11:45:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB Miniport Driver for Input Devices
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\hidusb.sys
==================================================

==================================================
Filename : HIDCLASS.SYS
Address In Stack :
From Address : 0xf796d000
To Address : 0xf7976000
Size : 0x00009000
Time Stamp : 0x480254c5
Time String : 4/13/2008 11:45:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Class Library
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\HIDCLASS.SYS
==================================================

==================================================
Filename : kbdhid.sys
Address In Stack :
From Address : 0xaa714000
To Address : 0xaa717900
Size : 0x00003900
Time Stamp : 0x48025373
Time String : 4/13/2008 11:39:47 AM
Product Name : Microsoft® Windows® Operating System
File Description : HID Mouse Filter Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\kbdhid.sys
==================================================

==================================================
Filename : dump_atapi.sys
Address In Stack :
From Address : 0xaa432000
To Address : 0xaa449900
Size : 0x00017900
Time Stamp : 0x4802539d
Time String : 4/13/2008 11:40:29 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_WMILIB.SYS
Address In Stack :
From Address : 0xf7d0d000
To Address : 0xf7d0e100
Size : 0x00001100
Time Stamp : 0x3b7d878b
Time String : 8/17/2001 2:07:23 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : win32k.sys
Address In Stack :
From Address : 0xbf800000
To Address : 0xbf9c4200
Size : 0x001c4200
Time Stamp : 0x4c220f9a
Time String : 6/23/2010 6:43:54 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multi-User Win32 Driver
File Version : 5.1.2600.6003 (xpsp_sp3_gdr.100623-1635)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\win32k.sys
==================================================

==================================================
Filename : Dxapi.sys
Address In Stack :
From Address : 0xaa6fc000
To Address : 0xaa6fe900
Size : 0x00002900
Time Stamp : 0x3b7d843f
Time String : 8/17/2001 1:53:19 PM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX API Driver
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\Dxapi.sys
==================================================

==================================================
Filename : watchdog.sys
Address In Stack :
From Address : 0xf7b9d000
To Address : 0xf7ba1500
Size : 0x00004500
Time Stamp : 0x480254ab
Time String : 4/13/2008 11:44:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\watchdog.sys
==================================================

==================================================
Filename : dxg.sys
Address In Stack :
From Address : 0xbf000000
To Address : 0xbf011600
Size : 0x00011600
Time Stamp : 0x48025323
Time String : 4/13/2008 11:38:27 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Driver
File Version : 5.1.2600.5512 (xpsp.080413-2105)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\dxg.sys
==================================================

==================================================
Filename : dxgthk.sys
Address In Stack :
From Address : 0xf7e91000
To Address : 0xf7e91d00
Size : 0x00000d00
Time Stamp : 0x3b7d8438
Time String : 8/17/2001 1:53:12 PM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Driver Thunk
File Version : 5.1.2600.0 (xpclient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\dxgthk.sys
==================================================

==================================================
Filename : ialmdnt5.dll
Address In Stack :
From Address : 0xbf020000
To Address : 0xbf042000
Size : 0x00022000
Time Stamp : 0x43503a0a
Time String : 10/14/2005 4:06:50 PM
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
File Description : Controller Hub for Intel Graphics Driver
File Version : 6.14.10.4410
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\ialmdnt5.dll
==================================================

==================================================
Filename : ialmrnt5.dll
Address In Stack :
From Address : 0xbf012000
To Address : 0xbf020000
Size : 0x0000e000
Time Stamp : 0x43503a10
Time String : 10/14/2005 4:06:56 PM
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
File Description : Controller Hub for Intel Graphics Driver
File Version : 6.14.10.4410
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\ialmrnt5.dll
==================================================

==================================================
Filename : ialmdev5.DLL
Address In Stack :
From Address : 0xbf042000
To Address : 0xbf0760a0
Size : 0x000340a0
Time Stamp : 0x435039fe
Time String : 10/14/2005 4:06:38 PM
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
File Description : Component GHAL Driver
File Version : 6.14.10.4410
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\ialmdev5.DLL
==================================================

==================================================
Filename : ialmdd5.DLL
Address In Stack :
From Address : 0xbf077000
To Address : 0xbf15a000
Size : 0x000e3000
Time Stamp : 0x43503bc6
Time String : 10/14/2005 4:14:14 PM
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
File Description : DirectDraw® Driver for Intel® Graphics Technology
File Version : 6.14.10.4410
Company : Intel Corporation
Full Path : C:\WINDOWS\system32\ialmdd5.DLL
==================================================

==================================================
Filename : ATMFD.DLL
Address In Stack :
From Address : 0xbffa0000
To Address : 0xbffe5c00
Size : 0x00045c00
Time Stamp : 0x4bcd3bdf
Time String : 4/19/2010 10:30:07 PM
Product Name : Adobe Type Manager
File Description : Windows NT OpenType/Type 1 Font Driver
File Version : 5.1 Build 228
Company : Adobe Systems Incorporated
Full Path : C:\WINDOWS\system32\ATMFD.DLL
==================================================

==================================================
Filename : aswFsBlk.SYS
Address In Stack :
From Address : 0xaa42a000
To Address : 0xaa42cb00
Size : 0x00002b00
Time Stamp : 0x4c865069
Time String : 9/7/2010 7:47:05 AM
Product Name : avast! Antivirus System
File Description : avast! File System Access Blocking Driver
File Version : 5.0.677.0
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\aswFsBlk.SYS
==================================================

==================================================
Filename : ndisuio.sys
Address In Stack :
From Address : 0xaa316000
To Address : 0xaa319900
Size : 0x00003900
Time Stamp : 0x4802573d
Time String : 4/13/2008 11:55:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS User mode I/O Driver
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ndisuio.sys
==================================================

==================================================
Filename : aswMon2.SYS
Address In Stack :
From Address : 0xaa173000
To Address : 0xaa189d00
Size : 0x00016d00
Time Stamp : 0x4c865075
Time String : 9/7/2010 7:47:17 AM
Product Name : avast! Antivirus System
File Description : avast! File System Filter Driver for Windows XP
File Version : 5.0.677.0
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\aswMon2.SYS
==================================================

==================================================
Filename : wdmaud.sys
Address In Stack :
From Address : 0xa9ede000
To Address : 0xa9ef2480
Size : 0x00014480
Time Stamp : 0x48025c3e
Time String : 4/13/2008 12:17:18 PM
Product Name : Microsoft® Windows® Operating System
File Description : MMSYSTEM Wave/Midi API mapper
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\wdmaud.sys
==================================================

==================================================
Filename : sysaudio.sys
Address In Stack :
From Address : 0xaa0b3000
To Address : 0xaa0c1d80
Size : 0x0000ed80
Time Stamp : 0x48025beb
Time String : 4/13/2008 12:15:55 PM
Product Name : Microsoft® Windows® Operating System
File Description : System Audio WDM Filter
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\sysaudio.sys
==================================================

==================================================
Filename : mrxdav.sys
Address In Stack :
From Address : 0xa9b11000
To Address : 0xa9b3d180
Size : 0x0002c180
Time Stamp : 0x480251ca
Time String : 4/13/2008 11:32:42 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT WebDav Minirdr
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\mrxdav.sys
==================================================

==================================================
Filename : ParVdm.SYS
Address In Stack :
From Address : 0xf7d63000
To Address : 0xf7d64a80
Size : 0x00001a80
Time Stamp : 0x3b7d836d
Time String : 8/17/2001 1:49:49 PM
Product Name : Microsoft® Windows® Operating System
File Description : VDM Parallel Driver
File Version : 5.1.2600.0 (XPClient.010817-1148)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\ParVdm.SYS
==================================================

==================================================
Filename : mdmxsdk.sys
Address In Stack :
From Address : 0xa9cd2000
To Address : 0xa9cd46c0
Size : 0x000026c0
Time Stamp : 0x3e948735
Time String : 4/9/2003 1:48:53 PM
Product Name : Diagnostic Interface
File Description : Diagnostic Interface DRIVER
File Version : 1.0.2.002
Company : Conexant
Full Path : C:\WINDOWS\system32\drivers\mdmxsdk.sys
==================================================

==================================================
Filename : NIOC.SYS
Address In Stack :
From Address : 0xf7bcd000
To Address : 0xf7bd2980
Size : 0x00005980
Time Stamp : 0x3d942196
Time String : 9/27/2002 2:15:02 AM
Product Name : NIOC (NT5) Driver
File Description : NIOC (NT5) Driver
File Version : 2.0.0.20927
Company : D-Link Corporation
Full Path : C:\WINDOWS\system32\NIOC.SYS
==================================================

==================================================
Filename : srv.sys
Address In Stack :
From Address : 0xa997a000
To Address : 0xa99d0800
Size : 0x00056800
Time Stamp : 0x4c1f84cd
Time String : 6/21/2010 8:27:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : Server driver
File Version : 5.1.2600.6002 (xpsp_sp3_gdr.100621-1828)
Company : Microsoft Corporation
Full Path : C:\WINDOWS\system32\drivers\srv.sys
==================================================

==================================================
Filename : aswRdr.SYS
Address In Stack :
From Address : 0xf7aa5000
To Address : 0xf7aa9100
Size : 0x00004100
Time Stamp : 0x4c865090
Time String : 9/7/2010 7:47:44 AM
Product Name : avast! Antivirus System
File Description : avast! TDI RDR Driver
File Version : 5.0.677.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\WINDOWS\system32\drivers\aswRdr.SYS
==================================================

==================================================
Filename : mbamswissarmy.sys
Address In Stack :
From Address : 0xf7a65000
To Address : 0xf7a6d000
Size : 0x00008000
Time Stamp : 0x4bd9bdda
Time String : 4/29/2010 10:11:54 AM
Product Name : Malwarebytes' Anti-Malware
File Description : Malwarebytes' Anti-Malware
File Version : 1.46.0.0000
Company : Malwarebytes Corporation
Full Path : C:\WINDOWS\system32\drivers\mbamswissarmy.sys
==================================================



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 02 October 2010 - 01:25 AM

Greetings

Don't see anything in there as to why you are getting the blue screens and don't see malware in there either

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
      O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
      O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
      O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brakets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 02 October 2010 - 03:38 AM

I did the Hijackthis cleanups you recommended.

I did ESET. The log is copied below

Why did both ComboFix and ESET say I was running MSE? I removed
the program and I don't see it anywhere on my desktop or start menus.
Where is MSE, and why is it showing up as an installed and running app?

----------- ESET log --------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a704d6bc2f89324c880b36450b47b3a3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-02 08:32:12
# local_time=2010-10-02 01:32:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 462158 462158 0 0
# compatibility_mode=1026 16777214 0 2 27509533 27509533 0 0
# compatibility_mode=5891 16776554 42 80 470997 15506572 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=51443
# found=0
# cleaned=0
# scan_time=2340


#13 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 02 October 2010 - 12:21 PM

I have the above question about MSE showing up in the ComboFix log and the ESET log. How can
I completely remove it, or if I did completely remove it why is it still showing up?

The other issue was the failure of DDS to run. What information do I get from that?
What am I missing by not having DDS run?

From post #3
-----------------
I had eight error messages while running DDS. The first was a box saying
(efPathS.exe had problems and click close) then there were seven in a row saying:
(exP.exe had problems ...) clicking all eight of these the script continued to completion.

No log files were created for DDS.
------------------

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 02 October 2010 - 11:11 PM

Hello

I have the above question about MSE showing up in the ComboFix log and the ESET log. How can
I completely remove it, or if I did completely remove it why is it still showing up?

Combofix only shows what WMI tells it about what security products are on board - sometimes when you uninstall something it don't get removed from this list (I will fix that soon)

The other issue was the failure of DDS to run. What information do I get from that?
What am I missing by not having DDS run?

Now why it did not run I don't know But I am sure it has to do with why you are having so many blue screens.
But the question is why you are having so many blue screens and that I don't know there is no malware showing up in the logs now so It might be something in the Operating system.

I know a few things to try but it is starting to get out of my area

1st lets remove the reference to MSE in the WMI

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
SecCenter::
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

run chkdsk
  • Got to Start, Run and type cmd and hit Enter
  • When the command window comes up, type: chkdsk c:
  • hit Enter again.
  • Maximize the command window, and wait for the scan to finish.
  • Read the results carefully to see if it says that it found problems with your file system.
IF it has found any problems with your file system,
  • Go To Start, Run and type cmd
  • hit Enter
  • Type this into the command window at the prompt:
      chkdsk c: /F <==notice the /F, with one space between c: and /F
  • hit Enter
  • You will get a message that the volume is locked, and a request to do the repair on Reboot.
  • Answer Y
  • Then type exit to close the Command window.
  • Go to Start, Turn Off Computer and choose Reboot
  • It will scan again and make the repairs as the first part of the reboot process.

After it reboots, run the first sequence again (without the /F parameter), and see if it still shows an error.
Tell me what it found originally, and if there was a problem, whether the final sequence showed no errors.
It's possible that the chkdsk c: /F sequence may have to be run on reboot twice to pick up everything.

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 03 October 2010 - 12:11 PM

I had a very hard time doing this. Both Combofix and chkdsk balked.

Combofix:

I ran it about seven times before it completed and kicked out a log. (copied below)
Running it gave me two BSODs, once it have PEV.cfxxe error, once grep.cfxxe error,
waiting for the log to pop up in notepad it froze. I left it overnight and
this morning I had to do a hard reboot. This last time it ran all the way
through.

Chkdsk:

I ran it without /F then a followup startup with /F about three or four times.
Each run gave messages about it not being fixed, and it needs more chkdsk.
I copied the message and it is copied below.

------------Combofix log---------------------
ComboFix 10-10-02.02 - Dell 10/03/2010 9:48.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.677 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-02 03:44 . 2010-10-02 03:44 388096 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-02 03:44 . 2010-10-02 03:44 -------- d-----w- c:\program files\Trend Micro
2010-10-02 03:26 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 03:26 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 18:01 . 2010-10-01 18:01 -------- d-----w- C:\spoolerlogs
2010-09-29 10:00 . 2010-09-29 10:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-29 00:17 . 2010-09-29 00:17 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 2
2010-09-27 02:30 . 2010-09-27 02:30 -------- d-----w- C:\WINSSLog
2010-09-25 23:30 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-25 23:30 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-25 23:30 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-25 23:30 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-25 23:30 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-25 23:30 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-25 23:30 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-25 23:30 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-25 23:30 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-25 23:30 . 2010-09-25 23:30 -------- d-----w- c:\program files\Alwil Software
2010-09-25 23:30 . 2010-09-25 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-25 22:38 . 2010-09-25 22:38 -------- d-----w- c:\program files\NirSoft
2010-09-24 23:53 . 2010-09-25 21:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-24 23:11 . 2001-08-17 19:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-09-24 23:11 . 2001-08-17 19:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-09-24 23:11 . 2001-08-17 21:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-09-24 20:25 . 2010-09-24 20:25 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ahead
2010-09-24 17:49 . 2010-10-02 03:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 17:43 . 2010-09-24 17:43 -------- d-sh--w- c:\documents and settings\Dell\IECompatCache
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\windows\Performance
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Microsoft Corporation
2010-09-24 05:55 . 2010-09-24 05:55 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-22 21:32 . 2010-08-12 08:52 85464 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-09-22 21:32 . 2010-08-12 08:52 38872 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-09-21 03:06 . 2010-09-21 03:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-21 00:48 . 2001-08-17 19:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2010-09-21 00:46 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-09-21 00:45 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-09-19 21:44 . 2010-09-19 21:44 -------- d-sh--w- c:\documents and settings\Dell\PrivacIE
2010-09-19 21:43 . 2010-09-19 21:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-19 21:42 . 2010-09-19 21:42 -------- d-sh--w- c:\documents and settings\Dell\IETldCache
2010-09-19 21:40 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-19 21:40 . 2010-09-19 21:52 -------- d-----w- c:\windows\ie8updates
2010-09-19 21:39 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-19 21:39 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-19 21:39 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-19 21:37 . 2010-09-19 21:39 -------- dc-h--w- c:\windows\ie8
2010-09-19 02:55 . 2010-09-19 02:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\VS Revo Group
2010-09-19 02:54 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-09-19 02:54 . 2010-09-19 02:54 -------- d-----w- c:\program files\VS Revo Group
2010-09-19 02:38 . 2010-10-03 16:47 -------- d-----w- c:\windows\system32\CatRoot2
2010-09-18 23:49 . 2010-09-18 23:49 -------- d-----w- C:\e28233143046b63d0d0463
2010-09-18 18:32 . 2010-09-18 18:32 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Mozilla
2010-09-18 03:47 . 2010-09-18 03:48 -------- d-----w- C:\4c4ea43c08a618f5dbcec9ddc1
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-16 00:25 . 2010-09-16 00:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-16 00:25 . 2010-09-16 00:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-16 00:25 . 2010-09-16 00:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-16 00:25 . 2010-09-16 00:25 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-16 00:25 . 2010-09-16 00:25 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-16 00:23 . 2010-09-16 00:23 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-16 00:13 . 2010-09-16 00:13 497160 ----a-w- c:\documents and settings\Dell\Application Data\Real\RealPlayer\setup\AU_setup17.exe
2010-09-07 15:28 . 2010-09-07 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-09-07 03:27 . 2010-09-07 03:27 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 04:17 . 2010-02-06 05:00 -------- d-----w- c:\documents and settings\Dell\Application Data\uTorrent
2010-09-30 15:24 . 2010-03-30 19:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-26 23:03 . 2010-01-25 08:12 -------- d-----w- c:\program files\DivX
2010-09-25 01:15 . 2010-02-06 05:01 -------- d-----w- c:\program files\uTorrent
2010-09-24 23:41 . 2008-06-26 03:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 17:49 . 2009-11-30 21:08 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2010-09-24 17:49 . 2009-11-16 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 01:38 . 2010-09-24 01:38 -------- d-----w- c:\program files\Common Files\Logitech
2010-09-24 01:38 . 2010-09-24 01:38 -------- d-----w- c:\program files\Logitech
2010-09-19 03:25 . 2008-06-26 05:14 -------- d-----w- c:\program files\MUSICMATCH
2010-09-19 03:15 . 2008-07-25 22:20 -------- d-----w- c:\program files\Common Files\HP
2010-09-19 03:14 . 2008-07-25 22:17 -------- d-----w- c:\program files\HP
2010-09-19 02:41 . 2008-06-26 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-18 03:51 . 2010-09-01 01:35 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-09-16 00:25 . 2010-03-17 19:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-16 00:24 . 2010-03-17 19:51 -------- d-----w- c:\program files\Common Files\Real
2010-09-16 00:23 . 2010-03-17 19:51 -------- d-----w- c:\program files\Real
2010-09-16 00:20 . 2010-03-17 19:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 00:20 . 2007-01-03 04:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-07 17:33 . 2009-11-16 23:08 -------- d-----w- c:\program files\CCleaner
2010-09-03 01:22 . 2010-09-03 01:20 -------- d-----w- c:\program files\iTunes
2010-09-03 01:20 . 2010-09-03 01:20 -------- d-----w- c:\program files\iPod
2010-09-03 01:20 . 2008-10-14 03:06 -------- d-----w- c:\program files\Common Files\Apple
2010-09-03 01:13 . 2010-09-03 01:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-01 01:27 . 2010-03-16 15:41 -------- d-----w- c:\program files\VideoLAN
2010-08-29 00:48 . 2010-08-29 00:48 -------- d-----w- c:\program files\Kyocera Wireless Corp
2010-08-26 15:32 . 2010-08-26 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 15:31 . 2010-01-22 05:08 -------- d-----w- c:\program files\Java
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 03:18 . 2010-04-01 00:43 -------- d-----w- c:\program files\QuickTime
2010-08-05 21:16 . 2010-08-05 21:16 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\msvcp71.dll
2010-08-05 21:16 . 2010-08-05 21:16 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\jmc.dll
2010-08-05 21:16 . 2010-08-05 21:16 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7f660b76-n\msvcr71.dll
2010-08-05 21:16 . 2010-08-05 21:16 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6726faa0-n\decora-sse.dll
2010-08-05 21:16 . 2010-08-05 21:16 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6726faa0-n\decora-d3d.dll
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-17 21:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00 . 2010-04-23 03:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 03:56 . 2009-12-09 02:51 70608 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_19.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-10-03 16:43 . 2010-10-03 16:43 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2008-06-26 20:39 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-06-26 20:39 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-06-04 06:13 . 2010-09-29 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 06:13 . 2010-09-02 02:40 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-09-26 00:41 . 2010-09-26 00:41 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2010-09-26 00:41 . 2010-09-26 00:41 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
+ 2008-04-14 13:41 . 2008-04-14 13:41 102509 c:\windows\system32\dllcache\fp4atxt.dll
+ 2010-09-27 03:14 . 2010-09-27 03:14 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
+ 2010-09-25 23:30 . 2010-09-25 23:30 219648 c:\windows\Installer\3cc64f.msi
+ 2010-09-24 23:53 . 2010-09-24 23:53 272384 c:\windows\Installer\2071a.msi
+ 2010-09-24 23:53 . 2010-09-24 23:53 301056 c:\windows\Installer\20710.msi
- 2010-09-03 01:22 . 2010-09-16 20:01 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
+ 2010-09-03 01:22 . 2010-09-29 00:17 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
+ 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-10-02 03:44 . 2010-10-02 03:44 1094656 c:\windows\Installer\ad11d.msi
+ 2010-09-29 10:00 . 2010-09-29 10:00 20303872 c:\windows\Installer\187a1d9.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/25/2010 4:30 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/25/2010 4:30 PM 17744]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [7/25/2008 5:06 PM 636502]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/18/2010 7:54 PM 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 7:06 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-10-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-57989841-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-57989841-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sgndbwfs.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VideoLAN\VLC1.1.4\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 09:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(144)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-03 09:54:31
ComboFix-quarantined-files.txt 2010-10-03 16:54
ComboFix2.txt 2010-10-03 04:53
ComboFix3.txt 2010-10-01 17:43
ComboFix4.txt 2010-09-24 19:47

Pre-Run: 25,056,735,232 bytes free
Post-Run: 25,046,503,424 bytes free

- - End Of File - - 00E80756D1C71D01A8A01DF56207D472


----------- Chkdsk without the /F -----------------
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dell>chkdsk c:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

244187968 KB total disk space.
128218220 KB in 51381 files.
19096 KB in 8288 indexes.
91205852 KB in bad sectors.
180248 KB in use by the system.
65536 KB occupied by the log file.
24564552 KB available on disk.

4096 bytes in each allocation unit.
61046992 total allocation units on disk.
6141138 allocation units available on disk.

C:\Documents and Settings\Dell>


--------- chkdsk after running with /F ---------------
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dell>chkdsk c:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is recovering lost files.
Recovering orphaned file JOURNA~1 (20435) into directory file 29011.
Recovering orphaned file journal6574D0A2 (20435) into directory file 29011.
Recovering orphaned file avast.setup (21334) into directory file 28281.
Recovering orphaned file AVAST~1.SE~ (21334) into directory file 28281.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

244187968 KB total disk space.
128229440 KB in 51742 files.
19236 KB in 8295 indexes.
91205852 KB in bad sectors.
180248 KB in use by the system.
65536 KB occupied by the log file.
24553192 KB available on disk.

4096 bytes in each allocation unit.
61046992 total allocation units on disk.
6138298 allocation units available on disk.

C:\Documents and Settings\Dell>
-------------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users