Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting blue screen and have no internet connection


  • This topic is locked This topic is locked
69 replies to this topic

#1 tntmm6

tntmm6

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 11 November 2012 - 09:06 PM

Thank you in advance for your help. We were sent over here from "Am I infected?"

Our desktop has some sort of virus/trojan. We can't run any scans - Avast, Spybot, Malwarebytes, Super Antispyware. We can't connect to the internet.

We are running Windows XP.

With another helper we've run tdss killer and rogue killer from an external drive, and cleaned up a few things, but then we tried to run MWB and Norman malware and the blue screens are worse than ever. So he sent me over here. I could run DDS, but I can't GMER to run - it just gets blue screens.

The previous helper also had me uninstall avast and spybot, and go to msconfig and shut down all the start ups and everything but microsoft services. Doing that I was able to start in normal mode, which is where I ran tdss killer and rogue killer, but System Restore window popped up. And like I said, as soon as I tried to run MWB or Norman malware the blue screens were and worse.

Below is the DDS log. I cannot get a GMER log.

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Kyle at 18:32:05 on 2012-11-11
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADkAMQA3ADUAMAAzADgALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.activation.rr.com/install/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312125607531
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kyle\application data\mozilla\firefox\profiles\15bya8t6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-11 21:15:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-11 20:39:42 -------- d-----w- C:\spoolerlogs
2012-11-11 20:34:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 19:32:55 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:33:05.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 16 November 2012 - 03:42 PM

Greetings tntmm6 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 November 2012 - 10:22 AM

Hi Gary -

Thank you in advance for your help. Here's what's happened when I attempted to follow your instructions:

- I booted in Normal mode and ran DDS from an external drive. During the scan the machine rebooted on its own and did a CHKDSK. So I booted in Safe Mode and ran the scan again. As I was copying the text files, I deleted the Attach by accident. double clicked DDS to run and it wouldn't said it was a corrupted file. I decided to download the other version of DDS and while I was doing the on another machine it blue-screened again. Upon reboot, CHKDSK, again. And CHKDSK says the volume is dirty. But I got DDS to run, the logs are below.

- Blue Screen ran fine.

We have Windows XP SP3, I don't know whether it is 32 or 64 bit, I seem to think it's 32. We do have the windows disks.

- Lisa

DDS (Ver_2012-11-07.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Kyle at 8:07:31 on 2012-11-17
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADkAMQA3ADUAMAAzADgALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.activation.rr.com/install/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312125607531
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kyle\application data\mozilla\firefox\profiles\15bya8t6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-11 21:15:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-11 20:39:42 -------- d-----w- C:\spoolerlogs
2012-11-11 20:34:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 19:32:55 -------- d-----w- c:\windows\pss
2012-11-11 15:20:23 90112 ----a-w- c:\windows\DUMP21ef.tmp
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 8:08:32.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2350
2350_Help
2350Trb
Adobe Flash Player 11 Plugin
Adobe Illustrator 10.0.3
Adobe Photoshop 7.0
Adobe Reader X (10.1.2)
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Control Panel
ATI Display Driver
Aventail Access Manager
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Broadcom Advanced Control Suite 2
BufferChm
CCleaner
Cobian Backup 9
Conexant D850 56K V.9x DFVc Modem
Copy
Coupon Printer for Windows
Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Networking Guide
Dell Picture Studio v3.0
Dell Support
Dell System Restore
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
DVC5.1 Driver
EarthLink setup files
Easy Learning - Flash Game
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8953
Facebook Video Calling 1.2.0.159
Fax
FCart PayPal for Flash
FileHippo.com Update Checker
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
Intel Application Accelerator
Internet Explorer Default Page
iTunes
Java Auto Updater
Java™ 7
Kodak Picture CD Volume 2 Issue 1
Kodak Picture CD Volume 2 Issue 2
KODAK Picture CD Volume 2 Issue 4
Learn2 Player (Uninstall Only)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash MX 2004
Macromedia FreeHand MX
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Musicmatch® Jukebox
My Way Search Assistant
NetWaiting
Overland
PhotoGallery
PowerDVD 5.3
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer Basic
Roxio Media Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SUPERAntiSpyware
TrayApp
Tux Paint 0.9.21
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
Wizard101
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================


==================================================
Dump File : Mini111712-03.dmp
Crash Time : 11/17/2012 8:06:25 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80551ae2
Parameter 3 : 0xf7c0f540
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7aae2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+7aae2
Stack Address 1 : ntoskrnl.exe+7aac7
Stack Address 2 : ntoskrnl.exe+9c2d8
Stack Address 3 : ntoskrnl.exe+96e37
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111712-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111712-02.dmp
Crash Time : 11/17/2012 7:48:55 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+48a12
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+48a12
Stack Address 1 : ntoskrnl.exe+6d600
Stack Address 2 : ntoskrnl.exe+48ba1
Stack Address 3 : ntoskrnl.exe+6d600
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111712-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111712-01.dmp
Crash Time : 11/17/2012 7:35:16 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0xe111c000
Parameter 3 : 0xe111c7d8
Parameter 4 : 0x0cfb0400
Caused By Driver : fglyapoc.sys
Caused By Address : fglyapoc.sys+df38
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+606c2
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : fglyapoc.sys+df38
Stack Address 3 : fglyapoc.sys+1d6f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-13.dmp
Crash Time : 11/11/2012 6:49:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x9aa1811d
Parameter 2 : 0x00000001
Parameter 3 : 0xbf8b4a70
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+b4a70
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6257 (xpsp_sp3_gdr.120703-1633)
Processor : 32-bit
Crash Address : win32k.sys+b4a70
Stack Address 1 : win32k.sys+b4dbb
Stack Address 2 : win32k.sys+70166
Stack Address 3 : win32k.sys+6efd7
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-13.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-12.dmp
Crash Time : 11/11/2012 6:46:36 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x87beee14
Parameter 2 : 0x00000001
Parameter 3 : 0x805515a1
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7a5a1
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+7a5a1
Stack Address 1 : ntoskrnl.exe+15a799
Stack Address 2 : ntoskrnl.exe+96da4
Stack Address 3 : ntoskrnl.exe+9c46b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-12.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-11.dmp
Crash Time : 11/11/2012 6:28:12 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xc0883844
Parameter 2 : 0x00000000
Parameter 3 : 0x804e8da4
Parameter 4 : 0x00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+11da4
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+11da4
Stack Address 1 : ntoskrnl.exe+13651
Stack Address 2 : ntoskrnl.exe+14d19
Stack Address 3 : ntoskrnl.exe+14c1e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-11.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-10.dmp
Crash Time : 11/11/2012 4:49:25 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80578802
Parameter 3 : 0xf7bffa6c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a1802
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+a1802
Stack Address 1 : ntoskrnl.exe+aae98
Stack Address 2 : ntoskrnl.exe+aafaf
Stack Address 3 : ntoskrnl.exe+699f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-10.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-09.dmp
Crash Time : 11/11/2012 4:33:02 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054bfd2
Parameter 3 : 0xb949787c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74fd2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : ntoskrnl.exe+10e6ce
Stack Address 2 : ntoskrnl.exe+10ebdb
Stack Address 3 : ntoskrnl.exe+11a63d
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-09.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-08.dmp
Crash Time : 11/11/2012 4:08:18 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054b10d
Parameter 3 : 0xb8fc564c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7410d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+7410d
Stack Address 1 : ntoskrnl.exe+7475f
Stack Address 2 : ntoskrnl.exe+e9c59
Stack Address 3 : ntoskrnl.exe+14e57c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-08.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-07.dmp
Crash Time : 11/11/2012 2:43:10 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000002
Parameter 2 : 0x0003c1dc
Parameter 3 : 0x0003fe8b
Parameter 4 : 0x00000001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f5f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f5f
Stack Address 1 : ntoskrnl.exe+4ac7c
Stack Address 2 : ntoskrnl.exe+38011
Stack Address 3 : ntoskrnl.exe+38aab
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-06.dmp
Crash Time : 11/11/2012 2:13:08 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054b10f
Parameter 3 : 0xac431b5c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7410f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+7410f
Stack Address 1 : ntoskrnl.exe+7475f
Stack Address 2 : aswSnx.SYS+56b72
Stack Address 3 : ntoskrnl.exe+6a68c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-05.dmp
Crash Time : 11/11/2012 2:11:46 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804f362f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c62f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1c62f
Stack Address 1 : ntoskrnl.exe+4e916
Stack Address 2 : ntoskrnl.exe+b7a58
Stack Address 3 : ntoskrnl.exe+29647
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-04.dmp
Crash Time : 11/11/2012 1:59:09 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0xe31feaf8
Parameter 3 : 0xe31feff8
Parameter 4 : 0x0ca0061e
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+2478e
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+606c2
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : Ntfs.sys+2478e
Stack Address 3 : Ntfs.sys+25042
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-03.dmp
Crash Time : 11/11/2012 1:40:40 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xa3b3e311
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x804f88b8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+218b8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+218b8
Stack Address 1 : ntoskrnl.exe+21562
Stack Address 2 : ntoskrnl.exe+21728
Stack Address 3 : Ntfs.sys+4f83
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-02.dmp
Crash Time : 11/11/2012 1:36:13 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0xf668c620
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+a7f58
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6257 (xpsp_sp3_gdr.120703-1633)
Processor : 32-bit
Crash Address :
Stack Address 1 : win32k.sys+a1856
Stack Address 2 : win32k.sys+31979
Stack Address 3 : ntoskrnl.exe+699f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111112-01.dmp
Crash Time : 11/11/2012 12:12:14 PM
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x100000be
Parameter 1 : 0xc0008000
Parameter 2 : 0x3c0de025
Parameter 3 : 0xb0d837fc
Parameter 4 : 0x0000000b
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+49a13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+49a13
Stack Address 1 : ntoskrnl.exe+6d600
Stack Address 2 : ntoskrnl.exe+57561
Stack Address 3 : ntoskrnl.exe+d8d4c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090712-04.dmp
Crash Time : 9/7/2012 1:23:18 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000020
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804fb491
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+24491
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+24491
Stack Address 1 : ntoskrnl.exe+2443c
Stack Address 2 : ntoskrnl.exe+136f3
Stack Address 3 : ntoskrnl.exe+11b35
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090712-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090712-03.dmp
Crash Time : 9/7/2012 1:15:18 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe391d4e0
Parameter 2 : 0x00000000
Parameter 3 : 0x8054b0ba
Parameter 4 : 0x00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+740ba
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+740ba
Stack Address 1 : ntoskrnl.exe+7475f
Stack Address 2 : ntoskrnl.exe+10e71c
Stack Address 3 : ntoskrnl.exe+10eadd
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090712-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090712-02.dmp
Crash Time : 9/7/2012 1:09:47 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054b10d
Parameter 3 : 0xb00546ec
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7410d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+7410d
Stack Address 1 : ntoskrnl.exe+7475f
Stack Address 2 : ntoskrnl.exe+e8f02
Stack Address 3 : ntoskrnl.exe+e927a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090712-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090712-01.dmp
Crash Time : 9/7/2012 1:07:38 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x879fe6f4
Parameter 2 : 0x00000001
Parameter 3 : 0x8054bfd2
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74fd2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : ntoskrnl.exe+e8e1d
Stack Address 2 : ntoskrnl.exe+e91d0
Stack Address 3 : ntoskrnl.exe+158175
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini082212-02.dmp
Crash Time : 8/22/2012 6:53:07 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x805b24d6
Parameter 3 : 0xb0918ab0
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+db4d6
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+db4d6
Stack Address 1 : ntoskrnl.exe+db9fe
Stack Address 2 : ntoskrnl.exe+1492d0
Stack Address 3 : ntoskrnl.exe+149dd9
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini082212-01.dmp
Crash Time : 8/22/2012 6:51:12 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe453eb0f
Parameter 2 : 0x00000000
Parameter 3 : 0xb11f2072
Parameter 4 : 0x00000002
Caused By Driver : secdrv.sys
Caused By Address : secdrv.sys+5072
File Description : Macrovision SECURITY Driver
Product Name : Macrovision SECURITY Driver
Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
File Version : 4.03.086
Processor : 32-bit
Crash Address : secdrv.sys+5072
Stack Address 1 : secdrv.sys+23f3
Stack Address 2 : secdrv.sys+2081
Stack Address 3 : secdrv.sys+1c74
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 17 November 2012 - 10:25 AM

Good morning Lisa,

Welcome aboard. It sounds like you have a lot going on. I just wanted to pop in and let you know I am here and now in the process of reviewing the information you provided. Thanks for the detail, it helps.

Not that you really care but I thought I would let you know you have a 32 bit operating system. :)

Hopefully I will be posting back soon!

Edited by Oh My, 17 November 2012 - 12:23 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 November 2012 - 11:11 AM

Thank you again! This time with this old machine it's beyond frustrating.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 17 November 2012 - 01:08 PM

Hi Lisa,

Sorry for the delay and I do appreciate your patience. We are going to sort of triage your computer with a powerful program and see if we can at least move it out of the Emergency Room. :)

Please do this first step for me.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • RKill log (if applicable)
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 November 2012 - 05:52 PM

I tried using the App remover, but it wouldn't run, even in safe mode, but I had removed AVG and Spybot when I was working with the other helper. I then tried to run Combofix, but it said the file was corrupted and shut down.

Next I did the Rkill instructions, renamed it, deleted Combofix and renamed it. I ran Rkill - it started running, and then I got a blue screen. I powered off. All of this has been done in Safe Mode without Network and I'm not connected to the Internet.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 17 November 2012 - 06:05 PM

Hi Lisa,

Thanks for trying. I know you ran TDSSKiller in the previous post but I would like to run it again. Please follow these instructions.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Right click on the TDSSKiller icon if still present and select Delete
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please zip the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it to your reply

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Zipped TDSSKiller log

Edited by Oh My, 17 November 2012 - 06:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 November 2012 - 07:23 PM

HI Gary -

Sorry for the delay, it's my son's birthday...obligations.

I can't get tdss to run. I first tried it in Safe Mode, and I got the reboot message, and I rebooted in Safe Mode. It started the scan, then it just closed. So I tried to run it again and I got a blue screen. At the risk of getting trouble with you, I tried booting up again in Safe Mode, thinking I had forgotten to delete the previous tdss I used, but it wouldn't boot in Safe Mode. Then I tried to boot in Normal mode, which worked, and thought I would try tdss again. I got the reboot message and rebooted and the scan was ready to start on its own. But a Microsoft Windows error message popped up (the kind that wants to send a report - it didn't say any thing else). I clicked on it, and got a blue screen. I tried one more time in Normal Mode, but when I clicked on tdss to scan it wouldn't. I tried once more in Safe Mode and I got again the reboot message and then was able to start the scan. But it just shut down and when I tried once more I got the blue screen.

Sigh...is this fatal?

- Lisa

#10 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 November 2012 - 07:31 PM

I forgot one other thing. Windows Security Center popped up, which I did not touch.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 18 November 2012 - 08:33 PM

Hi Lisa,

Happy Birthday to your son. :clapping:

Sigh...is this fatal?

I'm not exactly sure what you mean by that but the answer is no! It is way too early to get overly concerned at this point. We haven't even broken a sweat yet! :)

There is a file in one of the reports you posted which is suspicious and it wouldn't surprise me if it is infected. I tried to use Combofix and TDSSKiller to give us more information or delete it but that obviously didn't work. What we are going to do now is to hunt for it. I am going to throw in a couple more files while we are at it. Finally I am going to give you some instructions relating to the Blue Screen errors you are getting.

Please do this for me.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    fglyapoc.sys
    win32k.sys
    Ntfs.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Diagnose Blue Screen of Death (BSOD) Errors

--------------------

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:


    Posted Image

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.


    Posted Image
  • Please include this information in your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook information
  • Blue Screen information (if applicable)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 November 2012 - 09:10 PM

The SystemLook gave me a blue screen. I booted up, selected "Disable Automatic Restart on System Failure" copied SystemLookup and the script you directed. It scanned quite a while (7-10 minutes) and then I got a blue screen. Here is the message:

PAGE_FAULT_IN_NONPAGED_AREA

STOP: 0x00000050 (0xAC70BFD0,0x00000000,0xF622EDAD,0x00000000)

ks:sys - Address F622EDAD base at F6226000, DateStamp 48025c12

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 18 November 2012 - 09:20 PM

Hi Lisa,

I think what we need to do is take a deep look into your computer. Don't be overly concerned if you run into difficulties, it is not uncommon with this program. We have lots of different ways to do things.

Please do this.


===================================================


xPUD MBR Dump and Driver Scan using USB

--------------------

Try this please. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK. Note: If you receive the message "You must select a distribution to load" just follow the instructions/image below
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.


    Posted Image

  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?) If it is not there remove the USB device for 5 seconds then reinsert.
  • Confirm that you see driver.sh that you downloaded there
  • Click Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh and press Enter
  • After it has finished a report will be located on your USB device named report.txt
  • Now type bash driver.sh -af and press Enter
  • You will be prompted to input a file name. Please type the following then press Enter:

    Winlogon.exe
  • After the search is completed please type the following then press Enter:

    volsnap.sys
  • After the search is completed please type the following then press Enter:

    explorer.exe
  • After the search is completed please type the following then press Enter:

    Userinit.exe
  • After the search is complete please type Exit and press Enter
  • A report will be located in the USB drive as filefind.txt
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin.
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply
  • Copy and paste the contents of report.txt and filefind.txt in your reply

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip
  • report.txt (zip and attach if too large)
  • filefind.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 November 2012 - 09:49 PM

Thanks Gary - This will have to wait until tomorrow evening.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:18 AM

Posted 18 November 2012 - 09:50 PM

No problem, I am winding down as well. See you tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users