Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Keeps Restarting


  • This topic is locked This topic is locked
85 replies to this topic

#1 bluesfan1

bluesfan1

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 16 March 2012 - 10:53 PM

I came home to find my mom's computer in my kitchen witha note that said it keeps rebooting. She says a friend from church tried to help her but they couldn't figure it out.

The computer looks to be booting fine but gets to the XP screen and then reboots. I can only get into it in safe mode.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13
Run by Administrator at 0:13:47 on 2012-03-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.172 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\sslaunch.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{3809C887-142C-4678-92CA-ED2335DAAF71} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{9D9201E2-EB5B-4DA6-8C48-7799FAFD7B52} : DhcpNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
S0 idoc;idoc;c:\windows\system32\drivers\xiwqghd.sys --> c:\windows\system32\drivers\xiwqghd.sys [?]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-11 652360]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
S2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-11 20464]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NAVENG.Sys [2005-5-9 73728]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NavEx15.Sys [2005-5-9 631040]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]
.
=============== Created Last 30 ================
.
2012-03-15 02:45:52 518144 ----a-w- c:\windows\SWREG.exe
2012-03-15 02:45:52 256000 ----a-w- c:\windows\PEV.exe
2012-03-15 02:45:52 208896 ----a-w- c:\windows\MBR.exe
2012-03-15 02:45:51 98816 ----a-w- c:\windows\sed.exe
2012-03-15 02:33:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 00:56:43 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-15 00:56:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-15 00:56:20 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
2012-01-14 14:37:26 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2012-01-14 14:37:25 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
.
============= FINISH: 0:14:07.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 17 March 2012 - 05:38 PM

Greetings bluesfan1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 18 March 2012 - 08:08 AM

Greetings bluesfan1,


Welcome aboard! There are a couple of things I would like to address in this first post.

I notice in your log that ComboFix and TDSSKiller were run. I would like to see those logs in order to evaluate what was previously on your machine and what may have been removed already.

At some point we may need an XP Installation Disk. Do you have one or know somebody else that has one?

Please perform the following for me, if you would.


===================================================


Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


TDSS Qlook

--------------------

  • Please download TDSSQlook to your desktop
  • Double click theTDSSQlook icon
  • Select Run
  • Select A, then press Enter
  • A TDSSQ - Notepad document will open (or you can find it at C:\TDSSQ)
  • Please copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • TDSSQlook
  • Do you have an XP Installation CD?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 18 March 2012 - 11:10 AM

I do have an XP disk.

I didn't run either of the two programs that you mention but my mother's friend might have. I do find logs for them so here they are:

Combofix log:

ComboFix 12-03-14.01 - Administrator 03/16/2012 23:52:40.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.250 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt.txt
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-15 02:33 . 2012-03-15 02:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 00:56 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-15 00:56 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-15 00:56 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 14:37 . 2012-01-14 14:37 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2012-01-14 14:37 . 2012-01-14 14:37 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 218240]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 33936]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-09 180269]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-09 98304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-5-9 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S0 idoc;idoc;c:\windows\system32\drivers\xiwqghd.sys --> c:\windows\system32\drivers\xiwqghd.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 11:09 PM 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 11:09 PM 20464]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]
.
2005-05-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-09 07:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-16 23:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1056)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-03-17 00:02:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 05:02
ComboFix2.txt 2012-03-17 03:10
ComboFix3.txt 2012-03-15 02:57
.
Pre-Run: 140,850,610,176 bytes free
Post-Run: 140,851,253,248 bytes free
.
- - End Of File - - 041262E9E1720C5730AABA208E065491



TDSS log:

21:30:06.0812 1968 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:30:07.0109 1968 ============================================================
21:30:07.0109 1968 Current date / time: 2012/03/14 21:30:07.0109
21:30:07.0109 1968 SystemInfo:
21:30:07.0109 1968
21:30:07.0109 1968 OS Version: 5.1.2600 ServicePack: 3.0
21:30:07.0109 1968 Product type: Workstation
21:30:07.0109 1968 ComputerName: GLADYS
21:30:07.0109 1968 UserName: Administrator
21:30:07.0109 1968 Windows directory: C:\WINDOWS
21:30:07.0109 1968 System windows directory: C:\WINDOWS
21:30:07.0109 1968 Processor architecture: Intel x86
21:30:07.0109 1968 Number of processors: 1
21:30:07.0109 1968 Page size: 0x1000
21:30:07.0109 1968 Boot type: Safe boot with network
21:30:07.0109 1968 ============================================================
21:30:09.0187 1968 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:30:09.0250 1968 \Device\Harddisk0\DR0:
21:30:09.0250 1968 MBR used
21:30:09.0250 1968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xBFF3C1
21:30:09.0250 1968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBFF400, BlocksNum 0x11E19310
21:30:09.0296 1968 Initialize success
21:30:09.0296 1968 ============================================================
21:30:30.0250 1992 ============================================================
21:30:30.0250 1992 Scan started
21:30:30.0250 1992 Mode: Manual; SigCheck; TDLFS;
21:30:30.0250 1992 ============================================================
21:30:31.0281 1992 Abiosdsk - ok
21:30:31.0546 1992 abp480n5 - ok
21:30:31.0890 1992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:30:33.0328 1992 ACPI - ok
21:30:33.0625 1992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:30:33.0812 1992 ACPIEC - ok
21:30:34.0078 1992 adpu160m - ok
21:30:34.0406 1992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:30:34.0546 1992 aec - ok
21:30:34.0859 1992 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:30:34.0937 1992 AFD - ok
21:30:35.0328 1992 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:30:35.0515 1992 AgereSoftModem - ok
21:30:35.0796 1992 Aha154x - ok
21:30:36.0062 1992 aic78u2 - ok
21:30:36.0328 1992 aic78xx - ok
21:30:36.0703 1992 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:30:36.0937 1992 ALCXWDM - ok
21:30:37.0203 1992 AliIde - ok
21:30:37.0500 1992 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:30:37.0531 1992 AmdK8 - ok
21:30:37.0812 1992 amsint - ok
21:30:38.0140 1992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:30:38.0265 1992 Arp1394 - ok
21:30:38.0531 1992 asc - ok
21:30:38.0796 1992 asc3350p - ok
21:30:39.0078 1992 asc3550 - ok
21:30:39.0406 1992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:30:39.0531 1992 AsyncMac - ok
21:30:39.0828 1992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:30:39.0953 1992 atapi - ok
21:30:40.0234 1992 Atdisk - ok
21:30:40.0531 1992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:30:40.0656 1992 Atmarpc - ok
21:30:40.0953 1992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:30:41.0093 1992 audstub - ok
21:30:41.0390 1992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:30:41.0546 1992 Beep - ok
21:30:41.0859 1992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:30:42.0000 1992 cbidf2k - ok
21:30:42.0281 1992 cd20xrnt - ok
21:30:42.0593 1992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:30:42.0750 1992 Cdaudio - ok
21:30:43.0031 1992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:30:43.0140 1992 Cdfs - ok
21:30:43.0437 1992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:30:43.0562 1992 Cdrom - ok
21:30:43.0828 1992 Changer - ok
21:30:44.0109 1992 CmdIde - ok
21:30:44.0375 1992 Cpqarray - ok
21:30:44.0656 1992 dac2w2k - ok
21:30:44.0937 1992 dac960nt - ok
21:30:45.0250 1992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:30:45.0390 1992 Disk - ok
21:30:45.0718 1992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:30:45.0921 1992 dmboot - ok
21:30:46.0234 1992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:30:46.0359 1992 dmio - ok
21:30:46.0656 1992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:30:46.0812 1992 dmload - ok
21:30:47.0125 1992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:30:47.0250 1992 DMusic - ok
21:30:47.0546 1992 dpti2o - ok
21:30:47.0875 1992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:30:48.0000 1992 drmkaud - ok
21:30:48.0359 1992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:30:48.0484 1992 Fastfat - ok
21:30:48.0765 1992 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
21:30:48.0828 1992 fasttx2k - ok
21:30:49.0156 1992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:30:49.0281 1992 Fdc - ok
21:30:49.0578 1992 FETNDISB (95bc4d8493fe30312f5e1ab57ef36083) C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
21:30:49.0625 1992 FETNDISB - ok
21:30:49.0937 1992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:30:50.0046 1992 Fips - ok
21:30:50.0343 1992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:30:50.0468 1992 Flpydisk - ok
21:30:50.0765 1992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:30:50.0921 1992 FltMgr - ok
21:30:51.0218 1992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:30:51.0359 1992 Fs_Rec - ok
21:30:51.0656 1992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:30:51.0843 1992 Ftdisk - ok
21:30:52.0140 1992 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
21:30:52.0250 1992 gagp30kx - ok
21:30:52.0531 1992 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:30:52.0546 1992 GEARAspiWDM - ok
21:30:52.0828 1992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:30:52.0953 1992 Gpc - ok
21:30:53.0265 1992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:30:53.0390 1992 HidUsb - ok
21:30:53.0703 1992 hpn - ok
21:30:54.0031 1992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:30:54.0093 1992 HTTP - ok
21:30:54.0359 1992 i2omgmt - ok
21:30:54.0640 1992 i2omp - ok
21:30:54.0937 1992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:30:55.0062 1992 i8042prt - ok
21:30:55.0343 1992 idoc - ok
21:30:55.0656 1992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:30:55.0765 1992 Imapi - ok
21:30:56.0031 1992 ini910u - ok
21:30:56.0328 1992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:30:56.0453 1992 IntelIde - ok
21:30:56.0750 1992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:30:56.0875 1992 intelppm - ok
21:30:57.0171 1992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:30:57.0312 1992 Ip6Fw - ok
21:30:57.0625 1992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:30:57.0765 1992 IpFilterDriver - ok
21:30:58.0093 1992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:30:58.0203 1992 IpInIp - ok
21:30:58.0500 1992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:30:58.0625 1992 IpNat - ok
21:30:58.0921 1992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:30:59.0046 1992 IPSec - ok
21:30:59.0328 1992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:30:59.0453 1992 IRENUM - ok
21:30:59.0765 1992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:30:59.0890 1992 isapnp - ok
21:31:00.0203 1992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:31:00.0312 1992 Kbdclass - ok
21:31:00.0593 1992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:31:00.0703 1992 kbdhid - ok
21:31:01.0015 1992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:31:01.0140 1992 kmixer - ok
21:31:01.0421 1992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:31:01.0484 1992 KSecDD - ok
21:31:01.0765 1992 lbrtfdc - ok
21:31:02.0109 1992 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:31:02.0156 1992 MBAMProtector - ok
21:31:02.0453 1992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:31:02.0593 1992 mnmdd - ok
21:31:02.0906 1992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:31:03.0031 1992 Modem - ok
21:31:03.0312 1992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:31:03.0421 1992 Mouclass - ok
21:31:03.0718 1992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:31:03.0859 1992 mouhid - ok
21:31:04.0156 1992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:31:04.0281 1992 MountMgr - ok
21:31:04.0593 1992 mraid35x - ok
21:31:04.0921 1992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:31:05.0046 1992 MRxDAV - ok
21:31:05.0359 1992 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:31:05.0453 1992 MRxSmb - ok
21:31:05.0750 1992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:31:05.0859 1992 Msfs - ok
21:31:06.0187 1992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:31:06.0312 1992 MSKSSRV - ok
21:31:06.0593 1992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:31:06.0703 1992 MSPCLOCK - ok
21:31:06.0984 1992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:31:07.0093 1992 MSPQM - ok
21:31:07.0390 1992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:31:07.0515 1992 mssmbios - ok
21:31:07.0828 1992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:31:07.0921 1992 Mup - ok
21:31:08.0156 1992 NAVENG (eebd68e77a2eadc8f64e7f2e1c523488) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050309.032\NAVENG.Sys
21:31:08.0171 1992 NAVENG - ok
21:31:08.0281 1992 NAVEX15 (c9e4625e18e2a9dc95e65bac242b26be) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050309.032\NavEx15.Sys
21:31:08.0343 1992 NAVEX15 - ok
21:31:08.0640 1992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:31:08.0796 1992 NDIS - ok
21:31:09.0078 1992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:31:09.0187 1992 NdisTapi - ok
21:31:09.0468 1992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:31:09.0593 1992 Ndisuio - ok
21:31:09.0890 1992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:31:10.0015 1992 NdisWan - ok
21:31:10.0296 1992 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:31:10.0406 1992 NDProxy - ok
21:31:10.0703 1992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:31:10.0812 1992 NetBIOS - ok
21:31:11.0093 1992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:31:11.0218 1992 NetBT - ok
21:31:11.0531 1992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:31:11.0656 1992 NIC1394 - ok
21:31:11.0953 1992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:31:12.0062 1992 Npfs - ok
21:31:12.0359 1992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:31:12.0515 1992 Ntfs - ok
21:31:12.0796 1992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:31:12.0937 1992 Null - ok
21:31:13.0234 1992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:31:13.0390 1992 NwlnkFlt - ok
21:31:13.0718 1992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:31:13.0859 1992 NwlnkFwd - ok
21:31:14.0156 1992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:31:14.0281 1992 ohci1394 - ok
21:31:14.0578 1992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:31:14.0703 1992 Parport - ok
21:31:14.0984 1992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:31:15.0093 1992 PartMgr - ok
21:31:15.0406 1992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:31:15.0546 1992 ParVdm - ok
21:31:15.0859 1992 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
21:31:15.0875 1992 PcdrNdisuio ( UnsignedFile.Multi.Generic ) - warning
21:31:15.0875 1992 PcdrNdisuio - detected UnsignedFile.Multi.Generic (1)
21:31:16.0171 1992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:31:16.0281 1992 PCI - ok
21:31:16.0546 1992 PCIDump - ok
21:31:16.0890 1992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:31:17.0031 1992 PCIIde - ok
21:31:17.0312 1992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:31:17.0437 1992 Pcmcia - ok
21:31:17.0687 1992 PDCOMP - ok
21:31:17.0968 1992 PDFRAME - ok
21:31:18.0265 1992 PDRELI - ok
21:31:18.0531 1992 PDRFRAME - ok
21:31:18.0812 1992 perc2 - ok
21:31:19.0078 1992 perc2hib - ok
21:31:19.0390 1992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:31:19.0515 1992 PptpMiniport - ok
21:31:19.0828 1992 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:31:19.0937 1992 Processor - ok
21:31:20.0265 1992 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:31:20.0296 1992 Ps2 - ok
21:31:20.0578 1992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:31:20.0703 1992 PSched - ok
21:31:21.0015 1992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:31:21.0156 1992 Ptilink - ok
21:31:21.0468 1992 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:31:21.0468 1992 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:31:21.0468 1992 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:31:21.0750 1992 ql1080 - ok
21:31:22.0046 1992 Ql10wnt - ok
21:31:22.0312 1992 ql12160 - ok
21:31:22.0578 1992 ql1240 - ok
21:31:22.0875 1992 ql1280 - ok
21:31:23.0187 1992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:31:23.0343 1992 RasAcd - ok
21:31:23.0625 1992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:31:23.0750 1992 Rasl2tp - ok
21:31:24.0062 1992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:31:24.0171 1992 RasPppoe - ok
21:31:24.0468 1992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:31:24.0609 1992 Raspti - ok
21:31:24.0921 1992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:31:25.0046 1992 Rdbss - ok
21:31:25.0359 1992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:31:25.0500 1992 RDPCDD - ok
21:31:25.0812 1992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:31:25.0921 1992 RDPWD - ok
21:31:26.0234 1992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:31:26.0359 1992 redbook - ok
21:31:26.0703 1992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:31:26.0812 1992 rtl8139 - ok
21:31:26.0953 1992 SAVRT (c5fc1f1f28e01864a903137038acd5c2) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
21:31:27.0000 1992 SAVRT - ok
21:31:27.0140 1992 SAVRTPEL (956d3173171f4ccde5820f41de5e14bd) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
21:31:27.0156 1992 SAVRTPEL - ok
21:31:27.0437 1992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:31:27.0562 1992 Secdrv - ok
21:31:27.0890 1992 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:31:28.0015 1992 Serenum - ok
21:31:28.0281 1992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:31:28.0406 1992 Serial - ok
21:31:28.0687 1992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:31:28.0812 1992 Sfloppy - ok
21:31:29.0093 1992 Simbad - ok
21:31:29.0390 1992 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
21:31:29.0453 1992 SiS315 - ok
21:31:29.0781 1992 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
21:31:29.0796 1992 SiSkp - ok
21:31:30.0093 1992 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
21:31:30.0125 1992 SISNIC - ok
21:31:30.0390 1992 Sparrow - ok
21:31:30.0578 1992 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:31:30.0593 1992 SPBBCDrv - ok
21:31:30.0921 1992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:31:31.0046 1992 splitter - ok
21:31:31.0328 1992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:31:31.0437 1992 sr - ok
21:31:31.0765 1992 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:31:31.0828 1992 Srv - ok
21:31:32.0125 1992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:31:32.0234 1992 swenum - ok
21:31:32.0531 1992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:31:32.0640 1992 swmidi - ok
21:31:32.0937 1992 symc810 - ok
21:31:33.0203 1992 symc8xx - ok
21:31:33.0296 1992 SymEvent (b21b9bc6584ea9fe885aea0e265b2d4e) C:\Program Files\Symantec\SYMEVENT.SYS
21:31:33.0312 1992 SymEvent - ok
21:31:33.0593 1992 SYMREDRV (07990a566ff628bc55395db18957bf8a) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:31:33.0609 1992 SYMREDRV - ok
21:31:33.0921 1992 SYMTDI (db19ad125b720128af55f9fb7d642b2e) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:31:33.0937 1992 SYMTDI - ok
21:31:34.0218 1992 sym_hi - ok
21:31:34.0484 1992 sym_u3 - ok
21:31:34.0828 1992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:31:34.0937 1992 sysaudio - ok
21:31:35.0250 1992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:31:35.0343 1992 Tcpip - ok
21:31:35.0609 1992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:31:35.0718 1992 TDPIPE - ok
21:31:36.0046 1992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:31:36.0140 1992 TDTCP - ok
21:31:36.0437 1992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:31:36.0562 1992 TermDD - ok
21:31:36.0859 1992 TosIde - ok
21:31:37.0156 1992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:31:37.0265 1992 Udfs - ok
21:31:37.0515 1992 ultra - ok
21:31:37.0843 1992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:31:38.0000 1992 Update - ok
21:31:38.0312 1992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:31:38.0421 1992 usbccgp - ok
21:31:38.0703 1992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:31:38.0812 1992 usbehci - ok
21:31:39.0093 1992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:31:39.0203 1992 usbhub - ok
21:31:39.0484 1992 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:31:39.0593 1992 usbohci - ok
21:31:39.0875 1992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:31:39.0984 1992 USBSTOR - ok
21:31:40.0281 1992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:31:40.0390 1992 usbuhci - ok
21:31:40.0703 1992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:31:40.0812 1992 VgaSave - ok
21:31:41.0093 1992 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:31:41.0203 1992 ViaIde - ok
21:31:41.0500 1992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:31:41.0609 1992 VolSnap - ok
21:31:41.0906 1992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:31:42.0015 1992 Wanarp - ok
21:31:42.0265 1992 WDICA - ok
21:31:42.0562 1992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:31:42.0687 1992 wdmaud - ok
21:31:42.0812 1992 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
21:31:42.0921 1992 \Device\Harddisk0\DR0 - ok
21:31:42.0921 1992 Boot (0x1200) (3ecfbe72bab5c52430f6132448e9f4fe) \Device\Harddisk0\DR0\Partition0
21:31:42.0921 1992 \Device\Harddisk0\DR0\Partition0 - ok
21:31:42.0937 1992 Boot (0x1200) (24cf78bdca31c4d47a297e07ce4762bd) \Device\Harddisk0\DR0\Partition1
21:31:42.0937 1992 \Device\Harddisk0\DR0\Partition1 - ok
21:31:42.0937 1992 ============================================================
21:31:42.0937 1992 Scan finished
21:31:42.0937 1992 ============================================================
21:31:43.0062 1984 Detected object count: 2
21:31:43.0062 1984 Actual detected object count: 2
21:33:45.0421 1984 C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys - copied to quarantine
21:33:45.0437 1984 HKLM\SYSTEM\ControlSet001\services\PcdrNdisuio - will be deleted on reboot
21:33:45.0468 1984 HKLM\SYSTEM\ControlSet002\services\PcdrNdisuio - will be deleted on reboot
21:33:45.0531 1984 C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys - will be deleted on reboot
21:33:45.0531 1984 PcdrNdisuio ( UnsignedFile.Multi.Generic ) - User select action: Delete
21:33:45.0859 1984 C:\WINDOWS\system32\Drivers\PxHelp20.sys - copied to quarantine
21:33:45.0859 1984 HKLM\SYSTEM\ControlSet001\services\PxHelp20 - will be deleted on reboot
21:33:45.0859 1984 HKLM\SYSTEM\ControlSet002\services\PxHelp20 - will be deleted on reboot
21:33:45.0875 1984 C:\WINDOWS\system32\Drivers\PxHelp20.sys - will be deleted on reboot
21:33:45.0875 1984 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Delete
21:33:52.0343 1964 Deinitialize success

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 19 March 2012 - 01:07 PM

Greetings bluesfan1,


Thank you for the information. Please perform the following for me. We are going to try to find an error code that will give us a hint as to what is going on with your mom's computer.


===================================================


BlueScreenView

----------

  • Download BlueScreenView
  • Double click the BlueScreenView.exe file to run the program.
  • Follow the instructions to install the program and click Finish to run the scan
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items.
  • Save the report as BSOD.txt.
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply.
More information about the program can be found here.


===================================================


Resetting "/NOEXECUTE=OPTIN"

--------------------

  • Reboot your computer and tap the F10 key until Edit Boot Menu appears
  • You may see something similar to this:

    [ /NOEXECUTE=OPTIN /MININT <lot of empty space> ]

  • If you see this, backspace until "/MININT" is removed, leaving only "/NOEXECUTE=OPTIN"
  • Press Enter to continue booting your computer.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • BSOD.txt
  • Results of NOEXECUTE=OPTIN

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 19 March 2012 - 07:06 PM

OK things didn't go very well with thisa attempt. The Bluescreenview doesn't find any dumps and pressing F10 takes me into Compaq recovery which wants to know if I want to wipe out everything and strat from the original settings. I tried F12, F11 and F2 but none of them take me to the menu you are talking about.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 20 March 2012 - 09:19 AM

Greetings bluesfan1,


OK things didn't go very well with this attempt.


These are the easiest first steps to take and the lack of success is of no concern at this point, just a little bit annoying. :)

What we first tried to do is get a history of possible blue screen errors so we could look for a pattern or clue. Since that was not successful, we are going to try to interrupt the boot process to see if we can capture an error code in real time.

Please perform the following for me, if you would.


===================================================


Diagnose Blue Screen of Death (BSOD) Errors

--------------------

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:


    Posted Image

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:


    Posted Image

  • Please include this information in your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • BSOD information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 20 March 2012 - 06:17 PM

Here is the message that comes up:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, press F8 to select Advanced Startup options, and then select Safe Mode.

Technical information:

***STOP: 0x0000007E (0xC0000005, 0xF77A5756, 0xF79E0430, 0xF79E012C)

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 21 March 2012 - 10:35 AM

Greetings bluesfan1


We need to look a little deeper to find out what is causing the boot problem. Please perform the following for me.


===================================================


Run chkdsk /r in Windows XP Safe Mode

--------------------

  • Start your comuter in Safe Mode
  • Press windows key Posted Image + r on your keyboard at the same time
  • Inside the Run window please type cmd and press Enter
  • Please type in chkdsk /r and press Enter
  • When asked to schedule the disk check for next reboot, confirm (Y)
  • Type Exit, then hit Enter
  • Restart your computer and let the disk check run unhindered (this may take a long time)
  • If your receive any error notices on the screen please write them down and include them in your next reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Any chkdsk errors?
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 22 March 2012 - 09:00 AM

I ran chkdsk. I had run for a little over 2 hours and I needed to leave. Actually I think it was running. Going into safe mode that long list of drivers or whatever scrolldown the screen. It stopped in the middle of that and just sat there but I could hear the hard drive cranking away so I assumed it was runnig tehn but not showing me anything. When I go back to the computer it had blue screened with the same error message as before. I can try to run it again tonight if you need me to do that.

Here are the results of the Farbar scan:

Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 22-03-2012 at 10:55:14
Running from "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVGZGLZX"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 22 March 2012 - 01:51 PM

Greetings bluesfan1,


In an earlier post I requested that you run Qlook. What you posted was the TDSSKiller log. Please attempt to run Qlook and post the results in your reply.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSQlook

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 23 March 2012 - 08:56 AM

I'm sorry for the oversight. Here is the log:

TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Fri 03/23/2012 10:56:06.60 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.20.0_14.03.2012_21.30.06_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\14.03.2012_21.30.07
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\object.ini
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\object.ini
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: PcdrNdisuio
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\pcdrndisuio.sys


=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
md5: 505cba425df3bb230f244e1c23221058


=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: PxHelp20
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\PxHelp20.sys


=== C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\Drivers\PxHelp20.sys
md5: 7c81ae3c9b82ba2da437ed4d31bc56cf

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 23 March 2012 - 03:39 PM

Greetings bluesfan1,


I would like to replace one of the drivers that was quarantined by TDSSKilller and see if that makes in difference in your startup.


===================================================


Run TDSS Qlook Fix

--------------------

  • Double click theTDSSQlook icon
  • Select Run
  • Select B, then press Enter
  • A input - Notepad document will open
  • Copy and paste the following into the Notepad document

    Copy "C:\TDSSKiller_Quarantine\14.03.2012_21.30.07\susp0001\svc0000\tsk0000.dat" C:\WINDOWS\system32\Drivers\PxHelp20.sys
  • On the Notepad document click File, then Exit, and the fix will automatically run
  • Attempt to reboot your computer in Normal Mode

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Did your computer boot normally?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 bluesfan1

bluesfan1
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 23 March 2012 - 05:50 PM

The computer blue screened with the same error message as before.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:38 AM

Posted 24 March 2012 - 02:20 PM

Greetings bluesfan1,

Can you tell me if you have the Sonic Solutions Installation disk, or if the installation file is on your computer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users