Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'Bad Image' and 'Insufficient Resources' error msg during WinXP normal mode startup


  • This topic is locked This topic is locked
27 replies to this topic

#1 JohnRambo

JohnRambo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 22 May 2011 - 07:08 PM

Hi,

I was adviced to post my problem in this forum. Initially I posted in the Windows XP section (HERE).

My OS is Windows XP Pro SP3, which was first installed in 2005. It has grown with the years, but it has been running pretty stable and I hope I won't have to reinstall. I don't believe the problem was caused by a hard disk failure, because the disk is relatively new (cloned 2 years ago) and because I have a 2nd XP boot in another partition which runs flawlessly.

Now, the problem is that Windows won't load drivers and generally mess up the startup process. I get the Welcome screen in 16 colors and VGA resolution and receive multiple "Bad Image" and "Insufficient Resources" error messages (eg. "NvCpl.dll - Bad Image"). After I click away these popups, any program I try to run crash with "Insufficient Resources" message. Icons and other graphics gradually disappear and soon the whole system hangs. I uninstalled the nVidia drivers from Safe mode and although I got more colors and slightly better resolution, the rest of error messages and problems remain.

Safe mode seems to work fine, with network support as well (that's where I am now), although only if I log in as Administrator. If I log in my regular user account, the system starts up looking fine, but degrades pretty soon, similarly to Normal mode. In order to get these reports, I had to run DDS from safe mode and logged as Administrator.

What else... In my effort to solve the problem I did ran some programs including MalwareBytes, SuperAntiSpyware, HiJackThis and Combofix, without any real guidance. I now realize I shouldn't have done that, but was ill-advised. I hope that this hasn't caused any more problems and that you can still help me. Oh, and I did post at another website before arriving at BleepingComputer. I am closing that one, just following you now.

The attach.txt file is attached. The DDS.txt follows below.

Thanks in advance,
John


.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Run by Administrator at 1:08:45 on 2011-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3115 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://count.flashget.com/count?status=1&ver=1.73.128&lng=en
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
mRun: [A0380mon] c:\windows\system32\A0380mon.exe
mRun: [vscvol.exe] c:\program files\roland\vsc32\vscvol.exe
mRun: [vsc32cnf.exe] c:\program files\roland\vsc32\vsc32cnf.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2BB9B7F8-8279-4BBD-A9FE-CDB3A84BAF58} = 80.76.33.227,80.76.39.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [2007-3-22 20992]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-7-2 33792]
R3 rt2870;TP-LINK TL-WN727N Wireless Lite-N USB Adapter;c:\windows\system32\drivers\rt2870.sys [2009-10-19 650624]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-5-22 28552]
S0 xeK84;xeK84;c:\windows\system32\drivers\xek84.sys --> c:\windows\system32\drivers\xeK84.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-2 307928]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-2 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-2 42184]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
S2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2007-5-3 18240]
S2 gupdate1ca0d07be5c2f08;Google Update Service (gupdate1ca0d07be5c2f08);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\m-audio\usb midi series\AudioDevMon.exe [2010-4-13 1636872]
S3 A0380VID;CMe2+ Series II Web Camera;c:\windows\system32\drivers\A0380Vid.sys [2009-4-13 3932672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-9 1684736]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-3-22 73216]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest ultimate edition\kerneld.wnt [2009-9-5 26736]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]
S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\filespy.sys --> c:\windows\system32\drivers\FILESPY.sys [?]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\drivers\MAudioUSBMIDI.sys [2010-4-13 170248]
S3 MosSir;MosSir.sys;c:\windows\system32\drivers\MosSir.sys [2004-8-23 47360]
S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [2006-11-20 951284]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]
S4 Syettebdlmpq;Syettebdlmpq; [x]
.
=============== Created Last 30 ================
.
2011-05-22 17:51:14 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-05-22 17:11:18 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-05-22 16:27:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-22 15:50:47 98816 ----a-w- c:\windows\sed.exe
2011-05-22 15:50:47 89088 ----a-w- c:\windows\MBR.exe
2011-05-22 15:50:47 256512 ----a-w- c:\windows\PEV.exe
2011-05-22 15:50:47 161792 ----a-w- c:\windows\SWREG.exe
2011-05-22 11:38:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-22 11:38:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-22 00:00:44 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2011-05-22 00:00:36 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2011-05-22 00:00:27 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2011-05-22 00:00:19 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2011-05-22 00:00:19 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2011-05-21 23:59:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-05-21 21:54:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-05-21 21:54:44 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-21 21:54:29 -------- d-----w- c:\program files\Panda Security
2011-05-21 18:27:21 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-05-21 17:52:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\GHISLER
2011-05-21 07:08:33 750704 ----a-w- c:\windows\aus_ddss.scr
2011-05-21 07:08:33 -------- d-----w- c:\windows\Auslogics Disk Defrag Screensaver
2011-05-21 07:08:33 -------- d-----w- c:\program files\Auslogics
2011-05-20 21:27:40 -------- dc-h--w- c:\documents and settings\all users\application data\{CAD02913-AB4D-43B4-A6A1-7A874E239CEC}
2011-05-19 11:02:45 -------- d-----w- c:\program files\Tascam
2011-05-16 14:52:32 -------- d-----w- c:\program files\Big Fish Audio
2011-05-16 08:45:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 09:03:12 -------- d-----w- c:\program files\Super Meat Boy
2011-05-11 22:20:34 406528 ------w- c:\windows\system32\ReWire.dll
2011-05-11 22:20:34 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-05-01 11:27:06 -------- d-----w- c:\program files\Greenshot
2011-04-23 14:46:58 -------- dc-h--w- c:\documents and settings\all users\application data\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
2011-04-23 09:22:10 -------- dc-h--w- c:\documents and settings\all users\application data\{BF329843-149E-4A5A-82A1-0250286442D0}
2011-04-22 23:07:00 -------- dc-h--w- c:\documents and settings\all users\application data\{68043317-5F8A-4DA9-B49D-1A6337515B90}
.
==================== Find3M ====================
.
2011-05-22 18:23:43 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-22 18:23:43 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-22 18:23:39 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-12 21:26:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-04-12 14:48:07 225280 ----a-w- c:\windows\MyX5-2phmgunin.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-22 15:03:45 3504 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 1:09:56.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:58 PM

Posted 31 May 2011 - 11:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.


Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.

animinionsmalltext.gif

 


#3 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 06:13 AM

Hi,

Thanks in advance, I really appreciate your help.

I haven't touched the PC since my previous post, I am on my laptop at the moment, so my previously posted DDS logs are good as new.

A minute ago I turned it on for the first time since then in order to perform the Gmer scan. Again, I could not boot into Normal mode (same behavior as described above; video card and other drivers are not being loaded, "Bad Image" error messages during Windows startup, "Insufficient resources" error messages in any attempt to run a program. Cannot even shut down properly, as the system hangs.

Right now I am performing a Gmer scan in safe mode. I will post as soon as it is completed. I checked and found no antivirus or optical drive emulators running.


If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.

Windows XP Professional, Version 2002, Service Pack 3, 32bit


Please tell us if you have your original Windows CD/DVD available.

I think this was initially a Win XP Pro Service Pack 2 installation that I manually upgraded to SP3 at some point, which I can't seem to find. I have a newer WinXP Pro SP3 edition (32bit) for my laptop though, if this could be of use.


Cheers,
John

#4 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 01:01 PM

Here's the GMER log.

Attached Files

  • Attached File  ark.txt   23.9KB   4 downloads


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:58 PM

Posted 01 June 2011 - 05:05 PM

Hi JohnRambo,

Apologies for waiting. I will be assisting you.

  • Safe mode seems to work fine, with network support as well (that's where I am now), although only if I log in as Administrator. If I log in my regular user account, the system starts up looking fine, but degrades pretty soon, similarly to Normal mode. In order to get these reports, I had to run DDS from safe mode and logged as Administrator.

    We are going to do a series of checks, some of them could be run in any mode or account but some of them should be done while you are logged into your own account, the one which is problematic. Aren't you able to run any program while logging into your own account in Safe Mode?
  • I see also some entries from Daemon tools. They seem to be leftovers but locked keys. Do you confirm they are leftovers? We might want to remove them.
  • This one could be run from any mode or any account.
    Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#6 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 05:35 PM

Hi and thanks. :)

Aren't you able to run any program while logging into your own account in Safe Mode?

Yes, I am able to run programs. The only problem I noticed in Safe mode is that I may get "Insufficient Resources" error messages or system freeze after a long time (more than 2 hours), which I noticed during my initial Gmer scanning while logged on my account.


I see also some entries from Daemon tools. They seem to be leftovers but locked keys. Do you confirm they are leftovers? We might want to remove them.

I haven't uninstalled DT, I thought they were no problem unless the service is running - and I thought the service wasn't running. I have no problem uninstalling if you want me to.


MBR log attached. Ran it logged in my own account, Safe mode.

Attached Files



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:58 PM

Posted 01 June 2011 - 05:55 PM

Thanks for the to the point feedback.

  • DT driver often leads to false positive making the job for our tools more complicated. Please uninstall it. We will remove the leftovers too. After we are done you can install it.
    • After uninstalling please do the following:
    • Please download MiniRegTool.zip and unzip it.
    • Run the tool.
    • Copy and paste the content of code box into the edit box:

      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg
      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg
      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg
      HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg
      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg
      HKLM\SYSTEM\ControlSet002\Services\sptd
      HKLM\SYSTEM\ControlSet003\Services\sptd
      HKLM\SYSTEM\ControlSet005\Services\sptd
      HKLM\SYSTEM\ControlSet001\Services\sptd
    • Check the Delete Key(s)/Value(s) including Locked/Null embedded radio button.
    • Press Go button and post the result (Result.txt).
  • This one we would like to run when you are logged in to your own account. It could be in safe mode.
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#8 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 06:35 PM

OK, here we go... :)

1. Daemon Tools uninstalled.

2. MiniRegTool Result.txt attached

3. Running OTL was quirky; First time it crashed, safe mode went weird again with error msgs and couldn't shut down properly. I restarted by force and boot in my account but Safe mode without Network support. This time OTL started normally and reached the end of the scan (Displayed "Scans Complete!" on the app's status bar) but the system went bad again. The log files never showed up, programs didn't run and I had to do a hard reboot once again. 3rd time around, same thing: OTL completed the scan but no logs were presented.

Attached Files


Edited by JohnRambo, 01 June 2011 - 06:36 PM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:58 PM

Posted 01 June 2011 - 06:48 PM

Try to run DDS when logged on to your own account, we only need the DDS.txt log. Please copy and paste small logs. lets reserve attaching for large file as you have not a lot of space for that.

#10 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 06:58 PM

Sure, here it is:

.
DDS (Ver_11-05-19.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Run by monami at 2:54:13 on 2011-06-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3126 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\monami\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://localhost/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [PeerBlock] i:\software\security\peerblock_r518__win32_release\peerblock.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [A0380mon] c:\windows\system32\A0380mon.exe
mRun: [vscvol.exe] c:\program files\roland\vsc32\vscvol.exe
mRun: [vsc32cnf.exe] c:\program files\roland\vsc32\vsc32cnf.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\monami\startm~1\programs\startup\borgchat.lnk - c:\program files\borgchat\BORGChat.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: localhost
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2BB9B7F8-8279-4BBD-A9FE-CDB3A84BAF58} = 80.76.33.227,80.76.39.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\monami\application data\mozilla\firefox\profiles\r6azh2kb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.battlefieldheroes.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\monami\application data\mozilla\firefox\profiles\r6azh2kb.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\monami\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\monami\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\opera 9\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera 9\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 9\program\plugins\NPFgc1.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\opera 9\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 9\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [2007-3-22 20992]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-7-2 33792]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-5-22 28552]
S0 xeK84;xeK84;c:\windows\system32\drivers\xek84.sys --> c:\windows\system32\drivers\xeK84.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-2 307928]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-2 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-2 42184]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
S2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2007-5-3 18240]
S2 gupdate1ca0d07be5c2f08;Google Update Service (gupdate1ca0d07be5c2f08);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\m-audio\usb midi series\AudioDevMon.exe [2010-4-13 1636872]
S3 A0380VID;CMe2+ Series II Web Camera;c:\windows\system32\drivers\A0380Vid.sys [2009-4-13 3932672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-9 1684736]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-3-22 73216]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest ultimate edition\kerneld.wnt [2009-9-5 26736]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]
S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\filespy.sys --> c:\windows\system32\drivers\FILESPY.sys [?]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\drivers\MAudioUSBMIDI.sys [2010-4-13 170248]
S3 MosSir;MosSir.sys;c:\windows\system32\drivers\MosSir.sys [2004-8-23 47360]
S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?]
S3 rt2870;TP-LINK TL-WN727N Wireless Lite-N USB Adapter;c:\windows\system32\drivers\rt2870.sys [2009-10-19 650624]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [2006-11-20 951284]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]
S4 Syettebdlmpq;Syettebdlmpq; [x]
.
=============== Created Last 30 ================
.
2011-05-22 17:11:18 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-05-22 16:27:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-22 15:50:47 98816 ----a-w- c:\windows\sed.exe
2011-05-22 15:50:47 89088 ----a-w- c:\windows\MBR.exe
2011-05-22 15:50:47 256512 ----a-w- c:\windows\PEV.exe
2011-05-22 11:38:41 -------- d-----w- c:\documents and settings\monami\application data\SUPERAntiSpyware.com
2011-05-22 11:38:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-22 11:38:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-22 11:25:33 388096 ----a-r- c:\documents and settings\monami\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-22 00:00:44 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2011-05-22 00:00:36 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2011-05-22 00:00:27 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2011-05-22 00:00:19 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2011-05-22 00:00:19 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2011-05-21 23:59:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-05-21 21:54:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-05-21 21:54:44 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-21 21:54:29 -------- d-----w- c:\program files\Panda Security
2011-05-21 07:08:33 750704 ----a-w- c:\windows\aus_ddss.scr
2011-05-21 07:08:33 -------- d-----w- c:\windows\Auslogics Disk Defrag Screensaver
2011-05-21 07:08:33 -------- d-----w- c:\program files\Auslogics
2011-05-20 21:27:40 -------- dc-h--w- c:\documents and settings\all users\application data\{CAD02913-AB4D-43B4-A6A1-7A874E239CEC}
2011-05-19 11:02:45 -------- d-----w- c:\program files\Tascam
2011-05-16 14:52:32 -------- d-----w- c:\program files\Big Fish Audio
2011-05-16 08:45:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 09:03:12 -------- d-----w- c:\program files\Super Meat Boy
2011-05-11 22:20:34 406528 ------w- c:\windows\system32\ReWire.dll
2011-05-11 22:20:34 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
.
==================== Find3M ====================
.
2011-05-22 18:23:43 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-22 18:23:43 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-22 18:23:39 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-12 21:26:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-04-12 14:48:07 225280 ----a-w- c:\windows\MyX5-2phmgunin.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-22 15:03:45 3504 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 2:55:56.93 ===============

#11 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 07:04 PM

By the way, one thing I noticed during all these Windows restarts, is a message that comes up after I pressed Shut Down that motifies me that a process is still running and gives me the chance to end it manually. This process was named 360 one time, 3bc another, or something like that... always 3 characters.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:58 PM

Posted 01 June 2011 - 07:08 PM

The log ruled out some assumptions. But the cause is still a mystery.

  • From which directory you ran OTL? The log might be saved in the same directory.
  • This one is preferred to run in normal mode. But if you couldn't, try to run it in Safe Mode with networking while logging to any account. We would like to have as many driver loaded as we can.

    Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#13 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 June 2011 - 07:26 PM

1. Couldn't find any text files from OTL on the desktop, where OTL.exe was run from. I tried to run it again (my own account in safe mode) and this time the logs popped up. I attached both, as they seem big to me.

2. Here is the TDSSKiller log. I ran it from my own account in safe mode. No reboot was made. It notified me of a single threat, which was set to Skip by default and I let it be that way.

EDIT: I actually ran TDSSKiller first, then OTL.

2011/06/02 03:14:49.0062 1664 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 03:14:49.0093 1664 ================================================================================
2011/06/02 03:14:49.0093 1664 SystemInfo:
2011/06/02 03:14:49.0093 1664
2011/06/02 03:14:49.0093 1664 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/02 03:14:49.0093 1664 Product type: Workstation
2011/06/02 03:14:49.0093 1664 ComputerName: DIMMAN
2011/06/02 03:14:49.0093 1664 UserName: monami
2011/06/02 03:14:49.0093 1664 Windows directory: C:\WINDOWS
2011/06/02 03:14:49.0093 1664 System windows directory: C:\WINDOWS
2011/06/02 03:14:49.0093 1664 Processor architecture: Intel x86
2011/06/02 03:14:49.0093 1664 Number of processors: 2
2011/06/02 03:14:49.0093 1664 Page size: 0x1000
2011/06/02 03:14:49.0093 1664 Boot type: Safe boot with network
2011/06/02 03:14:49.0093 1664 ================================================================================
2011/06/02 03:14:51.0828 1664 Initialize success
2011/06/02 03:15:16.0187 1688 ================================================================================
2011/06/02 03:15:16.0187 1688 Scan started
2011/06/02 03:15:16.0187 1688 Mode: Manual;
2011/06/02 03:15:16.0187 1688 ================================================================================
2011/06/02 03:15:17.0234 1688 A0380VID (f43043248786e899c5d68d76f33e20ec) C:\WINDOWS\system32\DRIVERS\A0380Vid.sys
2011/06/02 03:15:17.0390 1688 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/02 03:15:17.0484 1688 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/02 03:15:17.0515 1688 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/02 03:15:17.0562 1688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/02 03:15:17.0609 1688 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/02 03:15:17.0781 1688 ALCXWDM (e1b23e1463adcca8637532d6b170cc32) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/02 03:15:18.0000 1688 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/02 03:15:18.0109 1688 Amfilter (868ae6fa93c29c8a105539f3e6d5a77f) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2011/06/02 03:15:18.0187 1688 Amusbprt (37646d4559ad45c96225521b44c45d01) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2011/06/02 03:15:18.0250 1688 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/02 03:15:18.0359 1688 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/06/02 03:15:18.0468 1688 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/02 03:15:18.0515 1688 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/02 03:15:18.0546 1688 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/02 03:15:18.0609 1688 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/02 03:15:18.0687 1688 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/02 03:15:18.0734 1688 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/02 03:15:18.0781 1688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/02 03:15:18.0812 1688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/02 03:15:18.0859 1688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/02 03:15:18.0890 1688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/02 03:15:18.0937 1688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/02 03:15:19.0062 1688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/02 03:15:19.0125 1688 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/02 03:15:19.0187 1688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/02 03:15:19.0203 1688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/02 03:15:19.0234 1688 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/02 03:15:19.0312 1688 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2011/06/02 03:15:19.0453 1688 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
2011/06/02 03:15:19.0515 1688 dalwdmservice (3c92bf37f1cc09269479a42ec3549523) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/06/02 03:15:19.0546 1688 DbgMsg (5d69c704a11a037f05270ee98106e12f) C:\WINDOWS\System32\Drivers\DbgMsg.sys
2011/06/02 03:15:19.0609 1688 DigiFilter (9d9778dfe6b4731216e14c877a2d830a) C:\WINDOWS\system32\drivers\DigiFi~1.sys
2011/06/02 03:15:19.0609 1688 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\DigiFi~1.sys. md5: 9d9778dfe6b4731216e14c877a2d830a
2011/06/02 03:15:19.0609 1688 DigiFilter - detected HiddenFile.Multi.Generic (1)
2011/06/02 03:15:19.0625 1688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/02 03:15:19.0703 1688 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/02 03:15:19.0750 1688 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/02 03:15:19.0765 1688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/02 03:15:19.0828 1688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/02 03:15:19.0875 1688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/02 03:15:19.0953 1688 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
2011/06/02 03:15:19.0984 1688 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/06/02 03:15:20.0062 1688 ElbyCDIO (c9c7113f5e15f70fcc576e835c859d56) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/06/02 03:15:20.0093 1688 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/06/02 03:15:20.0171 1688 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/06/02 03:15:20.0281 1688 EverestDriver (eacd4cdffe66f4923ebb9685c21b55e5) C:\Program Files\EVEREST Ultimate Edition\kerneld.wnt
2011/06/02 03:15:20.0343 1688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/02 03:15:20.0375 1688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/02 03:15:20.0406 1688 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/02 03:15:20.0437 1688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/02 03:15:20.0468 1688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/02 03:15:20.0515 1688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/02 03:15:20.0546 1688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/02 03:15:20.0593 1688 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/02 03:15:20.0640 1688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/02 03:15:20.0671 1688 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/02 03:15:20.0750 1688 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/02 03:15:20.0875 1688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/02 03:15:20.0937 1688 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/02 03:15:20.0968 1688 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/02 03:15:21.0031 1688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/02 03:15:21.0218 1688 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/02 03:15:21.0343 1688 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/02 03:15:21.0375 1688 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/02 03:15:21.0406 1688 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/02 03:15:21.0453 1688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/02 03:15:21.0468 1688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/02 03:15:21.0500 1688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/02 03:15:21.0531 1688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/02 03:15:21.0562 1688 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/02 03:15:21.0625 1688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/02 03:15:21.0734 1688 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/02 03:15:21.0781 1688 JRAID (66a54519ed42ec2ccca592f47eb02c5d) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/06/02 03:15:21.0812 1688 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/02 03:15:21.0859 1688 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/02 03:15:21.0890 1688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/02 03:15:21.0937 1688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/02 03:15:21.0984 1688 L1e (d0607058fa4e408b3ed3924f0d9fa2f0) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/06/02 03:15:22.0109 1688 MAUSBMIDI (69bc2b743d723d1923fce50eb68003cb) C:\WINDOWS\system32\DRIVERS\MAudioUSBMIDI.sys
2011/06/02 03:15:22.0140 1688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/02 03:15:22.0171 1688 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/02 03:15:22.0234 1688 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/02 03:15:22.0312 1688 MosSir (b688f29ea017b32ce3480fd493414ee1) C:\WINDOWS\system32\DRIVERS\MosSir.sys
2011/06/02 03:15:22.0343 1688 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/02 03:15:22.0375 1688 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/02 03:15:22.0390 1688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/02 03:15:22.0515 1688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/02 03:15:22.0562 1688 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/02 03:15:22.0609 1688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/02 03:15:22.0640 1688 msgame (082a950191dde602bbea8ef4e5900251) C:\WINDOWS\system32\DRIVERS\msgame.sys
2011/06/02 03:15:22.0671 1688 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/06/02 03:15:22.0703 1688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/02 03:15:22.0718 1688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/02 03:15:22.0750 1688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/02 03:15:22.0765 1688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/02 03:15:22.0796 1688 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/02 03:15:22.0812 1688 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/02 03:15:22.0843 1688 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/02 03:15:22.0875 1688 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/02 03:15:22.0890 1688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/02 03:15:22.0921 1688 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/02 03:15:22.0953 1688 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/02 03:15:22.0968 1688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/02 03:15:23.0046 1688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/02 03:15:23.0093 1688 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/02 03:15:23.0109 1688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/02 03:15:23.0171 1688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/02 03:15:23.0234 1688 NetworkX (87bf56a5b2fb6fb3800b30649d4c1eba) C:\WINDOWS\system32\ckldrv.sys
2011/06/02 03:15:23.0296 1688 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/02 03:15:23.0375 1688 Nokia USB Generic (128d4e1e6c419e58e6e65aa3f6e4b4b0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/06/02 03:15:23.0421 1688 Nokia USB Modem (fa1c0ca4b6004a8c1ab4465346459d04) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/06/02 03:15:23.0468 1688 Nokia USB Phone Parent (55559482199d3c617013d0241c47cdb7) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/06/02 03:15:23.0500 1688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/02 03:15:23.0546 1688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/02 03:15:23.0593 1688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/02 03:15:23.0906 1688 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/02 03:15:24.0281 1688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/02 03:15:24.0296 1688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/02 03:15:24.0328 1688 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/02 03:15:24.0390 1688 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/02 03:15:24.0406 1688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/02 03:15:24.0437 1688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/02 03:15:24.0468 1688 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/06/02 03:15:24.0515 1688 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/06/02 03:15:24.0546 1688 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/02 03:15:24.0578 1688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/02 03:15:24.0625 1688 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/02 03:15:24.0812 1688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/02 03:15:24.0843 1688 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/02 03:15:24.0875 1688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/02 03:15:24.0921 1688 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\WINDOWS\system32\drivers\pstrip.sys
2011/06/02 03:15:24.0937 1688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/02 03:15:24.0968 1688 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/02 03:15:25.0093 1688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/02 03:15:25.0187 1688 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/02 03:15:25.0234 1688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/02 03:15:25.0250 1688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/02 03:15:25.0281 1688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/02 03:15:25.0343 1688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/02 03:15:25.0375 1688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/02 03:15:25.0406 1688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/02 03:15:25.0453 1688 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/02 03:15:25.0484 1688 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/02 03:15:25.0562 1688 rt2870 (f1fcf23c4a2c777fe77e3e703654eb66) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/06/02 03:15:25.0640 1688 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/02 03:15:25.0687 1688 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/02 03:15:25.0734 1688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/02 03:15:25.0781 1688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/02 03:15:25.0796 1688 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/02 03:15:25.0953 1688 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/06/02 03:15:25.0984 1688 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/06/02 03:15:26.0015 1688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/02 03:15:26.0046 1688 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/06/02 03:15:26.0078 1688 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/06/02 03:15:26.0140 1688 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/02 03:15:26.0203 1688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/02 03:15:26.0265 1688 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/02 03:15:26.0312 1688 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/02 03:15:26.0375 1688 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/02 03:15:26.0437 1688 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/02 03:15:26.0453 1688 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/02 03:15:26.0468 1688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/02 03:15:26.0500 1688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/02 03:15:26.0609 1688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/02 03:15:26.0656 1688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/02 03:15:26.0687 1688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/02 03:15:26.0718 1688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/02 03:15:26.0781 1688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/02 03:15:26.0859 1688 TPkd (d8b232ea082ee544a03180179a02856e) C:\WINDOWS\system32\drivers\TPkd.sys
2011/06/02 03:15:26.0921 1688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/02 03:15:26.0984 1688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/02 03:15:27.0046 1688 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/02 03:15:27.0078 1688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/02 03:15:27.0125 1688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/02 03:15:27.0156 1688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/02 03:15:27.0187 1688 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/02 03:15:27.0203 1688 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/02 03:15:27.0234 1688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/02 03:15:27.0250 1688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/02 03:15:27.0265 1688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/02 03:15:27.0312 1688 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/02 03:15:27.0359 1688 vsc32 (f7035815c23df5dad8a686c1cda20f3e) C:\WINDOWS\system32\DRIVERS\vsc.sys
2011/06/02 03:15:27.0421 1688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/02 03:15:27.0484 1688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/02 03:15:27.0640 1688 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/02 03:15:27.0687 1688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/02 03:15:27.0718 1688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/02 03:15:27.0812 1688 X4HSX32 (d627bcd83e97f491bcb598b20206b04a) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
2011/06/02 03:15:27.0921 1688 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/02 03:15:28.0015 1688 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/06/02 03:15:28.0031 1688 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR2
2011/06/02 03:15:28.0046 1688 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
2011/06/02 03:15:28.0062 1688 MBR (0x1B8) (f1bc9a487fad21118da4d5b596310ba4) \Device\Harddisk4\DR9
2011/06/02 03:15:28.0562 1688 ================================================================================
2011/06/02 03:15:28.0562 1688 Scan finished
2011/06/02 03:15:28.0562 1688 ================================================================================
2011/06/02 03:15:28.0593 1680 Detected object count: 1
2011/06/02 03:15:28.0593 1680 Actual detected object count: 1
2011/06/02 03:15:43.0984 1680 HiddenFile.Multi.Generic(DigiFilter) - User select action: Skip

Attached Files


Edited by JohnRambo, 01 June 2011 - 07:33 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:58 PM

Posted 01 June 2011 - 07:57 PM

Well done with the logs. They don't show the cause and there is no sign of malware. After running all those scans I suspect this is a compatibility issue. When you log into your own account some programs interfere with the system. And I can't be sure which one.

An option is to uninstall Avast and SuperAntiSpyware or any other security program and see if it contributes to the issue.

#15 JohnRambo

JohnRambo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 June 2011 - 05:42 AM

I tried uninstalling those two; didn't have any other security program installed. Unfortunately, that didn't do it... Thanks for helping me anyway.

Any other guesses? I am willing to try anything before reinstalling... :P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users