Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD atapi.sys


  • This topic is locked This topic is locked
22 replies to this topic

#1 PressRewind

PressRewind

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 21 August 2011 - 03:21 PM

I'm currently running Windows XP Professional SP3. Recently I have been randomly seeing the BSOD at least once a day. It happened to me again a few minutes ago when I was not using the computer. I wrote down the technical information.

Technical Information:
*** STOP:0x0000008E (0xC0000005; 0xB9E0A71D; 0xA15CA544; 0x00000000)
*** atapi.sys - Address B9E0A71D base at B9E00000; DateStamp 4802539d

I'm not sure if it is related but recently I started running my laptop off of its battery because my husband needed the charge cord for his laptop since his stopped working. After I started doing that I started seeing the BSOD and now even when the laptop is plugged in I still get BSOD. Sometimes I will take my computer out of hybernate and I will be using the internet and withing a few minutes I get the BSOD. I tried to supply as much info as I could. If it happens again I will try to pay more attention to what it says and what I was doing at the time.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:34 AM

Posted 21 August 2011 - 08:33 PM

Hi PressRewind -
So that the helpers can further assist you , please do the following -
Download the zip file BlueScreenView
  • Unzip the file to your desktop.
  • Double click on BlueScreenView.exe to run the program and wait till the scan is complete.
  • Go to Edit > Select All.
  • Go to File > Save Selected Items
  • Save the report as BSOD.txt and paste the contents into your next reply.
Thank You -

#3 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 22 August 2011 - 02:03 PM

Here are the results from the scan I did with Blue Screen View.

==================================================
Dump File : Mini082211-01.dmp
Crash Time : 8/22/2011 2:09:11 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xb9e0a71d
Parameter 3 : 0x9f7a4544
Parameter 4 : 0x00000000
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+a71d
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : atapi.sys+a71d
Stack Address 1 : ntoskrnl.exe+17129
Stack Address 2 : mbam.sys+aaa
Stack Address 3 : fltmgr.sys+118ff
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082211-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini082111-01.dmp
Crash Time : 8/21/2011 2:43:26 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xb9e0a71d
Parameter 3 : 0xa15ca544
Parameter 4 : 0x00000000
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+a71d
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : atapi.sys+a71d
Stack Address 1 : ntoskrnl.exe+17129
Stack Address 2 : mbam.sys+aaa
Stack Address 3 : fltmgr.sys+118ff
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082111-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini082011-01.dmp
Crash Time : 8/20/2011 2:57:07 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xb9e0a71d
Parameter 3 : 0x91ddd544
Parameter 4 : 0x00000000
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+a71d
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : atapi.sys+a71d
Stack Address 1 : ntoskrnl.exe+17129
Stack Address 2 : mbam.sys+aaa
Stack Address 3 : fltmgr.sys+118ff
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082011-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

Edited by PressRewind, 22 August 2011 - 02:13 PM.


#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:34 AM

Posted 22 August 2011 - 04:54 PM

Please download SystemLook.exe and save it to your Desktop.
  • alternate download link
    For users of Windows 64 bit systems: SystemLook (64-bit)
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box and paste into the main text field:
    :filefind
    atapi.sys
    fltmgr.sys
    
  • Click the Look button to start the scan.
    Please be patient, as it may take a little time.
  • When finished, a Notepad window will open with the results of the scan.
  • Please copy & paste the entire content of this log in your next reply.
Note: The log, SystemLook.txt, is saved on your Desktop.

Edited by AustrAlien, 22 August 2011 - 04:59 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 22 August 2011 - 09:30 PM

Here are the results from the SystemLook scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:12 on 22/08/2011 by
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a---- 95360 bytes [01:20 30/04/2008] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [19:06 13/09/2008] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [09:15 12/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [04:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys --a---- 95360 bytes [02:07 27/03/2006] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "fltmgr.sys"
C:\i386\fltmgr.sys --a---- 128896 bytes [01:20 30/04/2008] [09:14 21/08/2006] 3D234FB6D6EE875EB009864A299BEA29
C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys --a---- 128768 bytes [07:32 27/04/2008] [09:43 21/08/2006] 5A85CD3D07273E3F6FE72EE9C6431632
C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys -----c- 128896 bytes [19:07 13/09/2008] [09:14 21/08/2006] 3D234FB6D6EE875EB009864A299BEA29
C:\WINDOWS\$NtUninstallKB922582$\fltmgr.sys -----c- 124800 bytes [07:32 27/04/2008] [11:00 04/08/2004] 157754F0DF355A9E0A6F54721914F9C6
C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys ------- 129792 bytes [09:15 12/09/2008] [18:32 13/04/2008] B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\drivers\fltmgr.sys --a---- 129792 bytes [23:12 11/08/2004] [18:32 13/04/2008] B2CF4B0786F8212CB92ED2B50C6DB6B0

-= EOF =-

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:34 AM

Posted 23 August 2011 - 07:32 AM

The two files, atapi.sys and fltmgr.sys check out OK.

0x0000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED
A kernel mode program generated an exception which the error handler didnít catch. These are nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade).

Source: http://aumha.org/a/stop.htm

How long have you had Malwarebytes Antimalware running on your computer?

Have you made any changes to the computer recently? Software or hardware?

Have you noticed any signs at all that may indicate malware being present on the system? Or ... has the system recently suffered a malware infection? If so, what steps have been taken to remove the malware?

Please Publish a Snapshot using Speccy, and post a link to it in this thread.
This is a convenient and accurate way of providing us with details of your computer specifications.

Please zip up (right-click > Send to > Compressed (zipped) Folder) the two most recent minidumps (located in the minidumps folder C:\WINDOWS\Minidump\) and attach the zip file to your next reply.

How is your system behaving now?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 23 August 2011 - 12:52 PM

How long have you had Malwarebytes Antimalware running on your computer?
I have had Malwarebytes installed on my computer since 2008

Have you made any changes to the computer recently? Software or hardware?
Within the past few weeks I started using a CRT external monitor on my laptop since the LCD screen died.

Have you noticed any signs at all that may indicate malware being present on the system? Or ... has the system recently suffered a malware infection? If so, what steps have been taken to remove the malware?
On 7/21/2011 Firefox and chrome started giving me errors that I was using a proxy server and it was refusing connections. On 7/21/2011 Malwarebytes quarantined and deleted an infected registry value PUM.Bad.Proxy. On 7/23/2011 Malwarebytes quarantined and deleted 4 files infected with PUP.FunWebProducts. I posted something about the proxy issue under the Virus, Trojan, Spyware, and Malware Removal Logs section of this forum on 7/29/2011 but did not get any replies so I figured there was not anything left on my computer. I have been scanning my computer with Spybot, Malwarebytes and AVG but have not found any new infections.

How is your system behaving now?
I installed Speccy.I have tried to open Speccy three times and get the BSOD each time shortly after opening. After the third try I decided to leave it alone and return here to post my findings. Unable to create a snapshot. When I told my computer to not show hidden files I got the BSOD.

Attached Files



#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:34 AM

Posted 23 August 2011 - 03:15 PM

Sit tight: I will see if I can get some attention from the Malware Removal Team and have the malware situation investigated.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 23 August 2011 - 04:46 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

Edited by Orange Blossom, 23 August 2011 - 05:00 PM.
Moved to log forum. ~ OB

So long, and thanks for all the fish.

 

 


#10 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 23 August 2011 - 05:30 PM

It found a friend or two I attached the log file for you to review.

2011/08/23 17:12:40.0687 1364 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 17:12:41.0390 1364 ================================================================================
2011/08/23 17:12:41.0390 1364 SystemInfo:
2011/08/23 17:12:41.0390 1364
2011/08/23 17:12:41.0390 1364 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/23 17:12:41.0390 1364 Product type: Workstation
2011/08/23 17:12:41.0406 1364 ComputerName: OLDLAPPY
2011/08/23 17:12:41.0406 1364 UserName: Rebecca Terwilliger
2011/08/23 17:12:41.0406 1364 Windows directory: C:\WINDOWS
2011/08/23 17:12:41.0406 1364 System windows directory: C:\WINDOWS
2011/08/23 17:12:41.0406 1364 Processor architecture: Intel x86
2011/08/23 17:12:41.0406 1364 Number of processors: 1
2011/08/23 17:12:41.0406 1364 Page size: 0x1000
2011/08/23 17:12:41.0406 1364 Boot type: Normal boot
2011/08/23 17:12:41.0406 1364 ================================================================================
2011/08/23 17:12:49.0578 1364 Initialize success
2011/08/23 17:12:55.0796 3152 ================================================================================
2011/08/23 17:12:55.0796 3152 Scan started
2011/08/23 17:12:55.0796 3152 Mode: Manual;
2011/08/23 17:12:55.0796 3152 ================================================================================
2011/08/23 17:12:57.0796 3152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/23 17:12:57.0875 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 17:12:57.0921 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/23 17:12:57.0984 3152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/23 17:12:58.0031 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 17:12:58.0187 3152 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/23 17:12:58.0265 3152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 17:12:58.0343 3152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/23 17:12:58.0390 3152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/23 17:12:58.0437 3152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/23 17:12:58.0562 3152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/23 17:12:58.0609 3152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/23 17:12:58.0703 3152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/23 17:12:58.0734 3152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/23 17:12:58.0796 3152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/23 17:12:58.0843 3152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/23 17:12:58.0921 3152 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/08/23 17:12:59.0078 3152 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 17:12:59.0125 3152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/23 17:12:59.0187 3152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/23 17:12:59.0234 3152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/23 17:12:59.0281 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 17:12:59.0328 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 17:12:59.0390 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 17:12:59.0453 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 17:12:59.0546 3152 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/23 17:12:59.0703 3152 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/23 17:12:59.0765 3152 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/23 17:12:59.0796 3152 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/23 17:12:59.0843 3152 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/23 17:12:59.0875 3152 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/23 17:12:59.0937 3152 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/23 17:12:59.0984 3152 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/23 17:13:00.0109 3152 bcm (99ec3b1c50a6fcb07b5f3f153a938e19) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
2011/08/23 17:13:00.0250 3152 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/08/23 17:13:00.0296 3152 bcmbusctr (c303a3c17d7605d07293e1b4cdde0c08) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
2011/08/23 17:13:00.0359 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 17:13:00.0421 3152 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/23 17:13:00.0484 3152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/23 17:13:00.0515 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 17:13:00.0562 3152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/23 17:13:00.0703 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 17:13:00.0781 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 17:13:00.0828 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 17:13:00.0906 3152 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 17:13:00.0953 3152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/23 17:13:00.0984 3152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 17:13:01.0031 3152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/23 17:13:01.0359 3152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/23 17:13:01.0406 3152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/23 17:13:01.0484 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 17:13:01.0578 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 17:13:01.0625 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 17:13:01.0765 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 17:13:01.0828 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 17:13:01.0890 3152 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/23 17:13:01.0937 3152 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/23 17:13:02.0000 3152 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/08/23 17:13:02.0031 3152 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/08/23 17:13:02.0078 3152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/23 17:13:02.0375 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 17:13:02.0562 3152 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/23 17:13:02.0640 3152 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/08/23 17:13:02.0703 3152 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/23 17:13:02.0812 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 17:13:02.0921 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/23 17:13:02.0968 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 17:13:03.0015 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/23 17:13:03.0093 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/23 17:13:03.0109 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 17:13:03.0203 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 17:13:03.0265 3152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/23 17:13:03.0296 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 17:13:03.0406 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/23 17:13:03.0468 3152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 17:13:03.0515 3152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/23 17:13:03.0593 3152 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/08/23 17:13:03.0703 3152 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/23 17:13:03.0875 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 17:13:03.0937 3152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/23 17:13:03.0984 3152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/23 17:13:04.0031 3152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 17:13:04.0140 3152 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/23 17:13:04.0343 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 17:13:04.0406 3152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/23 17:13:04.0453 3152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/23 17:13:04.0515 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/23 17:13:04.0546 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/23 17:13:04.0734 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 17:13:04.0796 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 17:13:04.0843 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 17:13:04.0937 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 17:13:04.0984 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 17:13:05.0046 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 17:13:05.0125 3152 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/08/23 17:13:05.0234 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 17:13:05.0296 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 17:13:05.0375 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 17:13:05.0468 3152 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
2011/08/23 17:13:05.0578 3152 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/23 17:13:05.0656 3152 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/23 17:13:05.0765 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 17:13:05.0828 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 17:13:05.0921 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 17:13:06.0000 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 17:13:06.0046 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 17:13:06.0093 3152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/23 17:13:06.0125 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 17:13:06.0203 3152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 17:13:06.0312 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 17:13:06.0406 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 17:13:06.0468 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 17:13:06.0515 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 17:13:06.0578 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 17:13:06.0656 3152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 17:13:06.0718 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 17:13:06.0812 3152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 17:13:06.0953 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 17:13:07.0000 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 17:13:07.0078 3152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 17:13:07.0109 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 17:13:07.0234 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 17:13:07.0390 3152 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 17:13:07.0453 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 17:13:07.0562 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 17:13:07.0718 3152 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/23 17:13:07.0781 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 17:13:07.0890 3152 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/23 17:13:08.0062 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 17:13:08.0093 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 17:13:08.0156 3152 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 17:13:08.0234 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/23 17:13:08.0265 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 17:13:08.0312 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 17:13:08.0390 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 17:13:08.0437 3152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 17:13:08.0484 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/23 17:13:08.0640 3152 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/08/23 17:13:08.0734 3152 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/08/23 17:13:08.0890 3152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/23 17:13:08.0937 3152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/23 17:13:09.0031 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 17:13:09.0062 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 17:13:09.0109 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 17:13:09.0171 3152 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/23 17:13:09.0281 3152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/23 17:13:09.0328 3152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/23 17:13:09.0375 3152 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/23 17:13:09.0437 3152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/23 17:13:09.0468 3152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/23 17:13:09.0515 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 17:13:09.0593 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 17:13:09.0703 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 17:13:09.0765 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 17:13:09.0828 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 17:13:09.0890 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 17:13:09.0968 3152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 17:13:10.0046 3152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 17:13:10.0109 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 17:13:10.0234 3152 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/08/23 17:13:10.0328 3152 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/08/23 17:13:10.0406 3152 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/23 17:13:10.0468 3152 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/23 17:13:10.0531 3152 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/08/23 17:13:10.0609 3152 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/23 17:13:10.0765 3152 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/23 17:13:10.0906 3152 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/23 17:13:10.0984 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 17:13:11.0046 3152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/23 17:13:11.0093 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/23 17:13:11.0171 3152 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/23 17:13:11.0203 3152 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/23 17:13:11.0234 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 17:13:11.0312 3152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/23 17:13:11.0437 3152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/23 17:13:11.0500 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 17:13:11.0609 3152 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/23 17:13:11.0625 3152 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/23 17:13:11.0625 3152 sptd - detected LockedFile.Multi.Generic (1)
2011/08/23 17:13:11.0703 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 17:13:11.0812 3152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 17:13:12.0015 3152 STHDA (0467a93b1e7fda167e01fdec79783154) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/23 17:13:12.0140 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 17:13:12.0281 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 17:13:12.0390 3152 swmsflt (40ff1af10735cf67746b50780eff7ae4) C:\WINDOWS\system32\DRIVERS\swmsflt.sys
2011/08/23 17:13:12.0531 3152 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
2011/08/23 17:13:12.0609 3152 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
2011/08/23 17:13:12.0765 3152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/23 17:13:12.0812 3152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/23 17:13:12.0843 3152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/23 17:13:12.0875 3152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/23 17:13:12.0953 3152 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/23 17:13:13.0046 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 17:13:13.0140 3152 tbhsd (f03ed3bf512be849daa1f6131eb50fb4) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/08/23 17:13:13.0218 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 17:13:13.0296 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 17:13:13.0343 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 17:13:13.0390 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 17:13:13.0515 3152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/23 17:13:13.0609 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 17:13:13.0656 3152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/23 17:13:13.0734 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 17:13:13.0843 3152 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/23 17:13:13.0953 3152 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/23 17:13:14.0000 3152 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/08/23 17:13:14.0093 3152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 17:13:14.0125 3152 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/08/23 17:13:14.0187 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 17:13:14.0265 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 17:13:14.0359 3152 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/08/23 17:13:14.0437 3152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/23 17:13:14.0500 3152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/23 17:13:14.0546 3152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 17:13:14.0609 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/23 17:13:14.0687 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 17:13:14.0796 3152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/23 17:13:14.0890 3152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/23 17:13:14.0953 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 17:13:15.0140 3152 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/08/23 17:13:15.0375 3152 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/08/23 17:13:15.0453 3152 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/08/23 17:13:15.0531 3152 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/08/23 17:13:15.0593 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 17:13:15.0812 3152 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/23 17:13:15.0890 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 17:13:16.0015 3152 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/23 17:13:16.0171 3152 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/23 17:13:16.0265 3152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/23 17:13:16.0359 3152 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2011/08/23 17:13:16.0421 3152 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
2011/08/23 17:13:16.0484 3152 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
2011/08/23 17:13:16.0500 3152 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
2011/08/23 17:13:16.0546 3152 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
2011/08/23 17:13:16.0656 3152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/23 17:13:16.0750 3152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/23 17:13:16.0937 3152 XPADFL02 (6ab0d2d28e2a984fbba5295f2dd81878) C:\WINDOWS\system32\DRIVERS\xpadfl02.sys
2011/08/23 17:13:17.0000 3152 MBR (0x1B8) (9a33e998f01c9c93be804d4f1127a829) \Device\Harddisk0\DR0
2011/08/23 17:13:17.0000 3152 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/08/23 17:13:17.0015 3152 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
2011/08/23 17:13:17.0046 3152 Boot (0x1200) (e1cd70fd8f2f7afa8f51c44483307d61) \Device\Harddisk0\DR0\Partition0
2011/08/23 17:13:17.0046 3152 Boot (0x1200) (66ff838d859b483dd4ef44862e02f89b) \Device\Harddisk1\DR4\Partition0
2011/08/23 17:13:17.0062 3152 ================================================================================
2011/08/23 17:13:17.0062 3152 Scan finished
2011/08/23 17:13:17.0062 3152 ================================================================================
2011/08/23 17:13:17.0078 3932 Detected object count: 2
2011/08/23 17:13:17.0078 3932 Actual detected object count: 2
2011/08/23 17:14:29.0937 3932 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/23 17:14:29.0968 3932 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/08/23 17:14:29.0968 3932 \Device\Harddisk0\DR0 - ok
2011/08/23 17:14:29.0968 3932 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/23 17:16:12.0796 2640 Deinitialize success

Attached Files


Edited by Noviciate, 24 August 2011 - 02:45 PM.
Added log from attachment


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 24 August 2011 - 02:46 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#12 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 24 August 2011 - 09:59 PM

here are the logs you requested.I have not seen the BSOD since that rootkit was removed yesterday.

ESET

C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\MyWayMyWebSearch1.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\MyWayMyWebSearch4.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv1.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv2.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv3.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv4.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot -

Search & Destroy\Recovery\WinBankerfgv5.zip

Win32/Bagle.gen.zip worm
C:\Documents and Settings\Rebecca\My

Documents\Downloads\Hiren's BootCD

13.2\Hirens.BootCD.13.2.zip Win32/PSWTool.KonBoot.A

application
C:\Program Files\Final Draft 7\blz-fd71119-patch.exe a

variant of Win32/HackTool.Patcher.A application
C:\Program Files\PDF Password Cracker Pro v3.0\crackpdf.exe

a variant of Win32/PSWTool.PdfCracker.A application
C:\QooBox\Quarantine\C\WINDOWS\system32\EegMnUvw.ini.vir

Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\system32\EegMnUvw.ini2.vir

Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\system32\geslibwc.ini.vir

Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\system32\owumnmyr.ini.vir

Win32/Adware.Virtumonde.NEO application
C:\QooBox\Quarantine\C\WINDOWS\system32\uvapupbk.ini.vir

Win32/Adware.Virtumonde.NEO application
C:\SDFix\apps\Process.exe Win32/PrcView application
C:\WINDOWS\system32\Process.exe Win32/PrcView application
C:\WINDOWS\temp\6.tmp Win32/Olmarik.AWO trojan
C:\WINDOWS\temp\srv29C.tmp Win32/AutoRun.Agent.ACO worm
E:\setup1911.fon Win32/AutoRun.Agent.ACO worm
E:\setup1911.lnk LNK/Exploit.CVE-2010-2568 trojan
E:\Downloads BECCA'S LAPTOP\Hiren's BootCD

13.2\Hirens.BootCD.13.2.zip Win32/PSWTool.KonBoot.A

application
E:\Lappy Backup\Downloads\Hiren's BootCD

13.2\Hirens.BootCD.13.2.zip Win32/PSWTool.KonBoot.A

application
Operating memory Win32/AutoRun.Agent.ACO worm

DDS
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Rebecca at 21:26:44 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.946

[GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated*

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clearwire\Connection

Manager\clearwireDeviceDiagnosticsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\runservice.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG10\Identity

Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity

Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uSearch Page =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo

.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo

.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =

hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo

.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program

files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -

c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e}

- c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper:

{9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -

c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper:

{ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} -

c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program

files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program

files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -

c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [IBP]
uRun: [QNPlus]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active

desktop calendar\ADC.exe
uRun: [Google Update] "c:\documents and settings\Rebecca\local

settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "c:\program files\microsoft

office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [dellsupportcenter] "c:\program files\dell support

center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe"

-atboottime
dRunOnce: [RunNarrator] Narrator.exe
IE: &Download by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?p=ZRfox000
IE: Add to Evernote 4.0 - c:\program

files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.ht

ml
IE: Append to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.h

tml
IE: Convert to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel -

c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk

messenger\Paltalk.exe
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program

files\icq7.2\ICQ.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program

files\evernote\evernote\EvernoteIE.dll/204
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program

files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.ca

b
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultr

ashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -

hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.C

AB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.ca

b
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75FE7E2D-268D-4B4E-92A3-A8859E2301B4} : DhcpNameServer

= 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program

files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook:

{b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program

files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rebecca\application

data\mozilla\firefox\profiles\w8w6qaje.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3

&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61758
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Rebecca\application

data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{7b13ec3e-999

a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Rebecca\application

data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{8bdea9d6-6f6

2-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Rebecca\application

data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{e0b8c461-f8f

b-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\documents and settings\Rebecca\application

data\mozilla\firefox\profiles\w8w6qaje.default\extensions\engine@condui

t.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program

files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program

files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabX

pcom.dll
FF - plugin: c:\documents and settings\Rebecca\application

data\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\documents and settings\Rebecca\application data\move

networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Rebecca\application data\move

networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Rebecca\local

settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\Rebecca\local

settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\research in

motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program

files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec

pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec

pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft

silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience

technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask -

true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys

[2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit

Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader

Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys

[2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity

protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8

269520]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics

Service;c:\program files\clearwire\connection

manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 libusbd;LibUsb-Win32 - Daemon, Version

0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-6-6

2560]
R2 MBAMService;MBAMService;c:\program files\malwarebytes'

anti-malware\mbamservice.exe [2008-10-16 366640]
R2 SMSI Device Launch Service;Clearwire Device Launch

Service;c:\program files\clearwire\connection

manager\DeviceLaunchSvc.exe [2010-9-1 107856]
R3

AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys

[2010-8-19 134480]
R3

AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys

[2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys

[2010-8-19 27216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version

0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-21 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

[2008-10-16 22712]
S2 srv29C;srv29C;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11

14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program

files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 1025352]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys

[2010-3-26 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys

[2010-3-26 51456]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program

files\clearwire\connection manager\RcAppSvc.exe [2010-9-1 120144]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys -->

c:\program files\peerblock\pbfilter.sys [?]
S3 wacmoumonitor;Wacom Mode

Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-13 16168]
S3

WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAud

io_DeviceS(1).sys [2010-1-18 25704]
S3

WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAud

io_DeviceS(2).sys [2010-1-18 25704]
S3

WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAud

io_DeviceS(3).sys [2010-1-18 25704]
S3

WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAud

io_DeviceS(4).sys [2010-1-18 25704]
S3

WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAud

io_DeviceS(5).sys [2010-1-18 25704]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys -->

c:\windows\system32\XDva281.sys [?]
S3 XPADFL02;XPAD Filter Service

02;c:\windows\system32\drivers\xPADFL02.sys [2009-1-21 27904]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

[2010-2-13 4497704]
S4 WTouchService;WTouch Service;c:\program

files\wtouch\WTouchService.exe [2010-2-13 113448]
.
=============== Created Last 30 ================
.
2011-08-24 21:51:59 -------- d-----w- c:\documents

and settings\Rebecca\application data\Blue Tea Games
2011-08-24 20:00:16 -------- d-----w- c:\program

files\ESET
2011-08-24 04:33:45 -------- d-----w- c:\documents

and settings\Rebecca\application data\DarkParablesBriarRose_BFG
2011-08-24 04:31:43 -------- d-----w- c:\program

files\Games
2011-08-23 16:18:38 -------- d-----w- c:\program

files\Speccy
2011-08-22 23:29:33 -------- d-----w- c:\documents

and settings\Rebecca\application data\Gogii
2011-08-22 02:46:49 -------- d-----w- c:\documents

and settings\all users\application data\Princess Isabella
2011-08-22 02:44:54 -------- d-----w- c:\program

files\FishBone Games
2011-08-09 19:41:32 139656 ------w-

c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 19:40:54 10496 ------w-

c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 12:22:57 -------- d-----w- c:\documents

and settings\Rebecca\local settings\application data\OpenCandy
2011-08-07 12:22:47 -------- d-----w- c:\documents

and settings\Rebecca\application data\OpenCandy
2011-08-05 01:50:56 -------- d-----w- c:\documents

and settings\Rebecca\application data\Seagate
2011-08-05 01:44:58 -------- d-----w- c:\program

files\Seagate File Recovery for Windows
2011-08-03 21:12:44 -------- d-----w- c:\program

files\Wondershare
2011-07-26 04:39:37 -------- d-----w- c:\documents

and settings\all users\application data\Big Fish Games
2011-07-26 04:36:52 -------- d-----w- c:\documents

and settings\all users\application data\BigFishGamesCache
.
==================== Find3M ====================
.
2011-08-23 22:19:38 1465 --sha-w-

c:\windows\system32\mmf.sys
2011-08-14 16:30:53 404640 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w-

c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w-

c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w-

c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w-

c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w-

c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w-

c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w-

c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w-

c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w-

c:\windows\system32\winsrv.dll
2011-06-18 15:27:16 87608 ----a-w- c:\documents and

settings\Rebecca\application data\inst.exe
2011-06-18 15:27:16 47360 ----a-w- c:\documents and

settings\Rebecca\application data\pcouffin.sys
2011-06-02 14:02:05 1858944 ----a-w-

c:\windows\system32\win32k.sys
.
============= FINISH: 21:29:38.89 ===============

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 25 August 2011 - 03:18 PM

Good evening. :)

Open Notepad: Start > All Programs > Accessories > Notepad.
Click on Format and ensure that Wordwrap is unchecked. If it isn't, uncheck it.

Once you've done that, let me have another copy of the DDS log - as you can see, the last one you posted has some blank lines in it that make it very difficult to decipher.

So long, and thanks for all the fish.

 

 


#14 PressRewind

PressRewind
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:08:34 PM

Posted 25 August 2011 - 03:44 PM

ok here is a new DDS log.

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Rebecca at 15:39:50 on 2011-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1101 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\runservice.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rebecca\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [IBP]
uRun: [QNPlus]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [Google Update] "c:\documents and settings\Rebecca\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?p=ZRfox000
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75FE7E2D-268D-4B4E-92A3-A8859E2301B4} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Rebecca\application data\mozilla\firefox\profiles\w8w6qaje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61758
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Rebecca\application data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Rebecca\application data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Rebecca\application data\mozilla\firefox\profiles\w8w6qaje.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\documents and settings\Rebecca\application data\mozilla\firefox\profiles\w8w6qaje.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\Rebecca\application data\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\documents and settings\Rebecca\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Rebecca\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Rebecca\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\Rebecca\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-6-6 2560]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-16 366640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2010-9-1 107856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-21 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-16 22712]
S2 srv29C;srv29C;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 1025352]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2010-9-1 120144]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-13 16168]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-1-18 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-1-18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-1-18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-1-18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-1-18 25704]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-1-21 27904]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-13 4497704]
S4 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-13 113448]
.
=============== Created Last 30 ================
.
2011-08-24 21:51:59 -------- d-----w- c:\documents and settings\Rebecca\application data\Blue Tea Games
2011-08-24 20:00:16 -------- d-----w- c:\program files\ESET
2011-08-24 04:33:45 -------- d-----w- c:\documents and settings\Rebecca\application data\DarkParablesBriarRose_BFG
2011-08-24 04:31:43 -------- d-----w- c:\program files\Games
2011-08-23 16:18:38 -------- d-----w- c:\program files\Speccy
2011-08-22 23:29:33 -------- d-----w- c:\documents and settings\Rebecca\application data\Gogii
2011-08-22 02:46:49 -------- d-----w- c:\documents and settings\all users\application data\Princess Isabella
2011-08-22 02:44:54 -------- d-----w- c:\program files\FishBone Games
2011-08-09 19:41:32 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 19:40:54 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 12:22:57 -------- d-----w- c:\documents and settings\Rebecca\local settings\application data\OpenCandy
2011-08-07 12:22:47 -------- d-----w- c:\documents and settings\Rebecca\application data\OpenCandy
2011-08-05 01:50:56 -------- d-----w- c:\documents and settings\Rebecca\application data\Seagate
2011-08-05 01:44:58 -------- d-----w- c:\program files\Seagate File Recovery for Windows
2011-08-03 21:12:44 -------- d-----w- c:\program files\Wondershare
.
==================== Find3M ====================
.
2011-08-23 22:19:38 1465 --sha-w- c:\windows\system32\mmf.sys
2011-08-14 16:30:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-18 15:27:16 87608 ----a-w- c:\documents and settings\Rebecca\application data\inst.exe
2011-06-18 15:27:16 47360 ----a-w- c:\documents and settings\Rebecca\application data\pcouffin.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:42:02.42 ===============

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 27 August 2011 - 03:09 PM

Good evening. :)

The log looks fine, apart from a few leftovers from what look like uninstallations that we might as well tidy away while we are at it.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.
  • Let me know how the PC is behaving as well.

Once i've spotted all the trash, we can use OTL to remove anything making the PC look untidy and that should be that.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users