Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper found in win32K.sys


  • This topic is locked This topic is locked
22 replies to this topic

#1 akjudge1

akjudge1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 19 February 2012 - 12:41 PM

Suddenly got Blue Screen Errors:

Stop:0x0000008E (0xc0000005, 0xBF80536F, 0xB3E4DBAC, 0x00000000)
wind32K.sys - Address BF80536F base at BF800000, DateStamp 4fofoff9

Second Blue Screen Error:

A breakpoint has been reached (0x80000003) occurred in the application at location 0x77c1d74d.

Third Error Message:

C:Windows\system32\services.exe has terminated unexpectantly Status Code 2147483645

I can only get into Windows via Safe Mode, and did the following:
1. Ran Rkill, it found no malware running
2. I then ran Malwarebytes Full Scan (most recent version)
3. Malwarebytes found TROJAN.DROPPER in win32k.sys
4. When I clicked on Remove, I got an error message saying Malwarebytes had to terminate unexpectantly. No log was produced in Notepad.

I ran the above steps a second time, and this time Malwarebytes did not find any malicious software.

I rebooted and still get the BSOD with memory dumps. Sometimes I can get into Normal Windows, but the desktop hanges.

No new software installations, no new hardware, no updates except recent Microsoft High Priority Updates.

I DO NOT KNOW IF MY PROBLEMS ARE RELATED TO THE TROJAN.DROPPER OR A HARDWARE ISSUE (MEMORY CHIP GOING BAD?)

In Safe Mode I get no errors and can access anything on the hard drive.

In the past GRINGO helped me with problems on a different computer, so I came back (the donation was well worth it, since GRINGO was able to fix it).

In Safe Mode I followed the Preparation Guide before posting and will post the logs below.
1. Ran Defogger as instructed in Guide
2. Ran DDS (DDS.txt below - Attach.txt as attachment)
3. Ran GMER (ark.txt as attachment)

Need help if this is software/malware related.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Administrator at 11:41:40 on 2012-02-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2577 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\nero\lib\NMFirstStart.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ProcessLassoManagementConsole] "c:\program files\process lasso\processlasso.exe"
mRun: [ProcessGovernor] "c:\program files\process lasso\processgovernor.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\windows\installer\{00000409-78e1-11d2-b60f-006097c998e7}\misc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\virtua~1.lnk - c:\program files\virtuawin\VirtuaWin.exe
mPolicies-explorer: RevertWebViewSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167522178046
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199129387729
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{063C8ACF-5B63-4402-9488-17EF9C969C59} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{657C7D5E-A8CD-44D3-ACD5-CAE8C4A6646B} : DhcpNameServer = 192.168.254.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\n1ac8i52.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windstream\service agent\nprpspa.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-5-26 16024]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-20 14776]
R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2002-8-14 5632]
R2 HsdService;HsdService;c:\program files\windstream\diagnostic tools\HsdService.exe [2011-12-16 1393976]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\fneturpx.sys --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
S2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-8-10 12184]
S2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2007-1-1 135168]
S2 NTP;Network Time Protocol Daemon;c:\program files\ntp\bin\ntpd.exe -u 3 -m -g -c "c:\program files\ntp\etc\ntp.conf" --> c:\program files\ntp\bin\ntpd.exe -u 3 -m -g -c c:\program files\ntp\etc\ntp.conf [?]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2011-2-15 14416]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-5-26 220824]
S2 RHDISK;RHDISK;c:\program files\rohos\rhdisk.sys [2011-12-21 33280]
S2 sbigudrv;sbigudrv;c:\windows\system32\drivers\sbigudrv.sys [2008-12-18 12800]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-31 1251720]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2011-8-8 257880]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2009-1-8 262360]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-19 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2011-2-15 44344]
S3 oneuport;MosChip 7703-USB2Serial Port;c:\windows\system32\drivers\oneuport.sys [2005-1-17 851840]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2010-2-23 4608]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010\RpcAgentSrv.exe [2010-2-3 93848]
S3 UVC;UVC;c:\windows\system32\drivers\tis_uvc_10015.sys [2007-11-13 43776]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Rohos Disk;Rohos Disk service;c:\program files\rohos\agent.exe [2011-12-21 809272]
S4 ServicepointService;ServicepointService;c:\program files\windstream\service agent\ServicepointService.exe [2011-12-16 10315064]
.
=============== Created Last 30 ================
.
2012-02-19 16:31:38 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2012-02-19 16:19:49 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7aed59c-a1ec-42bf-8453-a10e30f9d930}\mpengine.dll
2012-02-19 13:41:51 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-02-19 12:23:39 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-19 12:19:46 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-02-19 00:22:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-19 00:22:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-19 00:22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 00:21:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-18 14:20:33 8564 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-15 04:07:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 04:07:27 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-11 13:21:04 -------- d-----w- c:\program files\Ditto
2012-02-10 21:50:10 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-10 03:43:45 -------- d-----w- c:\windows\system32\winrm
2012-02-10 03:43:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-02-10 03:43:16 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-10 03:43:15 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-10 03:42:37 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-02-10 03:42:37 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-02-10 03:42:37 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-02-06 13:29:51 -------- d-----w- c:\program files\XYplorer
2012-02-04 16:17:50 61440 ----a-w- c:\windows\system32\msado20.tlb
2012-02-02 01:31:31 -------- d-----w- c:\documents and settings\all users\application data\Driver Manager
2012-02-02 01:30:40 -------- d-----w- c:\program files\Driver Manager
2012-01-25 19:36:21 -------- d-----w- c:\program files\RecipeHub_2jEI
2012-01-20 19:10:46 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32K.sys
2012-01-09 03:50:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-05 16:41:06 1409 ----a-w- c:\windows\QTFont.for
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 22:21:38 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 14:55:56 425984 ----a-w- c:\windows\system32\debayertransform.dll
2011-12-06 14:55:36 233984 ----a-w- c:\windows\system32\iat_yuv.ax
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 11:42:35.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 20 February 2012 - 12:53 AM

Hello and Welcome to the forums!

welcome back!! I will check to see if this is malware related or not OK

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 20 February 2012 - 02:06 PM

Hi Gringo,

Glad I got you again...

Ran Combofix (all ready had Recovery Console installed). Running Combofix turned into quiet an adventure:

In order of occurrance:
1. Started Combofix in Safe Mode with Networking (virus protection disabled)
2. Completed Stage 4 - got Application Error: Application corrupt (did not click OK)
3. Application Error message went away, then re-appeared again (did not click OK)
4. Completed Stage 5 - got Application Error: Application corrupt (did not click OK)
5. Application Error message went away and Completed Stages 6 and up began running in DOS window
6. Quickly got up to about Completed Stage 15 (?? too fast to be sure) then crashed
7. BSOD Memory Dump with the following STOP Error:
STOP 0x000000CA (0x00000004, 0xFD31CB20, 0x00000000, 0x00000000)
8. I shut down & restarted in Safe Mode with Networking and got the following error:
WinlogOn.exe -- Application Error
The instruction at 0x87b8375a referenced memory at 0x87b8375a. The memory could not be "read".
9. I clicked OK in the Error box and got a BSOD:
STOP: c000021a (Fatal System Error) logon process terminated unexpectedly with status of
0x0000005 (0x00000000, 0x00000000). The system has been shut down
10. Started restart in Safe Mode with Networking and got the following Window Error Message:
Instruction at "0x76a81851" referenced memory at "0x75f03b01". The memory could not be written.
11. Clicked OK in Window Error Message and Safe Mode desktop opened but no toolbar on bottom.
12. Computer RESTARTED on it's own after about 2 mins.
13. Tried to use F8 to get into Safe Mode (at proper time) but keyboard dead (no clicks like usual)
14. Computer continued to load Normal Windows -- succeeding after about 6 to 7 minutes.
15. Normal desktop opened (but at lowest monitor resolution) then crashed with a BSOD Memory Dump 1 minute later (didn't write down Stop details).
16. I turned off computer, then turned it on 10 minutes later. F8 worked so I loaded Safe Mode with Networking.
17. Safe Mode with Networking (and the toolbar on bottom) is running as before starting Combofix.

I have not tried to run Combofix again until I hear from you. It appears after several restarts that the crashing of Combofix did not make my computer problem any worse. Obviously, there is no log to send.

Waiting for next instructions. Thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 20 February 2012 - 04:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 20 February 2012 - 10:43 PM

Gringo,

Downloaded TDSSkiller and ran the scan. It found no threats (1 suspicious, but I hit Continue). Log at the end.

Downloaded aswMBR and ran it. It updated the virus definitions fine. Ran Scan. Program crashed 5 seconds into scan. Below are the steps I took:

BSOD Memory Dump Top Message:
IRQL_NOT_LESS_OR_EQUAL
Stop: 0x000000A (0xFFFFFFF0, 0x00000002, 0x00000000, 0x804EEF15)

1. Tried to reboot into Safe Mode with Networking but got BSOD:
Stop: c0000139 {Entry Point not Found}
The procedure entry point GetMmdubFileNameA could not be located in the dynamic link library KERNEL32.dll
2. Tried to reboot into Safe Mode with Networking but got Window Error Message:
winlog. exe Application Error
The instruction at "0x7c9f165e" referenced memory at "0x00000000". The memory could not be "written".
3. I clicked the OK but and got BSOD:
Stop: c0000135 {unable to locate component}
This application has failed to start because u32uscui.dll was not found. Re-installing the application may fix this problem.
4. Tried to reboot into Safe Mode with Networking but got Window Error Message:
WinlogOn.exe -- Application Error
The instruction at 0x87b8375a referenced memory at 0x87b8375a. The memory could not be "read".
5. I clicked OK in the Error box and got a BSOD:
STOP: c000021a (Fatal System Error) logon process terminated unexpectedly with status of
0x0000005 (0x00000000, 0x00000000). The system has been shut down.
6. I rebooted into Safe Mode with Networking -- Desktop (Safe Mode)back to normal.
7. There is no log from aswMBR since it crashed. I did not try to run it again.

Is this looking more & more like memory failure?

Here is the TDSkiller log:

21:51:07.0656 1024 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:51:07.0937 1024 ============================================================
21:51:07.0937 1024 Current date / time: 2012/02/20 21:51:07.0937
21:51:07.0937 1024 SystemInfo:
21:51:07.0937 1024
21:51:07.0937 1024 OS Version: 5.1.2600 ServicePack: 3.0
21:51:07.0937 1024 Product type: Workstation
21:51:07.0937 1024 ComputerName: ALBERT
21:51:07.0937 1024 UserName: Administrator
21:51:07.0937 1024 Windows directory: C:\WINDOWS
21:51:07.0937 1024 System windows directory: C:\WINDOWS
21:51:07.0937 1024 Processor architecture: Intel x86
21:51:07.0937 1024 Number of processors: 2
21:51:07.0937 1024 Page size: 0x1000
21:51:07.0937 1024 Boot type: Safe boot with network
21:51:07.0937 1024 ============================================================
21:51:11.0562 1024 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:51:11.0562 1024 Drive \Device\Harddisk1\DR12 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:51:15.0640 1024 Drive \Device\Harddisk2\DR13 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:51:22.0562 1024 \Device\Harddisk0\DR0:
21:51:22.0562 1024 MBR used
21:51:22.0562 1024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x76B8805
21:51:22.0578 1024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x76D3F8B, BlocksNum 0x26F9DB1
21:51:22.0593 1024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9DD5AFD, BlocksNum 0x9C64BF
21:51:22.0609 1024 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA79BFFB, BlocksNum 0x9C64BF
21:51:22.0609 1024 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xB1624F9, BlocksNum 0x9C64BF
21:51:22.0625 1024 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xBB289F7, BlocksNum 0x138C9BD
21:51:22.0640 1024 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0xCEB53F3, BlocksNum 0x9C64BF
21:51:22.0656 1024 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0xD87B8F1, BlocksNum 0x625BFD5
21:51:22.0671 1024 \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x13AD7905, BlocksNum 0x61AB7E8
21:51:22.0671 1024 \Device\Harddisk1\DR12:
21:51:22.0671 1024 MBR used
21:51:22.0671 1024 \Device\Harddisk1\DR12\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:51:22.0671 1024 \Device\Harddisk2\DR13:
21:51:22.0671 1024 MBR used
21:51:22.0671 1024 \Device\Harddisk2\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:51:22.0859 1024 Initialize success
21:51:22.0859 1024 ============================================================
21:51:35.0703 1520 ============================================================
21:51:35.0703 1520 Scan started
21:51:35.0703 1520 Mode: Manual;
21:51:35.0703 1520 ============================================================
21:51:35.0968 1520 Abiosdsk - ok
21:51:36.0015 1520 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:51:36.0015 1520 abp480n5 - ok
21:51:36.0078 1520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:51:36.0078 1520 ACPI - ok
21:51:36.0125 1520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:51:36.0125 1520 ACPIEC - ok
21:51:36.0140 1520 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:51:36.0140 1520 adpu160m - ok
21:51:36.0171 1520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:51:36.0171 1520 aec - ok
21:51:36.0218 1520 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
21:51:36.0218 1520 Afc - ok
21:51:36.0265 1520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:51:36.0265 1520 AFD - ok
21:51:36.0312 1520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:51:36.0312 1520 agp440 - ok
21:51:36.0328 1520 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:51:36.0343 1520 agpCPQ - ok
21:51:36.0359 1520 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:51:36.0359 1520 Aha154x - ok
21:51:36.0390 1520 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:51:36.0390 1520 aic78u2 - ok
21:51:36.0406 1520 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:51:36.0406 1520 aic78xx - ok
21:51:36.0437 1520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:51:36.0453 1520 AliIde - ok
21:51:36.0515 1520 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:51:36.0515 1520 alim1541 - ok
21:51:36.0562 1520 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:51:36.0562 1520 amdagp - ok
21:51:36.0593 1520 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:51:36.0593 1520 amsint - ok
21:51:36.0640 1520 ApogeeIO (78696bee1932d0c47f59c33bb2879124) C:\WINDOWS\system32\Drivers\apogeeio.sys
21:51:36.0640 1520 ApogeeIO - ok
21:51:36.0703 1520 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:51:36.0703 1520 asc - ok
21:51:36.0750 1520 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:51:36.0750 1520 asc3350p - ok
21:51:36.0796 1520 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:51:36.0796 1520 asc3550 - ok
21:51:36.0859 1520 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:51:36.0859 1520 ASCTRM - ok
21:51:36.0953 1520 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
21:51:36.0953 1520 Aspi32 - ok
21:51:37.0125 1520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:51:37.0125 1520 AsyncMac - ok
21:51:37.0171 1520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:51:37.0171 1520 atapi - ok
21:51:37.0187 1520 Atdisk - ok
21:51:37.0234 1520 ATIAVPCI (2c30680b9fa6bd4b216c507a90426682) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
21:51:37.0265 1520 ATIAVPCI - ok
21:51:37.0312 1520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:51:37.0312 1520 Atmarpc - ok
21:51:37.0375 1520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:51:37.0375 1520 audstub - ok
21:51:37.0406 1520 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
21:51:37.0406 1520 BANTExt - ok
21:51:37.0437 1520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:51:37.0437 1520 Beep - ok
21:51:37.0515 1520 catchme - ok
21:51:37.0562 1520 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:51:37.0562 1520 cbidf - ok
21:51:37.0562 1520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:51:37.0562 1520 cbidf2k - ok
21:51:37.0593 1520 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:51:37.0593 1520 CCDECODE - ok
21:51:37.0609 1520 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:51:37.0609 1520 cd20xrnt - ok
21:51:37.0640 1520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:51:37.0640 1520 Cdaudio - ok
21:51:37.0671 1520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:51:37.0671 1520 Cdfs - ok
21:51:37.0703 1520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:51:37.0703 1520 Cdrom - ok
21:51:37.0703 1520 Changer - ok
21:51:37.0765 1520 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:51:37.0765 1520 CmdIde - ok
21:51:37.0843 1520 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:51:37.0843 1520 Cpqarray - ok
21:51:37.0859 1520 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:51:37.0875 1520 dac2w2k - ok
21:51:38.0031 1520 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:51:38.0031 1520 dac960nt - ok
21:51:38.0062 1520 DCamUSBEMPIA (d1e10f98132fcacc245f69ff9564cda5) C:\WINDOWS\system32\DRIVERS\emDevice.sys
21:51:38.0062 1520 DCamUSBEMPIA - ok
21:51:38.0109 1520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:51:38.0109 1520 Disk - ok
21:51:38.0156 1520 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:51:38.0156 1520 DLABOIOM - ok
21:51:38.0171 1520 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:51:38.0171 1520 DLACDBHM - ok
21:51:38.0203 1520 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:51:38.0203 1520 DLADResN - ok
21:51:38.0234 1520 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:51:38.0234 1520 DLAIFS_M - ok
21:51:38.0265 1520 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:51:38.0265 1520 DLAOPIOM - ok
21:51:38.0281 1520 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:51:38.0281 1520 DLAPoolM - ok
21:51:38.0296 1520 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:51:38.0296 1520 DLARTL_N - ok
21:51:38.0328 1520 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:51:38.0328 1520 DLAUDFAM - ok
21:51:38.0343 1520 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:51:38.0359 1520 DLAUDF_M - ok
21:51:38.0406 1520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:51:38.0437 1520 dmboot - ok
21:51:38.0468 1520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:51:38.0468 1520 dmio - ok
21:51:38.0484 1520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:51:38.0484 1520 dmload - ok
21:51:38.0531 1520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:51:38.0531 1520 DMusic - ok
21:51:38.0578 1520 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:51:38.0578 1520 dpti2o - ok
21:51:38.0625 1520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:51:38.0625 1520 drmkaud - ok
21:51:38.0656 1520 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:51:38.0656 1520 DRVMCDB - ok
21:51:38.0671 1520 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:51:38.0671 1520 DRVNDDM - ok
21:51:38.0750 1520 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:51:38.0750 1520 DSproct - ok
21:51:38.0906 1520 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:51:38.0906 1520 E100B - ok
21:51:38.0968 1520 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:51:38.0968 1520 e1express - ok
21:51:39.0031 1520 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
21:51:39.0046 1520 ELacpi - ok
21:51:39.0078 1520 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
21:51:39.0078 1520 ELhid - ok
21:51:39.0109 1520 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
21:51:39.0109 1520 ELkbd - ok
21:51:39.0140 1520 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
21:51:39.0140 1520 ELmon - ok
21:51:39.0171 1520 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
21:51:39.0171 1520 ELmou - ok
21:51:39.0218 1520 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
21:51:39.0218 1520 es1371 - ok
21:51:39.0265 1520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:51:39.0265 1520 Fastfat - ok
21:51:39.0312 1520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:51:39.0312 1520 Fdc - ok
21:51:39.0343 1520 FiltUSBEMPIA (051cd6c6e104075fff9edb375b0a8c54) C:\WINDOWS\system32\DRIVERS\emFilter.sys
21:51:39.0343 1520 FiltUSBEMPIA - ok
21:51:39.0375 1520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:51:39.0375 1520 Fips - ok
21:51:39.0406 1520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:51:39.0406 1520 Flpydisk - ok
21:51:39.0453 1520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:51:39.0453 1520 FltMgr - ok
21:51:39.0453 1520 FNETTBOH - ok
21:51:39.0484 1520 FNETURPX - ok
21:51:39.0531 1520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:51:39.0531 1520 Fs_Rec - ok
21:51:39.0562 1520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:51:39.0562 1520 Ftdisk - ok
21:51:39.0718 1520 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:51:39.0718 1520 gameenum - ok
21:51:39.0750 1520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:51:39.0750 1520 GEARAspiWDM - ok
21:51:39.0828 1520 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
21:51:39.0828 1520 GhPciScan - ok
21:51:39.0875 1520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:51:39.0875 1520 Gpc - ok
21:51:39.0953 1520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:51:39.0953 1520 HDAudBus - ok
21:51:39.0984 1520 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:51:39.0984 1520 HidUsb - ok
21:51:40.0031 1520 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:51:40.0031 1520 hpn - ok
21:51:40.0078 1520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:51:40.0078 1520 HTTP - ok
21:51:40.0140 1520 i1display (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\Drivers\i1display.sys
21:51:40.0140 1520 i1display - ok
21:51:40.0187 1520 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:51:40.0187 1520 i2omgmt - ok
21:51:40.0218 1520 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:51:40.0218 1520 i2omp - ok
21:51:40.0250 1520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:51:40.0250 1520 i8042prt - ok
21:51:40.0296 1520 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
21:51:40.0296 1520 iaStor - ok
21:51:40.0468 1520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:51:40.0468 1520 Imapi - ok
21:51:40.0531 1520 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:51:40.0531 1520 ini910u - ok
21:51:40.0546 1520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:51:40.0546 1520 IntelIde - ok
21:51:40.0593 1520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:51:40.0593 1520 intelppm - ok
21:51:40.0609 1520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:51:40.0609 1520 Ip6Fw - ok
21:51:40.0625 1520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:51:40.0625 1520 IpFilterDriver - ok
21:51:40.0640 1520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:51:40.0656 1520 IpInIp - ok
21:51:40.0687 1520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:51:40.0687 1520 IpNat - ok
21:51:40.0750 1520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:51:40.0750 1520 IPSec - ok
21:51:40.0781 1520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:51:40.0781 1520 IRENUM - ok
21:51:40.0828 1520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:51:40.0828 1520 isapnp - ok
21:51:40.0875 1520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:51:40.0875 1520 Kbdclass - ok
21:51:40.0906 1520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:51:40.0906 1520 kbdhid - ok
21:51:40.0921 1520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:51:40.0921 1520 kmixer - ok
21:51:40.0953 1520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:51:40.0953 1520 KSecDD - ok
21:51:41.0015 1520 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:51:41.0015 1520 LBeepKE - ok
21:51:41.0031 1520 lbrtfdc - ok
21:51:41.0093 1520 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:51:41.0093 1520 LHidFilt - ok
21:51:41.0125 1520 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
21:51:41.0125 1520 LHidKe - ok
21:51:41.0203 1520 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:51:41.0203 1520 LMouFilt - ok
21:51:41.0234 1520 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:51:41.0234 1520 LMouKE - ok
21:51:41.0390 1520 MaxImIO (d84fb8f14981f9ddc834dd143376e608) C:\WINDOWS\system32\Drivers\maximio.sys
21:51:41.0390 1520 MaxImIO - ok
21:51:41.0468 1520 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:51:41.0468 1520 MHNDRV - ok
21:51:41.0484 1520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:51:41.0500 1520 mnmdd - ok
21:51:41.0531 1520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:51:41.0531 1520 Modem - ok
21:51:41.0562 1520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:51:41.0562 1520 Mouclass - ok
21:51:41.0593 1520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:51:41.0593 1520 mouhid - ok
21:51:41.0640 1520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:51:41.0640 1520 MountMgr - ok
21:51:41.0656 1520 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:51:41.0671 1520 MPE - ok
21:51:41.0718 1520 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:51:41.0718 1520 MpFilter - ok
21:51:41.0765 1520 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
21:51:41.0765 1520 MQAC - ok
21:51:41.0781 1520 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:51:41.0781 1520 mraid35x - ok
21:51:41.0812 1520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:51:41.0812 1520 MRxDAV - ok
21:51:41.0859 1520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:51:41.0875 1520 MRxSmb - ok
21:51:41.0921 1520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:51:41.0921 1520 Msfs - ok
21:51:41.0968 1520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:51:41.0968 1520 MSKSSRV - ok
21:51:42.0015 1520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:51:42.0015 1520 MSPCLOCK - ok
21:51:42.0171 1520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:51:42.0171 1520 MSPQM - ok
21:51:42.0218 1520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:51:42.0218 1520 mssmbios - ok
21:51:42.0250 1520 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:51:42.0250 1520 MSTEE - ok
21:51:42.0296 1520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:51:42.0296 1520 Mup - ok
21:51:42.0328 1520 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:51:42.0328 1520 NABTSFEC - ok
21:51:42.0359 1520 NAL (5dbfd0a59d9585f5c31927678169b048) C:\WINDOWS\system32\Drivers\iqvw32.sys
21:51:42.0359 1520 NAL - ok
21:51:42.0437 1520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:51:42.0437 1520 NDIS - ok
21:51:42.0453 1520 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:51:42.0453 1520 NdisIP - ok
21:51:42.0500 1520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:51:42.0500 1520 NdisTapi - ok
21:51:42.0515 1520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:51:42.0515 1520 Ndisuio - ok
21:51:42.0546 1520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:51:42.0546 1520 NdisWan - ok
21:51:42.0578 1520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:51:42.0578 1520 NDProxy - ok
21:51:42.0609 1520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:51:42.0609 1520 NetBIOS - ok
21:51:42.0640 1520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:51:42.0640 1520 NetBT - ok
21:51:42.0734 1520 NPDriver (410ab482d8a1e1655a7158a7b5c72ce7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
21:51:42.0734 1520 NPDriver - ok
21:51:42.0765 1520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:51:42.0765 1520 Npfs - ok
21:51:42.0812 1520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:51:42.0828 1520 Ntfs - ok
21:51:43.0031 1520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:51:43.0031 1520 Null - ok
21:51:43.0203 1520 nv (a31ddc9b5be9f9f26e0527c0c1734198) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:51:43.0359 1520 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: a31ddc9b5be9f9f26e0527c0c1734198, Fake md5: d89cfd2e26df80dbba16b93f0d161352
21:51:43.0390 1520 nv ( ForgedFile.Multi.Generic ) - warning
21:51:43.0390 1520 nv - detected ForgedFile.Multi.Generic (1)
21:51:43.0421 1520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:51:43.0421 1520 NwlnkFlt - ok
21:51:43.0468 1520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:51:43.0468 1520 NwlnkFwd - ok
21:51:43.0515 1520 oneuport (23c174ec55755a42d8aa896019b8eb35) C:\WINDOWS\system32\DRIVERS\oneuport.sys
21:51:43.0546 1520 oneuport - ok
21:51:43.0578 1520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:51:43.0578 1520 Parport - ok
21:51:43.0593 1520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:51:43.0593 1520 PartMgr - ok
21:51:43.0625 1520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:51:43.0625 1520 ParVdm - ok
21:51:43.0656 1520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:51:43.0656 1520 PCI - ok
21:51:43.0671 1520 PCIDump - ok
21:51:43.0718 1520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:51:43.0718 1520 PCIIde - ok
21:51:43.0765 1520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:51:43.0765 1520 Pcmcia - ok
21:51:43.0765 1520 PDCOMP - ok
21:51:43.0796 1520 PDFRAME - ok
21:51:43.0828 1520 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
21:51:43.0828 1520 PDIHWCTL - ok
21:51:43.0843 1520 PDRELI - ok
21:51:43.0859 1520 PDRFRAME - ok
21:51:43.0906 1520 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:51:43.0906 1520 perc2 - ok
21:51:43.0921 1520 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:51:43.0921 1520 perc2hib - ok
21:51:44.0031 1520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:51:44.0031 1520 PptpMiniport - ok
21:51:44.0187 1520 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
21:51:44.0187 1520 PQNTDrv - ok
21:51:44.0218 1520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:51:44.0234 1520 PSched - ok
21:51:44.0250 1520 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:51:44.0265 1520 PSI - ok
21:51:44.0281 1520 pssnap (a0b8cc9c0659316612b4fa1a7062e5ab) C:\WINDOWS\system32\DRIVERS\pssnap.sys
21:51:44.0281 1520 pssnap - ok
21:51:44.0328 1520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:51:44.0328 1520 Ptilink - ok
21:51:44.0375 1520 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:51:44.0375 1520 PxHelp20 - ok
21:51:44.0406 1520 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:51:44.0406 1520 ql1080 - ok
21:51:44.0453 1520 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:51:44.0453 1520 Ql10wnt - ok
21:51:44.0500 1520 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:51:44.0500 1520 ql12160 - ok
21:51:44.0515 1520 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:51:44.0515 1520 ql1240 - ok
21:51:44.0546 1520 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:51:44.0546 1520 ql1280 - ok
21:51:44.0578 1520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:51:44.0578 1520 RasAcd - ok
21:51:44.0609 1520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:51:44.0609 1520 Rasl2tp - ok
21:51:44.0625 1520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:51:44.0625 1520 RasPppoe - ok
21:51:44.0656 1520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:51:44.0656 1520 Raspti - ok
21:51:44.0703 1520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:51:44.0718 1520 Rdbss - ok
21:51:44.0734 1520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:51:44.0734 1520 RDPCDD - ok
21:51:44.0765 1520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:51:44.0765 1520 rdpdr - ok
21:51:44.0828 1520 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:51:44.0828 1520 RDPWD - ok
21:51:44.0906 1520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:51:44.0906 1520 redbook - ok
21:51:45.0000 1520 RHDISK (3c57aea854eb5b33c664a377ace37449) C:\Program Files\Rohos\RHDISK.SYS
21:51:45.0000 1520 RHDISK - ok
21:51:45.0156 1520 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
21:51:45.0156 1520 RMCAST - ok
21:51:45.0250 1520 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\RMClock\RTCore32.sys
21:51:45.0250 1520 RTCore32 - ok
21:51:45.0328 1520 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys
21:51:45.0328 1520 SANDRA - ok
21:51:45.0390 1520 sbigudrv (a066fe931e6213cb71c40eba3775cba3) C:\WINDOWS\SYSTEM32\DRIVERS\sbigudrv.sys
21:51:45.0390 1520 sbigudrv - ok
21:51:45.0421 1520 ScanUSBEMPIA (eb27c41436b5090ead6a134693bfeab7) C:\WINDOWS\system32\DRIVERS\emScan.sys
21:51:45.0421 1520 ScanUSBEMPIA - ok
21:51:45.0468 1520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:51:45.0468 1520 Secdrv - ok
21:51:45.0546 1520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:51:45.0546 1520 serenum - ok
21:51:45.0562 1520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:51:45.0562 1520 Serial - ok
21:51:45.0671 1520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:51:45.0671 1520 Sfloppy - ok
21:51:45.0703 1520 Simbad - ok
21:51:45.0750 1520 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:51:45.0750 1520 sisagp - ok
21:51:45.0765 1520 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:51:45.0765 1520 SLIP - ok
21:51:45.0828 1520 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
21:51:45.0828 1520 SmartDefragDriver - ok
21:51:45.0890 1520 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:51:45.0890 1520 Sparrow - ok
21:51:45.0937 1520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:51:45.0937 1520 splitter - ok
21:51:46.0093 1520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:51:46.0109 1520 sr - ok
21:51:46.0156 1520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:51:46.0171 1520 Srv - ok
21:51:46.0250 1520 STHDA (b2331aa1955c0d66efcb7ddbcd32a2bc) C:\WINDOWS\system32\drivers\sthda.sys
21:51:46.0281 1520 STHDA - ok
21:51:46.0343 1520 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:51:46.0343 1520 StillCam - ok
21:51:46.0390 1520 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:51:46.0390 1520 streamip - ok
21:51:46.0406 1520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:51:46.0406 1520 swenum - ok
21:51:46.0437 1520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:51:46.0437 1520 swmidi - ok
21:51:46.0515 1520 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:51:46.0515 1520 symc810 - ok
21:51:46.0531 1520 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:51:46.0531 1520 symc8xx - ok
21:51:46.0562 1520 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
21:51:46.0562 1520 symlcbrd - ok
21:51:46.0593 1520 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:51:46.0593 1520 sym_hi - ok
21:51:46.0609 1520 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:51:46.0609 1520 sym_u3 - ok
21:51:46.0656 1520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:51:46.0656 1520 sysaudio - ok
21:51:46.0718 1520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:51:46.0734 1520 Tcpip - ok
21:51:46.0875 1520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:51:46.0875 1520 TDPIPE - ok
21:51:46.0890 1520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:51:46.0890 1520 TDTCP - ok
21:51:46.0921 1520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:51:46.0921 1520 TermDD - ok
21:51:46.0984 1520 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:51:46.0984 1520 TosIde - ok
21:51:47.0031 1520 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
21:51:47.0031 1520 TVICHW32 - ok
21:51:47.0062 1520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:51:47.0062 1520 Udfs - ok
21:51:47.0140 1520 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:51:47.0156 1520 ultra - ok
21:51:47.0218 1520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:51:47.0234 1520 Update - ok
21:51:47.0312 1520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:51:47.0312 1520 USBAAPL - ok
21:51:47.0343 1520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:51:47.0343 1520 usbccgp - ok
21:51:47.0375 1520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:51:47.0375 1520 usbehci - ok
21:51:47.0390 1520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:51:47.0406 1520 usbhub - ok
21:51:47.0421 1520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:51:47.0421 1520 usbprint - ok
21:51:47.0453 1520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:51:47.0453 1520 usbscan - ok
21:51:47.0484 1520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:51:47.0484 1520 USBSTOR - ok
21:51:47.0500 1520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:51:47.0500 1520 usbuhci - ok
21:51:47.0531 1520 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:51:47.0546 1520 usbvideo - ok
21:51:47.0687 1520 UVC (ca73b0bdea552ff66477beacd73363de) C:\WINDOWS\system32\drivers\tis_uvc_10015.sys
21:51:47.0687 1520 UVC - ok
21:51:47.0734 1520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:51:47.0734 1520 VgaSave - ok
21:51:47.0750 1520 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:51:47.0750 1520 viaagp - ok
21:51:47.0781 1520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:51:47.0781 1520 ViaIde - ok
21:51:47.0796 1520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:51:47.0796 1520 VolSnap - ok
21:51:47.0875 1520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:51:47.0875 1520 Wanarp - ok
21:51:47.0890 1520 wanatw - ok
21:51:47.0953 1520 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:51:47.0953 1520 Wdf01000 - ok
21:51:47.0968 1520 WDICA - ok
21:51:48.0015 1520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:51:48.0015 1520 wdmaud - ok
21:51:48.0187 1520 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:51:48.0187 1520 WS2IFSL - ok
21:51:48.0250 1520 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:51:48.0250 1520 WSTCODEC - ok
21:51:48.0296 1520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:51:48.0312 1520 WudfPf - ok
21:51:48.0328 1520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:51:48.0328 1520 WudfRd - ok
21:51:48.0421 1520 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
21:51:48.0453 1520 \Device\Harddisk0\DR0 - ok
21:51:48.0468 1520 MBR (0x1B8) (31cfc50fbd443daeec9a5c7ae8da8f6d) \Device\Harddisk1\DR12
21:51:48.0468 1520 \Device\Harddisk1\DR12 - ok
21:51:48.0484 1520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR13
21:51:48.0484 1520 \Device\Harddisk2\DR13 - ok
21:51:48.0531 1520 Boot (0x1200) (b76525aca8d56ffc7c213015880a074d) \Device\Harddisk0\DR0\Partition0
21:51:48.0531 1520 \Device\Harddisk0\DR0\Partition0 - ok
21:51:48.0562 1520 Boot (0x1200) (6e44ff42786d35f3a26eed027a5d7b56) \Device\Harddisk0\DR0\Partition1
21:51:48.0562 1520 \Device\Harddisk0\DR0\Partition1 - ok
21:51:48.0593 1520 Boot (0x1200) (6b3c32153f369385471090e060e3f883) \Device\Harddisk0\DR0\Partition2
21:51:48.0593 1520 \Device\Harddisk0\DR0\Partition2 - ok
21:51:48.0609 1520 Boot (0x1200) (9858172ce8c68a6ba939dc4531477550) \Device\Harddisk0\DR0\Partition3
21:51:48.0609 1520 \Device\Harddisk0\DR0\Partition3 - ok
21:51:48.0640 1520 Boot (0x1200) (03136f6a6adc59cd29bb440a944f19da) \Device\Harddisk0\DR0\Partition4
21:51:48.0640 1520 \Device\Harddisk0\DR0\Partition4 - ok
21:51:48.0656 1520 Boot (0x1200) (b25d9193ee6fbd7cb364417fda962ece) \Device\Harddisk0\DR0\Partition5
21:51:48.0656 1520 \Device\Harddisk0\DR0\Partition5 - ok
21:51:48.0671 1520 Boot (0x1200) (11b15572c2c67aafbb9efd5de759fdd9) \Device\Harddisk0\DR0\Partition6
21:51:48.0671 1520 \Device\Harddisk0\DR0\Partition6 - ok
21:51:48.0703 1520 Boot (0x1200) (a51599a4d3fb7180ca40bddabb4dd13e) \Device\Harddisk0\DR0\Partition7
21:51:48.0703 1520 \Device\Harddisk0\DR0\Partition7 - ok
21:51:48.0734 1520 Boot (0x1200) (bbaf01c5e67fe2e1026d20a37b3d6549) \Device\Harddisk0\DR0\Partition8
21:51:48.0734 1520 \Device\Harddisk0\DR0\Partition8 - ok
21:51:48.0734 1520 Boot (0x1200) (3b731bbd92324fe65dc2f41f7591c027) \Device\Harddisk1\DR12\Partition0
21:51:48.0734 1520 \Device\Harddisk1\DR12\Partition0 - ok
21:51:48.0765 1520 Boot (0x1200) (517724967cd5d7f5bd952c4bbb7ced6c) \Device\Harddisk2\DR13\Partition0
21:51:48.0765 1520 \Device\Harddisk2\DR13\Partition0 - ok
21:51:48.0765 1520 ============================================================
21:51:48.0765 1520 Scan finished
21:51:48.0765 1520 ============================================================
21:51:48.0796 1416 Detected object count: 1
21:51:48.0796 1416 Actual detected object count: 1
21:52:08.0171 1416 nv ( ForgedFile.Multi.Generic ) - skipped by user
21:52:08.0171 1416 nv ( ForgedFile.Multi.Generic ) - User select action: Skip

Let me know what you want me to do next. Thanks for your patience.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 21 February 2012 - 12:02 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 February 2012 - 08:55 AM

Gringo,

Ran OTL with the instructed settings. Ran without any BSOD issues. The log is below. Will wait for next set of instructions.

Thanks again for your patience.

OTL.txt log:

OTL logfile created on: 2/21/2012 8:49:19 AM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 88.89% Memory free
5.84 Gb Paging File | 5.71 Gb Available in Paging File | 97.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.36 Gb Total Space | 12.07 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive F: | 19.49 Gb Total Space | 5.95 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive G: | 4.89 Gb Total Space | 3.67 Gb Free Space | 75.06% Space Free | Partition Type: NTFS
Drive H: | 4.89 Gb Total Space | 4.09 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive I: | 4.89 Gb Total Space | 4.25 Gb Free Space | 87.05% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 2.92 Gb Free Space | 29.87% Space Free | Partition Type: NTFS
Drive K: | 4.89 Gb Total Space | 4.82 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive L: | 49.18 Gb Total Space | 32.35 Gb Free Space | 65.77% Space Free | Partition Type: NTFS
Drive M: | 48.83 Gb Total Space | 22.01 Gb Free Space | 45.06% Space Free | Partition Type: NTFS
Drive N: | 298.09 Gb Total Space | 169.41 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 851.01 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: ALBERT | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe (Windstream)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IZArc\IZArcCM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Rohos Disk) -- C:\Program Files\Rohos\agent.exe (Tesline-Service SRL)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ServicepointService) -- C:\Program Files\Windstream\Service Agent\ServicepointService.exe (Radialpoint SafeCare Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (USBSafelyRemoveService) -- C:\Program Files\USB Safely Remove\USBSRService.exe ()
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (HsdService) -- C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe (Windstream)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NTP) -- C:\Program Files\NTP\bin\ntpd.exe ()
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe (SiSoftware)
SRV - (WebUpdate4) -- C:\WINDOWS\system32\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\IntelXPV_v52\WDM\stacsv.exe (IDT, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ELService) Intel® -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (GhostStartService) -- C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (Symantec Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (pssnap) -- C:\WINDOWS\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys (SiSoftware)
DRV - (RHDISK) -- C:\Program Files\Rohos\rhdisk.sys (Tesline-Service SRL)
DRV - (sbigudrv) -- C:\WINDOWS\system32\drivers\sbigudrv.sys (Santa Barbara Instrument Group)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (UVC) -- C:\WINDOWS\system32\drivers\tis_uvc_10015.sys ()
DRV - (ATIAVPCI) -- C:\WINDOWS\system32\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ApogeeIO) -- C:\WINDOWS\system32\drivers\apogeeio.sys (Apogee Instruments)
DRV - (MaxImIO) -- C:\WINDOWS\system32\drivers\maximio.sys (Diffraction Limited)
DRV - (RTCore32) -- C:\Program Files\RMClock\RTCore32.sys ()
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (oneuport) -- C:\WINDOWS\system32\drivers\oneuport.sys ()
DRV - (i1display) -- C:\WINDOWS\system32\drivers\i1display.sys ()
DRV - (PDIHWCTL) -- C:\WINDOWS\system32\drivers\pdihwctl.sys (Portrait Displays, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (GhPciScan) -- C:\Program Files\Norton SystemWorks\Norton Ghost\GhPciScan.sys (Symantec Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Windstream\Service Agent\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 19:22:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 15:24:19 | 000,000,000 | ---D | M]

[2012/02/19 11:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/01 21:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/01 20:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2012/02/01 20:36:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/18 20:29:37 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/18 10:31:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 12:51:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/18 10:31:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe (Bitsum Technologies)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" File not found
O4 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\WINDOWS\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\James Jackson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RevertWebViewSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167522178046 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199129387729 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{063C8ACF-5B63-4402-9488-17EF9C969C59}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{657C7D5E-A8CD-44D3-ACD5-CAE8C4A6646B}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 08:47:25 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/20 21:55:23 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/20 21:50:24 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/20 12:34:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/20 12:34:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/20 12:34:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/20 12:34:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/20 12:34:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/20 12:34:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 12:31:39 | 004,414,512 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/19 13:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/02/19 13:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/02/19 12:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/02/19 11:41:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/02/19 11:41:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/19 11:40:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/19 11:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/02/19 11:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/02/19 11:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/02/19 08:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/02/19 08:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/02/19 08:41:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/02/19 07:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/02/19 07:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/19 07:20:57 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/19 07:19:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/02/18 19:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/18 19:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/11 08:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto
[2012/02/10 16:50:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/02/09 22:43:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/02/09 22:43:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/02/09 22:43:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/02/09 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/02/09 22:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/02/09 22:42:37 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2012/02/09 22:42:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2012/02/09 22:42:37 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2012/02/06 08:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\XYplorer
[2012/02/04 11:17:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msado20.tlb
[2012/02/01 20:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/02/01 20:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2012/02/01 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Manager
[2012/01/25 14:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\RecipeHub_2jEI
[2010/06/29 22:24:38 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\csnphv71.dll
[2010/02/03 23:17:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/02/21 07:28:48 | 000,003,570 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/01/08 14:58:27 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/12/19 17:22:35 | 000,107,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/16 21:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/08/16 05:50:36 | 003,788,884 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[14 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/21 08:47:29 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/20 22:25:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/20 22:24:52 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/02/20 22:20:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/20 22:20:46 | 001,632,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/20 22:19:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 22:16:28 | 081,256,448 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/02/20 21:55:59 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/20 21:50:39 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/20 12:58:29 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
[2012/02/20 12:58:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 12:57:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/20 12:32:09 | 004,414,512 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/19 12:43:13 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs - BleepingComputer.com.URL
[2012/02/19 11:45:12 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/19 11:40:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/19 11:39:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/19 11:39:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/19 10:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 10:06:14 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/02/19 08:58:28 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe
[2012/02/19 07:23:36 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 07:20:31 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2012/02/18 09:20:33 | 000,606,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/18 09:20:33 | 000,124,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/10 09:11:53 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/08 15:07:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/02/08 15:07:31 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/01 21:19:23 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/01 21:08:20 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[14 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 13:23:10 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/02/20 12:34:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/20 12:34:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/20 12:34:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/20 12:34:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/20 12:34:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/19 12:43:13 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs - BleepingComputer.com.URL
[2012/02/19 11:46:09 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2012/02/19 11:45:09 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/19 11:39:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/19 11:39:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/19 08:58:19 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe
[2012/02/19 07:23:36 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 07:20:25 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2012/02/18 21:22:15 | 081,256,448 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/02/14 23:07:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 23:07:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/10 09:11:53 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 09:11:53 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/09 22:43:23 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/01/20 16:59:09 | 000,079,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/20 11:36:10 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/11/12 09:23:58 | 001,174,528 | ---- | C] () -- C:\WINDOWS\is-44PP4.exe
[2011/11/07 17:42:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\imgproc.dll
[2011/04/02 08:43:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\ESTIMATE-SETTING.INI
[2011/04/02 08:43:03 | 000,000,160 | ---- | C] () -- C:\WINDOWS\ALIGN-SETTING.INI
[2011/04/02 08:43:03 | 000,000,105 | ---- | C] () -- C:\WINDOWS\LIMIT-SETTING.INI
[2011/02/19 21:36:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/02/15 10:03:15 | 004,743,168 | ---- | C] () -- C:\WINDOWS\System32\qt-mt335.dll
[2011/02/15 10:02:24 | 000,000,299 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2011/02/15 09:53:08 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2011/02/15 09:39:22 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2011/02/15 09:31:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2011/02/05 19:41:27 | 000,898,660 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3441145148-2105343953-4251968601-1006-0.dat
[2011/02/05 19:41:26 | 000,406,578 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/13 08:35:47 | 001,333,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/29 22:25:07 | 000,047,628 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF778051
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#8 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 February 2012 - 09:00 AM

Gringo,

Spoke too soon. When I posted the above reply (OTL.txt) Firefox (V10.0.2) crashed, but I remained in Safe Mode with Networking without any BSOD. Thought you should know.

Will wait for next instructions before doing anything.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 21 February 2012 - 09:04 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" File not found
    O4 - HKU\S-1-5-21-3441145148-2105343953-4251968601-500..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe  
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF778051
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 February 2012 - 09:57 AM

Gringo,

Ran Custom Script as instructed. When asked to reboot, clicked OK. Tried to reboot back into Safe Mode with Networking using F8. Got the following Error Messages / BSOD:

1. Microsoft Visual C++ Runtime Library
Runtime Error!
Program C:\WINDOWS\system32\logonui.exe
R 6025
- pure virtual function call
2. I clicked OK and got the following Error:
svchost.exe - Application Error
The instruction at "0x76b901bf" referenced memory at "0x023bee18"
The memory could not be "written".
3. I clicked OK and error message #1 above kept repeating. Forced to shut down computer to get out of loop.
4. Tried to reboot back into Safe Mode with Networking using F8 and got the following Windows Error Message:
winlogon.exe - Application Error
The instruction at "0x0170fe98" referenced memory at "0x0170fe98".
The memory could not be "read".
5. Clicked OK and got another Window Error Message, but got a BSOD before I could note message:
BSOD:
Stop: c000021a {Fatal System Error}
The windows Logon Process system process terminated unexpectedly with a status of f 0xc0000005
(0x00000000 0x00000000)
The system has been shut down
6. I was then able to reboot into Safe Mode with Networking without any more Error Messages or BSOD.
However, there is no Report or Log (nothing in Notepad or on Desktop) that I can find.

Will wait for next instructions. Thanks again.

PS: ON REBOOTS I AM USING F8 TO REBOOT INTO SAFE MODE WITH NETWORKING (to avoid loading things that may complicate matters). IS THIS RIGHT, OR SHOULD I LET IT TRY TO REBOOT INTO NORMAL WINDOWS?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 21 February 2012 - 04:03 PM

Hello


Run all scans in normal mode unless I ask for them in safe mode


boot into normal maode and let me know how things are running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 February 2012 - 08:30 PM

Gringo,

I've been using Safe Mode with Networking because I usually can not get into Normal Windows Mode without multiple BSOD's. And while I know I am not suppose to run anything without your direction, I did download and run Windows Memory Diagnostic Software (similar to MemTest86) while waiting for your response.

I created an ISO CD-ROM that runs before Windows is loaded (as you know, it does not need an OS to run).

Here are the results:

Window Memory Diagnostics V0.4 (ran Extended Run with 2 passes = 11 tests each run):

Slot Dimm 1: 69764 errors 1024 MB DDR SDRAM DIMM
Dimm 3: 69681 errors 1024 MB DDR SDRAM DIMM
Dimm 2: 69235 errors 1024 MB DDR SDRAM DIMM
Dimm 4: 0 errors 1024 MB DDR SDRAM DIMM

Extended Test Results (2 full passes):
Basic Test: MATS+ (cache enabled) 4573 Errors
INVC 7601 Errors
Standard Test: LRAND 4263 Errors
Stride6 (cache enabled) 3153 Errors
WMATS+ 29480 Errors
WINVC 67097 Errors
Extended Test: MATS+ (cache disabled) 1593 Errors
Stride38 0 Errors
WStride-6 10500 Errors
ERAND 79597 Errors
Stide6 (cache disabled) 823 Errors

It would appear that I have significant failure in the motherboard and/or DIMM chips, if I am interpreting the results of this test correctly. It may explain why I get so many Unable to "read" or "write" Window Error messages and BSOD's.

My thoughts about the next set of steps: Perhaps I should take the computer into the local tech/repair shop and have them re-test the DIMM chips, and perhaps the motherboard to rule out or confirm hardware faults/errors, before having you invest more time in helping me.

If there are real DIMM/motherboard issues, I would have them fix them, then resume my troubleshooting with you to be sure there are no software issues.

Do you think this is a reasonable approach, or do you want to do more testing before deciding that this may be more of a hardware issue, than a software issue.

I really don't know what the next best step is. As you can tell, I know just enough about computers to be TRULY DANGEROUS TO MYSELF.

I will rely on your directions. Awaiting the next suggested step. (Bear in mind that rebooting in Normal Windows after following your instructions leads to 95% reboot failures compared to rebooting into Safe Mode with Networking).

Thanks again for your patience, and understanding why I ran the Windows Memory Diagnostic software.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 21 February 2012 - 08:36 PM

Hello


now we are getting into an area where I can be dangerous to


Is this a laptop or desktop? - If it is a desktop open the sides and see how many sticks of ram you have



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 akjudge1

akjudge1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 February 2012 - 09:59 PM

Gringo,

I've got 4 Sticks of Ram in my Desktop Computer (Dell). RAM Type: DDR SDRAM DIMM Size: 1024 MB each
This gives me a total of 4 GB Ram (max that Windows XP can handle). Two of the sticks are original with the computer purchase 10 years ago. I added the other two RAM sticks about 3 years ago (Photoshop sucks up RAM). Never had any problem with RAM before. Seems very suspicious that 3 RAM sticks would fail all at once. To this novice, it is probably more likely I have a failure on the motherboard that controls the RAM.

However, I have no way of removing the RAM and testing them outside of the computer to see whether the possible problem is in the RAM sticks, or the motherboard. I'd have to take the desktop to the local repair shop where they can test the RAM sticks independent of the motherboard. They should be able to test the motherboard also. This is sounding more and more like the next rational step in trying to identify my problem.

Let me know what you think. Two dangerous minds are bound to stumble on the solution sooner or later :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 PM

Posted 21 February 2012 - 10:12 PM

Hello

I would remove all but one stick and see how it goes and then replace it with one of the others untill you find out which one is bad



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users