TechSpot

[A] Vista System Check and Anti-malware 2012 removal

By jcd106
Jan 6, 2012
  1. Hi,

    I've got the System Check and Anti-malware 2012 virii on my laptop. It's now got to the stage where it BSODs if I try to boot normally; safe mode is working though.

    I have AVG anti-virus but can't get it to run.

    Following the 5-steps I ran MBAM, GMER and DDS. MBAM removed some programs but hasn't made any noticable difference. If anyone could look over the logs and suggest the next step that would be great.

    MBAM:

    Malwarebytes Anti-Malware 1.60.0.1800

    www.malwarebytes.org



    Database version: v2011.12.24.05



    Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)

    Internet Explorer 7.0.6001.18000

    J_D :: JD [administrator]



    06/01/2012 16:07:28

    mbam-log-2012-01-06 (16-07-28).txt



    Scan type: Full scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 284685

    Time elapsed: 42 minute(s), 19 second(s)



    Memory Processes Detected: 0

    (No malicious items detected)



    Memory Modules Detected: 0

    (No malicious items detected)



    Registry Keys Detected: 0

    (No malicious items detected)



    Registry Values Detected: 1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gyjAEPulVY.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\gyjAEPulVY.exe -> Quarantined and deleted successfully.



    Registry Data Items Detected: 6

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.



    Folders Detected: 0

    (No malicious items detected)



    Files Detected: 4

    C:\ProgramData\gyjAEPulVY.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

    C:\ProgramData\PFVFibYKQESxet.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\Users\J_D\AppData\Local\Temp\sblnmHWn.exe.part (Affiliate.Downloader) -> Quarantined and deleted successfully.

    C:\Users\J_D\AppData\Local\Temp\wera0.8229707630205582.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.



    (end)


    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net

    Rootkit quick scan 2012-01-06 17:16:55

    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C

    Running: 9yftqqw2.exe; Driver: C:\Users\J_D\AppData\Local\Temp\fxldypow.sys





    ---- Devices - GMER 1.0.15 ----



    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)



    ---- EOF - GMER 1.0.15 ----


    DDS dds.txt :

    .

    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21

    Run by J_D at 17:17:30 on 2012-01-06

    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2813.2362 [GMT 0:00]

    .

    AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

    SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\System32\ZoneLabs\vsmon.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

    mRun: [eRecoveryService]

    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

    mRun: [NPSStartup]

    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [Skytel] Skytel.exe

    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

    mRunOnce: [GrpConv] grpconv -o

    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

    uPolicies-explorer: HideSCAHealth = 1 (0x1)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{31ACEB1F-49A9-4F9A-9E49-A5190977EE7A} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{9320EF47-532A-4291-998C-C147787C40C9} : DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{9832C338-BCF0-44BA-B579-0F4693C7A223} : DhcpNameServer = 192.168.1.1

    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    AppInit_DLLs: avgrsstx.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\j_d\appdata\roaming\mozilla\firefox\profiles\6e54mba6.default\

    FF - prefs.js: browser.startup.homepage - about:blank

    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

    FF - plugin: c:\users\j_d\appdata\roaming\mozilla\firefox\profiles\6e54mba6.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

    FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    .

    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-8-27 22072]

    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-3 335240]

    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-3 27784]

    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-3 297752]

    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

    S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

    S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]

    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-4-26 30240]

    S3 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-10-25 24576]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-26 36608]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

    S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]

    S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]

    S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]

    S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]

    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-4-26 90240]

    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-4-26 14976]

    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-4-26 121856]

    .

    =============== Created Last 30 ================

    .

    2012-01-06 16:56:02 -------- d-----w- c:\users\j_d\AV

    2012-01-06 15:53:06 -------- d-----w- c:\users\j_d\appdata\roaming\Malwarebytes

    2012-01-06 15:52:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-01-06 15:52:55 -------- d-----w- c:\programdata\Malwarebytes

    2012-01-06 15:52:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-01-06 13:50:55 -------- d-----w- C:\From_Desktop

    2012-01-06 13:50:00 -------- d--h--w- C:\Job Applications CV etc. Joe

    2012-01-06 13:49:14 -------- d--h--w- C:\Wedding

    2012-01-06 13:47:41 -------- d-----r- C:\Photos

    2012-01-06 12:38:15 708478 ----a-w- c:\windows\system32\PerfStringBackup.TMP

    2012-01-06 12:35:44 -------- d-----w- c:\windows\LastGood.Tmp

    2011-12-10 01:17:12 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{e8ef7495-e905-4a60-9078-9152c7da58c6}\mpengine.dll

    .

    ==================== Find3M ====================

    .

    2011-12-31 05:50:47 184320 ----a-w- c:\windows\system32\drivers\netbt.sys

    2011-11-15 14:29:56 222080 ---h--w- c:\windows\system32\MpSigStub.exe

    2011-11-11 20:37:17 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    .

    ============= FINISH: 17:18:38.88 ===============


    DDS Attach.txt :

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Basic

    Boot Device: \Device\HarddiskVolume2

    Install Date: 25/10/2008 03:16:27

    System Uptime: 06/01/2012 16:56:57 (1 hours ago)

    .

    Motherboard: eMachines | | eMachines D620

    Processor: AMD Athlon(tm) Processor 2650e | Socket M2/S1G1 | 1596/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 139 GiB total, 37.085 GiB free.

    D: is CDROM ()

    E: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    .

    ==== Installed Programs ======================

    .

    2007 Microsoft Office Suite Service Pack 1 (SP1)

    32 Bit HP CIO Components Installer

    Acrobat.com

    Active@ File Recovery

    Adobe AIR

    Adobe Download Manager

    Adobe Flash Player 11 Plugin

    Adobe Flash Player ActiveX

    Adobe Reader 9.1

    AMD USB Audio Driver Filter

    Aspell 0.6 Dictionary (Language: en)

    Aspell Data

    ATI Catalyst Install Manager

    AVG Free 8.5

    Bejeweled 2 Deluxe

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Graphics Previews Vista

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization Chinese Standard

    Catalyst Control Center Localization Chinese Traditional

    Catalyst Control Center Localization Czech

    Catalyst Control Center Localization Danish

    Catalyst Control Center Localization Dutch

    Catalyst Control Center Localization Finnish

    Catalyst Control Center Localization French

    Catalyst Control Center Localization German

    Catalyst Control Center Localization Greek

    Catalyst Control Center Localization Hungarian

    Catalyst Control Center Localization Italian

    Catalyst Control Center Localization Japanese

    Catalyst Control Center Localization Korean

    Catalyst Control Center Localization Norwegian

    Catalyst Control Center Localization Polish

    Catalyst Control Center Localization Portuguese

    Catalyst Control Center Localization Russian

    Catalyst Control Center Localization Spanish

    Catalyst Control Center Localization Swedish

    Catalyst Control Center Localization Thai

    Catalyst Control Center Localization Turkish

    ccc-core-static

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Citrix online plug-in - web

    Citrix online plug-in (DV)

    Citrix online plug-in (HDX)

    Citrix online plug-in (USB)

    Citrix online plug-in (Web)

    eMachines

    eMachines Recovery Management

    FreeMind

    FTDI USB Serial Converter Drivers

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    HP Update

    HPSSupply

    InterVideo WinDVD 8

    J2SE Runtime Environment 5.0 Update 12

    Java Auto Updater

    Java(TM) 6 Update 21

    Launch Manager

    LightScribe 1.4.142.1

    Malwarebytes Anti-Malware version 1.60.0.1800

    Marvell Miniport Driver

    Microsoft .NET Framework 3.5 SP1

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Click-to-Run 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Groove MUI (English) 2010

    Microsoft Office Home and Business 2010 - English

    Microsoft Office InfoPath MUI (English) 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Professional Plus 2010

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Visio Professional 2007

    Microsoft Office Visio Professional 2007 Trial

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    Microsoft SQL Server 2008 Management Objects

    Mozilla Firefox (3.6.25)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    NTI Backup Now 5

    NTI Backup Now Standard

    Paint.NET v3.5.10

    Programmer's Notepad 2

    Realtek High Definition Audio Driver

    SAMSUNG Android USB Modem Software

    SAMSUNG Mobile Composite Device Software

    Samsung Mobile Modem Device Software

    SAMSUNG Mobile Modem V2 Software

    Samsung Mobile phone USB driver Software

    SAMSUNG Mobile USB Driver

    SAMSUNG Mobile USB Modem 1.0 Software

    Samsung Mobile USB Modem Device Software

    SAMSUNG Mobile USB Modem Software

    SAMSUNG SYMBIAN USB Download Driver

    SAMSUNG USB Mobile Device Software

    Skins

    Skype™ 4.1

    Spelling Dictionaries Support For Adobe Reader 9

    Spotify

    SQL Server System CLR Types

    Synaptics Pointing Device Driver

    Total Annihilation

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    VC 9.0 Runtime

    VirtualCom driver

    VLC media player 1.0.5

    Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

    WinRAR archiver

    ZoneAlarm

    .

    ==== Event Viewer Messages From Past Week ========

    .

    30/12/2011 22:00:12, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    30/12/2011 22:00:12, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    30/12/2011 22:00:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    30/12/2011 21:59:17, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

    30/12/2011 18:30:44, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    30/12/2011 18:30:21, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

    06/01/2012 13:43:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 ctxusbm spldr sptd Wanarpv6

    06/01/2012 12:59:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    06/01/2012 12:59:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 ctxusbm DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Vsdatant Wanarpv6

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

    06/01/2012 12:59:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

    06/01/2012 12:59:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    06/01/2012 12:59:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    06/01/2012 12:58:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    06/01/2012 12:58:14, Error: sptd [4] - Driver detected an internal error in its data structures for .

    06/01/2012 10:32:03, Error: PlugPlayManager [10] - Error writing to server side install pipe

    06/01/2012 10:30:10, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

    06/01/2012 10:30:10, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    .

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Thanks for the very quick response Broni!

    I ran aswMBR and got the log below. ComboFix hangs at the scanning stage. I tried it for half an hour, then tried running rKill (log below as well, the desktop flickered a few times but it didn't seem to kill anything) and tried again. It's been running another 20 minutes or so but not got any further. I have AVG installed but not running, I'll uninstall it and have another try.

    All of this is in safe mode as I can't get into normal mode.


    aswMBR:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

    Run date: 2012-01-06 21:51:20

    -----------------------------

    21:51:20.451 OS Version: Windows 6.0.6001 Service Pack 1

    21:51:20.451 Number of processors: 1 586 0x7F02

    21:51:20.451 ComputerName: JD UserName:

    21:51:21.387 Initialize success

    21:53:46.139 AVAST engine download error: 0

    21:53:56.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

    21:53:56.513 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3

    21:53:56.529 Disk 0 MBR read successfully

    21:53:56.529 Disk 0 MBR scan

    21:53:56.575 Disk 0 unknown MBR code

    21:53:56.575 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048

    21:53:56.591 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142625 MB offset 20482048

    21:53:56.607 Disk 0 scanning sectors +312578048

    21:53:56.700 Disk 0 scanning C:\Windows\system32\drivers

    21:54:03.502 Service scanning

    21:54:05.639 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32

    21:54:06.232 Modules scanning

    21:54:11.380 Disk 0 trace - called modules:

    21:54:11.427 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

    21:54:11.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85324528]

    21:54:11.427 3 CLASSPNP.SYS[89fa7745] -> nt!IofCallDriver -> [0x84575918]

    21:54:11.442 5 acpi.sys[8072e6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85326448]

    21:54:11.442 Scan finished successfully

    21:54:28.009 Disk 0 MBR has been saved successfully to "C:\Users\J_D\Desktop\MBR.dat"

    21:54:28.009 The log file has been saved successfully to "C:\Users\J_D\Desktop\aswMBR.txt"

    21:54:42.143 Disk 0 MBR has been saved successfully to "E:\Logs\MBR.dat"

    21:54:42.159 The log file has been saved successfully to "E:\Logs\aswMBR.txt"




    rKill:

    This log file is located at C:\rkill.log.

    Please post this only if requested to by the person helping you.

    Otherwise you can close this log when you wish.



    Rkill was run on 06/01/2012 at 22:32:33.

    Operating System: Windows Vista (TM) Home Basic





    Processes terminated by Rkill or while it was running:







    Rkill completed on 06/01/2012 at 22:32:38.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    As my instructions say you must uninstall AVG first.
     
  5. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Yep, uninstalled AVG but ComboFix is still hanging at the same place. Have left it running incase it's just taking a while
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  7. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Will do, thanks for your help
     
  8. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    OTL log :

    OTL logfile created on: 1/7/2012 12:52:11 AM - Run

    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

    Windows Vista (TM) Home Basic Service Pack 1 (Version = 6.0.6001) - Type = System

    Internet Explorer (Version = 7.0.6001.18000)

    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy



    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 90.00% Memory free

    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 139.28 Gb Total Space | 37.03 Gb Free Space | 26.59% Space Free | Partition Type: NTFS

    Drive D: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.18% Space Free | Partition Type: FAT32

    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS



    Computer Name: REATOGO | User Name: SYSTEM

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    Using ControlSet: ControlSet001



    ========== Win32 Services (SafeList) ==========



    SRV - [2010/07/26 10:01:58 | 000,066,112 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

    SRV - [2010/06/23 07:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

    SRV - [2010/03/25 04:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

    SRV - [2009/12/02 16:23:52 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

    SRV - [2009/12/02 16:23:46 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

    SRV - [2008/06/11 13:18:30 | 000,024,576 | -H-- | M] () [On_Demand] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

    SRV - [2007/01/04 21:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)





    ========== Driver Services (SafeList) ==========



    DRV - File not found [Kernel | On_Demand] -- -- (WisINT15)

    DRV - File not found [Kernel | On_Demand] -- -- (vsdatant7)

    DRV - File not found [Kernel | On_Demand] -- -- (pccsmcfd)

    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)

    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)

    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)

    DRV - File not found [Kernel | On_Demand] -- -- (catchme)

    DRV - [2010/07/14 06:51:56 | 000,065,584 | -H-- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

    DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

    DRV - [2010/03/08 19:18:14 | 000,061,067 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

    DRV - [2010/03/08 19:18:14 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

    DRV - [2009/12/02 16:23:52 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

    DRV - [2009/12/02 16:23:50 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

    DRV - [2009/12/02 16:23:48 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

    DRV - [2009/12/02 16:23:46 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

    DRV - [2009/11/24 17:02:57 | 000,691,696 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

    DRV - [2009/10/05 03:29:46 | 000,036,608 | -H-- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

    DRV - [2009/09/30 01:53:12 | 001,184,768 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

    DRV - [2009/09/11 04:40:06 | 000,121,856 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

    DRV - [2009/09/11 04:40:06 | 000,090,240 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

    DRV - [2009/09/11 04:40:06 | 000,014,976 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

    DRV - [2009/09/04 05:12:50 | 000,030,240 | -H-- | M] (Google Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

    DRV - [2008/06/11 13:13:24 | 000,015,392 | -H-- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

    DRV - [2008/05/28 19:54:20 | 000,022,072 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

    DRV - [2008/04/28 08:26:42 | 000,014,352 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

    DRV - [2007/04/17 22:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)

    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

    DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)





    ========== Standard Registry (SafeList) ==========





    ========== Internet Explorer ==========



    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620





    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

    IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    IE - HKU\J_D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0









    ========== FireFox ==========



    FF - prefs.js..browser.search.suggest.enabled: false

    FF - prefs.js..browser.startup.homepage: "about:blank"

    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

    FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0





    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 19:14:33 | 000,000,000 | -H-D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 18:49:07 | 000,000,000 | -H-D | M]



    [2009/07/10 14:01:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Extensions

    [2011/12/30 13:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions

    [2011/07/16 17:58:21 | 000,000,000 | -H-D | M] (Flashblock) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

    [2011/10/03 12:54:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    [2010/08/08 08:22:43 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    [2011/11/21 16:15:17 | 000,000,000 | -H-D | M] (BarTab) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\bartap@philikon.de

    [2011/12/30 13:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/08/02 15:01:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    [2009/07/20 18:38:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    [2010/10/12 10:33:32 | 000,124,344 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

    [2010/10/12 10:37:06 | 000,070,592 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

    [2010/10/12 10:35:42 | 000,091,576 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

    [2010/10/12 10:34:56 | 000,022,464 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

    [2010/07/16 23:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    [2010/10/12 12:16:54 | 000,484,768 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

    [2010/10/12 10:37:02 | 000,024,000 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

    [2011/03/16 12:14:58 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

    [2011/03/16 12:14:58 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

    [2011/03/16 12:14:58 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

    [2011/03/16 12:14:58 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml



    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

    O4 - HKLM..\Run: [eRecoveryService] File not found

    O4 - HKLM..\Run: [NPSStartup] File not found

    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)

    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O7 - HKU\J_D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O13 - gopher Prefix: missing

    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O24 - Desktop WallPaper:

    O24 - Desktop BackupWallPaper:

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

    O33 - MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\Shell\AutoRun\command - "" = WDSetup.exe

    O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell - "" = AutoRun

    O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE

    O33 - MountPoints2\E\Shell\AutoRun\command - "" = WDSetup.exe

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    ========== Files/Folders - Created Within 30 Days ==========



    [2012/01/06 18:05:09 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2012/01/06 16:56:04 | 004,369,970 | R--- | C] (Swearware) -- C:\Users\J_D\Desktop\ComboFix.exe

    [2012/01/06 16:51:18 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

    [2012/01/06 12:29:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2012/01/06 12:29:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2012/01/06 12:29:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2012/01/06 12:29:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

    [2012/01/06 12:29:41 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2012/01/06 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Malwarebytes

    [2012/01/06 10:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/01/06 10:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2012/01/06 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    [2012/01/06 10:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2012/01/06 08:50:55 | 000,000,000 | ---D | C] -- C:\From_Desktop

    [2012/01/06 08:50:00 | 000,000,000 | -H-D | C] -- C:\Job Applications CV etc. Joe

    [2012/01/06 08:49:14 | 000,000,000 | -H-D | C] -- C:\Wedding

    [2012/01/06 08:47:41 | 000,000,000 | R--D | C] -- C:\Photos

    [2011/12/30 16:25:27 | 000,000,000 | -H-D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

    [3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files - Modified Within 30 Days ==========



    [2012/01/06 19:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/01/06 19:31:55 | 157,300,940 | ---- | M] () -- C:\Windows\MEMORY.DMP

    [2012/01/06 16:54:28 | 000,000,512 | ---- | M] () -- C:\Users\J_D\Desktop\MBR.dat

    [2012/01/06 16:53:28 | 000,001,356 | ---- | M] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

    [2012/01/06 16:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

    [2012/01/06 12:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\ComboFix.exe

    [2012/01/06 10:52:57 | 000,000,932 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

    [2012/01/06 10:52:57 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/01/06 10:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/01/06 07:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/01/06 07:51:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

    [2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

    [2011/12/30 17:00:39 | 000,000,631 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    [2011/12/30 16:25:27 | 000,000,607 | -H-- | M] () -- C:\Users\J_D\Desktop\System Check.lnk

    [2011/12/30 16:25:20 | 000,000,344 | -H-- | M] () -- C:\ProgramData\PFVFibYKQESxet

    [2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    [2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1

    [2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmer's Notepad

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now 5

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

    [2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (English)

    [2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

    [2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

    [2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines GameZone

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

    [2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

    [2011/12/30 16:24:27 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

    [2011/12/30 16:24:27 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

    [2011/12/30 16:24:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArgoUML

    [2011/12/30 16:24:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery

    [2011/12/30 13:34:45 | 000,601,392 | -H-- | M] () -- C:\Windows\System32\perfh009.dat

    [2011/12/30 13:34:45 | 000,104,548 | -H-- | M] () -- C:\Windows\System32\perfc009.dat

    [2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files Created - No Company Name ==========



    [2012/01/06 16:54:28 | 000,000,512 | ---- | C] () -- C:\Users\J_D\Desktop\MBR.dat

    [2012/01/06 12:29:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

    [2012/01/06 12:29:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

    [2012/01/06 12:29:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2012/01/06 12:29:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2012/01/06 12:29:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2012/01/06 10:52:57 | 000,000,932 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

    [2012/01/06 10:52:57 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2011/12/30 17:00:39 | 000,000,631 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    [2011/12/30 16:25:27 | 000,000,607 | -H-- | C] () -- C:\Users\J_D\Desktop\System Check.lnk

    [2011/12/30 16:25:20 | 000,000,344 | -H-- | C] () -- C:\ProgramData\PFVFibYKQESxet

    [2011/12/30 14:11:47 | 000,010,396 | -HS- | C] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

    [2011/12/30 14:11:47 | 000,010,396 | -HS- | C] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

    [2010/06/10 13:18:28 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini

    [2010/05/05 07:52:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

    [2010/04/26 05:43:51 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

    [2010/04/26 05:43:51 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

    [2010/03/09 02:53:06 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe

    [2010/03/09 02:53:06 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini

    [2009/12/17 06:14:17 | 000,228,648 | ---- | C] () -- C:\Windows\OptChecker.exe

    [2009/11/27 13:32:35 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

    [2009/11/27 13:28:19 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

    [2009/11/20 04:16:29 | 000,000,642 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wklnhst.dat

    [2009/11/13 17:58:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

    [2009/10/06 11:49:18 | 000,008,704 | -H-- | C] () -- C:\Users\J_D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2009/09/24 20:30:01 | 000,001,356 | ---- | C] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

    [2009/07/20 14:17:58 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe

    [2009/07/20 14:10:48 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\InstallVCOM.exe

    [2009/07/14 13:51:25 | 000,000,138 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wpstate.ini

    [2009/07/10 14:04:55 | 000,011,854 | -H-- | C] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf

    [2009/07/10 13:38:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    [2009/07/04 09:30:03 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

    [2009/07/04 09:28:50 | 000,021,840 | -H-- | C] () -- C:\Windows\System32\SIntfNT.dll

    [2009/07/04 09:28:50 | 000,017,212 | -H-- | C] () -- C:\Windows\System32\SIntf32.dll

    [2009/07/04 09:28:50 | 000,012,067 | -H-- | C] () -- C:\Windows\System32\SIntf16.dll

    [2009/06/08 00:31:24 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll

    [2009/06/07 23:56:40 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll

    [2008/10/24 21:24:22 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll

    [2008/08/27 18:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

    [2008/08/27 18:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

    [2008/08/27 17:49:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

    [2008/08/27 17:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

    [2008/08/27 17:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

    [2008/08/27 17:49:15 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

    [2008/08/27 17:48:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat

    [2008/08/27 17:48:57 | 000,174,819 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat

    [2008/08/27 17:48:57 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe

    [2008/08/27 17:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    [2008/08/15 00:47:01 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    [2008/05/04 11:39:34 | 000,002,560 | -H-- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll

    [2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

    [2007/10/25 11:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

    [2006/12/13 10:03:14 | 000,074,240 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll

    [2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

    [2006/11/02 07:44:53 | 000,445,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

    [2006/11/02 05:33:01 | 000,601,392 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

    [2006/11/02 05:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

    [2006/11/02 05:33:01 | 000,104,548 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

    [2006/11/02 05:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

    [2006/11/02 05:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    [2006/11/02 03:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

    [2006/11/02 02:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

    [2006/11/02 02:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

    [2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

    [2001/12/26 18:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll

    [2001/09/04 01:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll

    [2001/07/30 18:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

    [2001/07/24 00:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll



    ========== LOP Check ==========



    [2010/03/09 04:09:02 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Arduino

    [2009/11/24 17:17:11 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite

    [2011/03/17 10:12:07 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Echo Software

    [2009/12/01 11:14:50 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\GetRightToGo

    [2009/09/05 20:07:44 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\gtk-2.0

    [2011/10/14 10:39:14 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\ICAClient

    [2010/06/10 13:21:26 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Image Zone Express

    [2009/07/17 16:42:55 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\InterVideo

    [2009/12/01 11:05:39 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Microchip

    [2009/12/01 12:53:51 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\OpenOffice.org

    [2010/04/26 06:37:43 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\PC Suite

    [2010/01/05 09:34:31 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Printer Info Cache

    [2010/06/16 16:52:41 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Samsung

    [2011/12/29 19:21:30 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\SoftGrid Client

    [2009/11/13 17:09:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Sparx Systems

    [2011/12/29 17:37:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Spotify

    [2009/11/20 04:16:37 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Template

    [2011/04/14 04:20:18 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\TP

    [2009/07/03 13:12:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data

    [2009/09/24 17:07:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\AutomatedQA

    [2009/07/03 14:08:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\CheckPoint

    [2011/10/14 10:41:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\Citrix

    [2009/11/24 17:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\DAEMON Tools Lite

    [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

    [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

    [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

    [2008/08/27 17:56:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\FloodLightGames

    [2009/07/17 16:43:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\InterVideo

    [2010/04/26 06:37:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\PC Suite

    [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

    [2011/08/05 15:22:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP

    [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

    [2011/07/22 04:29:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\VirtualizedApplications

    [2009/08/25 14:41:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\WindowsSearch

    [2012/01/06 07:51:16 | 000,032,630 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT



    ========== Purity Check ==========







    ========== Alternate Data Streams ==========



    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177

    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E00596C

    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA

    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [NPSStartup] File not found
    O33 - MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\Shell\AutoRun\command - "" = WDSetup.exe
    O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell - "" = AutoRun
    O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = WDSetup.exe
    [2011/12/30 16:25:27 | 000,000,000 | -H-D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva
    [2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva
    [2011/12/30 17:00:39 | 000,000,631 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/30 16:25:27 | 000,000,607 | -H-- | M] () -- C:\Users\J_D\Desktop\System Check.lnk
    [2011/12/30 16:25:20 | 000,000,344 | -H-- | M] () -- C:\ProgramData\PFVFibYKQESxet
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E00596C
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.

    Delete your Combofix file, download fresh one and see if it'll run.
     
  10. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Here's the log from the OTL fix. I'm still getting BSOD when I boot to normal mode but safe mode is working. The BSOD's not up long enough for me to copy it down but there's no error code that I can see, just what appears to be memory addresses and a dump counter.

    Retrying ComboFix with a fresh install from the other location now.

    ========== OTL ==========

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\ not found.

    File WDSetup.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

    File F:\AUTORUN.EXE not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

    File WDSetup.exe not found.

    C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.

    C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva moved successfully.

    C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva moved successfully.

    C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.

    C:\Users\J_D\Desktop\System Check.lnk moved successfully.

    C:\ProgramData\PFVFibYKQESxet moved successfully.

    ADS C:\ProgramData\TEMP:9F683177 deleted successfully.

    ADS C:\ProgramData\TEMP:9E00596C deleted successfully.

    ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

    ADS C:\ProgramData\TEMP:C46995DA deleted successfully.

    ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.

    ========== SERVICES/DRIVERS ==========

    ========== REGISTRY ==========

    ========== FILES ==========

    ========== COMMANDS ==========



    OTLPE by OldTimer - Version 3.1.48.0 log created on 01072012_110557
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Trying Combofix?
     
  12. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Still no joy with ComboFix. Tried a couple of downloads and with and without rKill. Left for a couple of hours, nothing.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  14. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    TDSSkiller found 255 objects but 0 threats.

    TDSS log:

    23:39:41.0305 1108 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

    23:39:43.0317 1108 ============================================================

    23:39:43.0317 1108 Current date / time: 2012/01/07 23:39:43.0317

    23:39:43.0317 1108 SystemInfo:

    23:39:43.0317 1108

    23:39:43.0317 1108 OS Version: 6.0.6001 ServicePack: 1.0

    23:39:43.0317 1108 Product type: Workstation

    23:39:43.0317 1108 ComputerName: JD

    23:39:43.0317 1108 UserName: J_D

    23:39:43.0317 1108 Windows directory: C:\Windows

    23:39:43.0317 1108 System windows directory: C:\Windows

    23:39:43.0317 1108 Processor architecture: Intel x86

    23:39:43.0317 1108 Number of processors: 1

    23:39:43.0317 1108 Page size: 0x1000

    23:39:43.0317 1108 Boot type: Safe boot with network

    23:39:43.0317 1108 ============================================================

    23:39:44.0706 1108 Initialize success

    23:40:04.0830 1548 ============================================================

    23:40:04.0830 1548 Scan started

    23:40:04.0830 1548 Mode: Manual;

    23:40:04.0830 1548 ============================================================

    23:40:05.0844 1548 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

    23:40:05.0844 1548 ACPI - ok

    23:40:06.0078 1548 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

    23:40:06.0078 1548 adp94xx - ok

    23:40:06.0296 1548 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

    23:40:06.0312 1548 adpahci - ok

    23:40:06.0499 1548 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

    23:40:06.0514 1548 adpu160m - ok

    23:40:06.0686 1548 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

    23:40:06.0686 1548 adpu320 - ok

    23:40:06.0951 1548 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

    23:40:06.0967 1548 AFD - ok

    23:40:07.0138 1548 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

    23:40:07.0138 1548 agp440 - ok

    23:40:07.0372 1548 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

    23:40:07.0372 1548 aic78xx - ok

    23:40:07.0528 1548 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

    23:40:07.0528 1548 aliide - ok

    23:40:07.0700 1548 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

    23:40:07.0700 1548 amdagp - ok

    23:40:07.0887 1548 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

    23:40:07.0887 1548 amdide - ok

    23:40:08.0090 1548 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

    23:40:08.0106 1548 AmdK7 - ok

    23:40:08.0277 1548 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

    23:40:08.0277 1548 AmdK8 - ok

    23:40:08.0496 1548 androidusb (93340c395a2b0470cdf7038c808d4881) C:\Windows\system32\Drivers\ssadadb.sys

    23:40:08.0496 1548 androidusb - ok

    23:40:08.0761 1548 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

    23:40:08.0761 1548 arc - ok

    23:40:08.0964 1548 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

    23:40:08.0979 1548 arcsas - ok

    23:40:09.0042 1548 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

    23:40:09.0042 1548 AsyncMac - ok

    23:40:09.0229 1548 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

    23:40:09.0229 1548 atapi - ok

    23:40:09.0478 1548 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys

    23:40:09.0525 1548 athr - ok

    23:40:09.0822 1548 atikmdag (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

    23:40:09.0978 1548 atikmdag - ok

    23:40:10.0134 1548 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

    23:40:10.0134 1548 AtiPcie - ok

    23:40:10.0368 1548 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

    23:40:10.0368 1548 Beep - ok

    23:40:10.0570 1548 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

    23:40:10.0586 1548 blbdrive - ok

    23:40:10.0773 1548 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

    23:40:10.0773 1548 bowser - ok

    23:40:10.0976 1548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

    23:40:10.0976 1548 BrFiltLo - ok

    23:40:11.0054 1548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

    23:40:11.0054 1548 BrFiltUp - ok

    23:40:11.0085 1548 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

    23:40:11.0101 1548 Brserid - ok

    23:40:11.0148 1548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

    23:40:11.0163 1548 BrSerWdm - ok

    23:40:11.0350 1548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

    23:40:11.0350 1548 BrUsbMdm - ok

    23:40:11.0522 1548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

    23:40:11.0522 1548 BrUsbSer - ok

    23:40:11.0740 1548 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

    23:40:11.0740 1548 BTHMODEM - ok

    23:40:11.0896 1548 catchme - ok

    23:40:12.0037 1548 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

    23:40:12.0037 1548 cdfs - ok

    23:40:12.0146 1548 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

    23:40:12.0146 1548 cdrom - ok

    23:40:12.0318 1548 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

    23:40:12.0318 1548 circlass - ok

    23:40:12.0380 1548 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

    23:40:12.0396 1548 CLFS - ok

    23:40:12.0567 1548 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

    23:40:12.0567 1548 CmBatt - ok

    23:40:12.0708 1548 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

    23:40:12.0708 1548 cmdide - ok

    23:40:12.0770 1548 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

    23:40:12.0770 1548 Compbatt - ok

    23:40:12.0786 1548 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

    23:40:12.0786 1548 crcdisk - ok

    23:40:12.0832 1548 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

    23:40:12.0848 1548 Crusoe - ok

    23:40:13.0035 1548 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

    23:40:13.0051 1548 ctxusbm - ok

    23:40:13.0160 1548 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

    23:40:13.0160 1548 DfsC - ok

    23:40:13.0394 1548 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

    23:40:13.0394 1548 disk - ok

    23:40:13.0566 1548 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

    23:40:13.0566 1548 DKbFltr - ok

    23:40:13.0659 1548 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

    23:40:13.0659 1548 Dot4 - ok

    23:40:13.0815 1548 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

    23:40:13.0815 1548 Dot4Print - ok

    23:40:13.0878 1548 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

    23:40:13.0893 1548 dot4usb - ok

    23:40:14.0002 1548 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

    23:40:14.0002 1548 drmkaud - ok

    23:40:14.0127 1548 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

    23:40:14.0174 1548 DXGKrnl - ok

    23:40:14.0377 1548 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

    23:40:14.0392 1548 E1G60 - ok

    23:40:14.0595 1548 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

    23:40:14.0611 1548 Ecache - ok

    23:40:14.0782 1548 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

    23:40:14.0829 1548 elxstor - ok

    23:40:14.0985 1548 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

    23:40:14.0985 1548 ErrDev - ok

    23:40:15.0079 1548 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

    23:40:15.0079 1548 exfat - ok

    23:40:15.0266 1548 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

    23:40:15.0266 1548 fastfat - ok

    23:40:15.0422 1548 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

    23:40:15.0422 1548 fdc - ok

    23:40:15.0469 1548 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

    23:40:15.0469 1548 FileInfo - ok

    23:40:15.0516 1548 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

    23:40:15.0516 1548 Filetrace - ok

    23:40:15.0531 1548 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

    23:40:15.0531 1548 flpydisk - ok

    23:40:15.0578 1548 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

    23:40:15.0594 1548 FltMgr - ok

    23:40:15.0734 1548 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

    23:40:15.0734 1548 FsUsbExDisk - ok

    23:40:15.0812 1548 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

    23:40:15.0812 1548 Fs_Rec - ok

    23:40:16.0015 1548 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\Windows\system32\drivers\ftdibus.sys

    23:40:16.0015 1548 FTDIBUS - ok

    23:40:16.0218 1548 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\Windows\system32\drivers\ftser2k.sys

    23:40:16.0233 1548 FTSER2K - ok

    23:40:16.0405 1548 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

    23:40:16.0436 1548 gagp30kx - ok

    23:40:16.0608 1548 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

    23:40:16.0623 1548 HdAudAddService - ok

    23:40:16.0795 1548 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

    23:40:16.0795 1548 HDAudBus - ok

    23:40:16.0920 1548 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

    23:40:16.0920 1548 HidBth - ok

    23:40:16.0951 1548 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

    23:40:16.0951 1548 HidIr - ok

    23:40:17.0107 1548 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

    23:40:17.0107 1548 HidUsb - ok

    23:40:17.0185 1548 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

    23:40:17.0185 1548 HpCISSs - ok

    23:40:17.0263 1548 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys

    23:40:17.0278 1548 HTTP - ok

    23:40:17.0419 1548 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

    23:40:17.0419 1548 i2omp - ok

    23:40:17.0575 1548 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

    23:40:17.0575 1548 i8042prt - ok

    23:40:17.0637 1548 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

    23:40:17.0637 1548 iaStorV - ok

    23:40:17.0824 1548 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

    23:40:17.0824 1548 iirsp - ok

    23:40:17.0918 1548 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys

    23:40:17.0918 1548 int15 - ok

    23:40:18.0136 1548 IntcAzAudAddService (1fa4f33e68bb76041e213f170d17a406) C:\Windows\system32\drivers\RTKVHDA.sys

    23:40:18.0214 1548 IntcAzAudAddService - ok

    23:40:18.0339 1548 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

    23:40:18.0339 1548 intelide - ok

    23:40:18.0386 1548 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

    23:40:18.0386 1548 intelppm - ok

    23:40:18.0542 1548 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    23:40:18.0542 1548 IpFilterDriver - ok

    23:40:18.0558 1548 IpInIp - ok

    23:40:18.0604 1548 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

    23:40:18.0620 1548 IPMIDRV - ok

    23:40:18.0636 1548 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

    23:40:18.0636 1548 IPNAT - ok

    23:40:18.0807 1548 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

    23:40:18.0807 1548 IRENUM - ok

    23:40:18.0932 1548 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

    23:40:18.0932 1548 isapnp - ok

    23:40:18.0994 1548 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

    23:40:18.0994 1548 iScsiPrt - ok

    23:40:19.0010 1548 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

    23:40:19.0010 1548 iteatapi - ok

    23:40:19.0150 1548 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

    23:40:19.0150 1548 iteraid - ok

    23:40:19.0213 1548 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

    23:40:19.0213 1548 kbdclass - ok

    23:40:19.0431 1548 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

    23:40:19.0431 1548 kbdhid - ok

    23:40:19.0603 1548 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

    23:40:19.0603 1548 KSecDD - ok

    23:40:19.0759 1548 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

    23:40:19.0759 1548 lltdio - ok

    23:40:19.0852 1548 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

    23:40:19.0852 1548 LSI_FC - ok

    23:40:19.0962 1548 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

    23:40:19.0962 1548 LSI_SAS - ok

    23:40:20.0055 1548 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

    23:40:20.0055 1548 LSI_SCSI - ok

    23:40:20.0133 1548 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

    23:40:20.0149 1548 luafv - ok

    23:40:20.0211 1548 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

    23:40:20.0211 1548 megasas - ok

    23:40:20.0274 1548 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

    23:40:20.0274 1548 MegaSR - ok

    23:40:20.0461 1548 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

    23:40:20.0461 1548 Modem - ok

    23:40:20.0539 1548 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

    23:40:20.0539 1548 monitor - ok

    23:40:20.0586 1548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

    23:40:20.0601 1548 mouclass - ok

    23:40:20.0804 1548 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

    23:40:20.0804 1548 mouhid - ok

    23:40:20.0960 1548 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

    23:40:20.0960 1548 MountMgr - ok

    23:40:21.0007 1548 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

    23:40:21.0038 1548 mpio - ok

    23:40:21.0147 1548 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

    23:40:21.0147 1548 mpsdrv - ok

    23:40:21.0225 1548 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

    23:40:21.0225 1548 Mraid35x - ok

    23:40:21.0272 1548 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

    23:40:21.0288 1548 MRxDAV - ok

    23:40:21.0428 1548 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

    23:40:21.0444 1548 mrxsmb - ok

    23:40:21.0475 1548 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    23:40:21.0475 1548 mrxsmb10 - ok

    23:40:21.0537 1548 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    23:40:21.0537 1548 mrxsmb20 - ok

    23:40:21.0631 1548 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

    23:40:21.0662 1548 msahci - ok

    23:40:21.0709 1548 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

    23:40:21.0756 1548 msdsm - ok

    23:40:21.0896 1548 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

    23:40:21.0896 1548 Msfs - ok

    23:40:21.0974 1548 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

    23:40:21.0974 1548 msisadrv - ok

    23:40:22.0146 1548 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

    23:40:22.0146 1548 MSKSSRV - ok

    23:40:22.0208 1548 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

    23:40:22.0208 1548 MSPCLOCK - ok

    23:40:22.0395 1548 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

    23:40:22.0395 1548 MSPQM - ok

    23:40:22.0520 1548 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

    23:40:22.0520 1548 MsRPC - ok

    23:40:22.0598 1548 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

    23:40:22.0598 1548 mssmbios - ok

    23:40:22.0614 1548 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

    23:40:22.0614 1548 MSTEE - ok

    23:40:22.0676 1548 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

    23:40:22.0676 1548 Mup - ok

    23:40:22.0816 1548 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

    23:40:22.0816 1548 NativeWifiP - ok

    23:40:22.0894 1548 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

    23:40:22.0941 1548 NDIS - ok

    23:40:23.0097 1548 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

    23:40:23.0097 1548 NdisTapi - ok

    23:40:23.0113 1548 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

    23:40:23.0128 1548 Ndisuio - ok

    23:40:23.0175 1548 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

    23:40:23.0191 1548 NdisWan - ok

    23:40:23.0222 1548 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

    23:40:23.0222 1548 NDProxy - ok

    23:40:23.0409 1548 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

    23:40:23.0425 1548 NetBIOS - ok

    23:40:23.0487 1548 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

    23:40:23.0503 1548 netbt - ok

    23:40:23.0721 1548 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

    23:40:23.0721 1548 nfrd960 - ok

    23:40:23.0877 1548 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

    23:40:23.0877 1548 Npfs - ok

    23:40:23.0924 1548 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

    23:40:23.0924 1548 nsiproxy - ok

    23:40:24.0033 1548 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

    23:40:24.0049 1548 Ntfs - ok

    23:40:24.0189 1548 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

    23:40:24.0189 1548 NTIDrvr - ok

    23:40:24.0267 1548 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

    23:40:24.0267 1548 ntrigdigi - ok

    23:40:24.0314 1548 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

    23:40:24.0314 1548 Null - ok

    23:40:24.0345 1548 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

    23:40:24.0345 1548 nvraid - ok

    23:40:24.0532 1548 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

    23:40:24.0532 1548 nvstor - ok

    23:40:24.0688 1548 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

    23:40:24.0704 1548 nv_agp - ok

    23:40:24.0720 1548 NwlnkFlt - ok

    23:40:24.0735 1548 NwlnkFwd - ok

    23:40:24.0798 1548 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

    23:40:24.0798 1548 ohci1394 - ok

    23:40:25.0000 1548 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

    23:40:25.0000 1548 Parport - ok

    23:40:25.0063 1548 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

    23:40:25.0063 1548 partmgr - ok

    23:40:25.0203 1548 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

    23:40:25.0203 1548 Parvdm - ok

    23:40:25.0250 1548 pccsmcfd - ok

    23:40:25.0328 1548 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

    23:40:25.0328 1548 pci - ok

    23:40:25.0500 1548 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

    23:40:25.0500 1548 pciide - ok

    23:40:25.0531 1548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

    23:40:25.0546 1548 pcmcia - ok

    23:40:25.0624 1548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

    23:40:25.0671 1548 PEAUTH - ok

    23:40:25.0905 1548 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

    23:40:25.0905 1548 PptpMiniport - ok

    23:40:25.0968 1548 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

    23:40:25.0968 1548 Processor - ok

    23:40:26.0061 1548 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

    23:40:26.0077 1548 PSched - ok

    23:40:26.0217 1548 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

    23:40:26.0280 1548 ql2300 - ok

    23:40:26.0389 1548 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

    23:40:26.0420 1548 ql40xx - ok

    23:40:26.0451 1548 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

    23:40:26.0451 1548 QWAVEdrv - ok

    23:40:26.0623 1548 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

    23:40:26.0638 1548 R300 - ok

    23:40:26.0748 1548 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

    23:40:26.0748 1548 RasAcd - ok

    23:40:26.0826 1548 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

    23:40:26.0826 1548 Rasl2tp - ok

    23:40:26.0872 1548 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

    23:40:26.0872 1548 RasPppoe - ok

    23:40:26.0904 1548 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

    23:40:26.0904 1548 RasSstp - ok

    23:40:26.0966 1548 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

    23:40:26.0966 1548 rdbss - ok

    23:40:27.0153 1548 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

    23:40:27.0153 1548 RDPCDD - ok

    23:40:27.0262 1548 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

    23:40:27.0262 1548 rdpdr - ok

    23:40:27.0309 1548 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

    23:40:27.0325 1548 RDPENCDD - ok

    23:40:27.0356 1548 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

    23:40:27.0356 1548 RDPWD - ok

    23:40:27.0434 1548 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

    23:40:27.0434 1548 regi - ok

    23:40:27.0684 1548 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

    23:40:27.0684 1548 rspndr - ok

    23:40:27.0918 1548 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

    23:40:27.0918 1548 RTL8169 - ok

    23:40:28.0058 1548 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

    23:40:28.0058 1548 sbp2port - ok

    23:40:28.0136 1548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

    23:40:28.0136 1548 secdrv - ok

    23:40:28.0214 1548 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

    23:40:28.0214 1548 Serenum - ok

    23:40:28.0354 1548 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

    23:40:28.0354 1548 Serial - ok

    23:40:28.0417 1548 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

    23:40:28.0417 1548 sermouse - ok

    23:40:28.0573 1548 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

    23:40:28.0573 1548 sffdisk - ok

    23:40:28.0620 1548 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

    23:40:28.0620 1548 sffp_mmc - ok

    23:40:28.0651 1548 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

    23:40:28.0651 1548 sffp_sd - ok

    23:40:28.0666 1548 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

    23:40:28.0666 1548 sfloppy - ok

    23:40:28.0869 1548 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\Windows\system32\DRIVERS\Sftfslh.sys

    23:40:28.0869 1548 Sftfs - ok

    23:40:28.0900 1548 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\Windows\system32\DRIVERS\Sftplaylh.sys

    23:40:28.0932 1548 Sftplay - ok

    23:40:28.0963 1548 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\Windows\system32\DRIVERS\Sftredirlh.sys

    23:40:28.0963 1548 Sftredir - ok

    23:40:29.0103 1548 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\Windows\system32\DRIVERS\Sftvollh.sys

    23:40:29.0103 1548 Sftvol - ok

    23:40:29.0181 1548 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

    23:40:29.0181 1548 sisagp - ok

    23:40:29.0353 1548 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

    23:40:29.0353 1548 SiSRaid2 - ok

    23:40:29.0462 1548 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

    23:40:29.0462 1548 SiSRaid4 - ok

    23:40:29.0524 1548 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

    23:40:29.0524 1548 Smb - ok

    23:40:29.0571 1548 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

    23:40:29.0571 1548 spldr - ok

    23:40:29.0790 1548 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

    23:40:29.0836 1548 sptd - ok

    23:40:29.0992 1548 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys

    23:40:29.0992 1548 srv - ok

    23:40:30.0070 1548 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys

    23:40:30.0070 1548 srv2 - ok

    23:40:30.0226 1548 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys

    23:40:30.0242 1548 srvnet - ok

    23:40:30.0336 1548 ssadbus (0b565af603eea1df046ff980ac54ec6d) C:\Windows\system32\DRIVERS\ssadbus.sys

    23:40:30.0351 1548 ssadbus - ok

    23:40:30.0492 1548 ssadmdfl (080766dfc1cc8d36c28b4003673c8cb0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

    23:40:30.0492 1548 ssadmdfl - ok

    23:40:30.0648 1548 ssadmdm (e83b435413580a8707ed8070072c0da2) C:\Windows\system32\DRIVERS\ssadmdm.sys

    23:40:30.0663 1548 ssadmdm - ok

    23:40:30.0741 1548 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

    23:40:30.0741 1548 swenum - ok

    23:40:30.0913 1548 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

    23:40:30.0913 1548 Symc8xx - ok

    23:40:31.0084 1548 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

    23:40:31.0084 1548 Sym_hi - ok

    23:40:31.0147 1548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

    23:40:31.0147 1548 Sym_u3 - ok

    23:40:31.0272 1548 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys

    23:40:31.0272 1548 SynTP - ok

    23:40:31.0428 1548 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys

    23:40:31.0474 1548 Tcpip - ok

    23:40:31.0662 1548 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys

    23:40:31.0662 1548 Tcpip6 - ok

    23:40:31.0818 1548 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

    23:40:31.0818 1548 tcpipreg - ok

    23:40:31.0880 1548 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

    23:40:31.0880 1548 TDPIPE - ok

    23:40:31.0896 1548 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

    23:40:31.0896 1548 TDTCP - ok

    23:40:31.0958 1548 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

    23:40:31.0958 1548 tdx - ok

    23:40:32.0005 1548 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

    23:40:32.0005 1548 TermDD - ok

    23:40:32.0208 1548 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

    23:40:32.0208 1548 tssecsrv - ok

    23:40:32.0348 1548 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

    23:40:32.0348 1548 tunmp - ok

    23:40:32.0457 1548 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

    23:40:32.0457 1548 tunnel - ok

    23:40:32.0582 1548 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

    23:40:32.0582 1548 uagp35 - ok

    23:40:32.0644 1548 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

    23:40:32.0644 1548 udfs - ok

    23:40:32.0707 1548 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

    23:40:32.0722 1548 uliagpkx - ok

    23:40:32.0769 1548 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

    23:40:32.0785 1548 uliahci - ok

    23:40:32.0925 1548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

    23:40:32.0925 1548 UlSata - ok

    23:40:32.0956 1548 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

    23:40:32.0956 1548 ulsata2 - ok

    23:40:33.0019 1548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

    23:40:33.0019 1548 umbus - ok

    23:40:33.0066 1548 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

    23:40:33.0081 1548 usbccgp - ok

    23:40:33.0097 1548 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

    23:40:33.0097 1548 usbcir - ok

    23:40:33.0237 1548 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

    23:40:33.0237 1548 usbehci - ok

    23:40:33.0487 1548 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys

    23:40:33.0487 1548 usbfilter - ok

    23:40:33.0643 1548 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

    23:40:33.0658 1548 usbhub - ok

    23:40:33.0690 1548 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

    23:40:33.0690 1548 usbohci - ok

    23:40:33.0799 1548 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

    23:40:33.0799 1548 usbprint - ok

    23:40:33.0908 1548 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

    23:40:33.0908 1548 usbscan - ok

    23:40:33.0986 1548 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    23:40:33.0986 1548 USBSTOR - ok

    23:40:34.0002 1548 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

    23:40:34.0033 1548 usbuhci - ok

    23:40:34.0064 1548 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

    23:40:34.0064 1548 usbvideo - ok

    23:40:34.0314 1548 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

    23:40:34.0314 1548 vga - ok

    23:40:34.0501 1548 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

    23:40:34.0501 1548 VgaSave - ok

    23:40:34.0548 1548 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

    23:40:34.0548 1548 viaagp - ok

    23:40:34.0579 1548 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

    23:40:34.0579 1548 ViaC7 - ok

    23:40:34.0594 1548 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

    23:40:34.0594 1548 viaide - ok

    23:40:34.0641 1548 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

    23:40:34.0657 1548 volmgr - ok

    23:40:34.0797 1548 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

    23:40:34.0797 1548 volmgrx - ok

    23:40:34.0953 1548 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

    23:40:34.0953 1548 volsnap - ok

    23:40:35.0062 1548 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys

    23:40:35.0094 1548 Vsdatant - ok

    23:40:35.0187 1548 vsdatant7 - ok

    23:40:35.0265 1548 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

    23:40:35.0265 1548 vsmraid - ok

    23:40:35.0328 1548 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

    23:40:35.0343 1548 WacomPen - ok

    23:40:35.0374 1548 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

    23:40:35.0374 1548 Wanarp - ok

    23:40:35.0421 1548 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

    23:40:35.0421 1548 Wanarpv6 - ok

    23:40:35.0452 1548 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

    23:40:35.0452 1548 Wd - ok

    23:40:35.0515 1548 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

    23:40:35.0530 1548 Wdf01000 - ok

    23:40:35.0749 1548 WisINT15 - ok

    23:40:35.0874 1548 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

    23:40:35.0874 1548 WmiAcpi - ok

    23:40:36.0030 1548 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

    23:40:36.0045 1548 WpdUsb - ok

    23:40:36.0154 1548 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

    23:40:36.0154 1548 ws2ifsl - ok

    23:40:36.0295 1548 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

    23:40:36.0310 1548 WUDFRd - ok

    23:40:36.0451 1548 yukonwlh (76213f365d474b98cebe61973ef92517) C:\Windows\system32\DRIVERS\yk60x86.sys

    23:40:36.0466 1548 yukonwlh - ok

    23:40:36.0529 1548 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0

    23:40:37.0683 1548 \Device\Harddisk0\DR0 - ok

    23:40:37.0683 1548 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

    23:40:37.0777 1548 \Device\Harddisk1\DR1 - ok

    23:40:37.0808 1548 Boot (0x1200) (9cf94513bd9012680ea8ab21e5e7298e) \Device\Harddisk0\DR0\Partition0

    23:40:37.0824 1548 \Device\Harddisk0\DR0\Partition0 - ok

    23:40:37.0824 1548 Boot (0x1200) (e43b676372b92dcca58027129a18242f) \Device\Harddisk1\DR1\Partition0

    23:40:37.0824 1548 \Device\Harddisk1\DR1\Partition0 - ok

    23:40:37.0839 1548 ============================================================

    23:40:37.0839 1548 Scan finished

    23:40:37.0839 1548 ============================================================

    23:40:37.0855 1480 Detected object count: 0

    23:40:37.0855 1480 Actual detected object count: 0
     
  15. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Bootkit remover log:

    Bootkit Remover

    (c) 2009 Esage Lab

    www.esagelab.com



    Program version: 1.2.0.1

    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600

    1), 32-bit



    System volume is \\.\C:

    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000

    Boot sector MD5 is: c3f4814ee2c87f8f4fc3acd72454a04d



    Size Device Name MBR Status

    --------------------------------------------

    149 GB \\.\PhysicalDrive0 Unknown boot code



    Unknown boot code has been found on some of your physical disks.

    To inspect the boot code manually, dump the master boot sector:

    remover.exe dump <device_name> [output_file]

    To disinfect the master boot sector, use the following command:

    remover.exe fix <device_name>





    Done;

    Press any key to quit...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Situtation seems to be the same as before, BSOD on booting to normal mode and all my files are hidden. I've not been able to check if I'm still getting page redirects as firefox just times out instead.

    Here's the OTL log files:

    OTL logfile created on: 08/01/2012 12:20:01 - Run 1

    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\J_D\Desktop

    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

    Internet Explorer (Version = 7.0.6001.18000)

    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy



    2.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 85.24% Memory free

    5.70 Gb Paging File | 5.47 Gb Available in Paging File | 96.00% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 139.28 Gb Total Space | 36.94 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

    Drive E: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.16% Space Free | Partition Type: FAT32



    Computer Name: JD | User Name: J_D | Logged in as Administrator.

    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



    ========== Processes (SafeList) ==========



    PRC - [2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

    PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

    PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe





    ========== Modules (No Company Name) ==========



    MOD - [2010/03/24 20:17:36 | 008,794,464 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

    MOD - [2010/01/30 01:41:12 | 004,254,560 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF





    ========== Win32 Services (SafeList) ==========



    SRV - [2010/07/26 15:01:58 | 000,066,112 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

    SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

    SRV - [2010/03/25 09:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

    SRV - [2009/12/02 21:23:52 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

    SRV - [2009/12/02 21:23:46 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

    SRV - [2008/06/11 18:18:30 | 000,024,576 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

    SRV - [2007/01/05 02:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)





    ========== Driver Services (SafeList) ==========



    DRV - [2010/07/14 11:51:56 | 000,065,584 | -H-- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

    DRV - [2010/05/15 15:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

    DRV - [2010/03/09 00:18:14 | 000,061,067 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

    DRV - [2010/03/09 00:18:14 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

    DRV - [2009/12/02 21:23:52 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

    DRV - [2009/12/02 21:23:50 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

    DRV - [2009/12/02 21:23:48 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

    DRV - [2009/12/02 21:23:46 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

    DRV - [2009/11/24 22:02:57 | 000,691,696 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2009/10/05 08:29:46 | 000,036,608 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

    DRV - [2009/09/30 06:53:12 | 001,184,768 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

    DRV - [2009/09/11 09:40:06 | 000,121,856 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

    DRV - [2009/09/11 09:40:06 | 000,090,240 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

    DRV - [2009/09/11 09:40:06 | 000,014,976 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

    DRV - [2009/09/04 10:12:50 | 000,030,240 | -H-- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

    DRV - [2008/06/11 18:13:24 | 000,015,392 | -H-- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)

    DRV - [2008/05/29 00:54:20 | 000,022,072 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

    DRV - [2008/04/28 13:26:42 | 000,014,352 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

    DRV - [2007/04/18 03:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)

    DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

    DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

    DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)





    ========== Standard Registry (SafeList) ==========





    ========== Internet Explorer ==========



    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620





    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







    IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

    IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

    IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========



    FF - prefs.js..browser.search.suggest.enabled: false

    FF - prefs.js..browser.startup.homepage: "about:blank"

    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

    FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0





    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 00:14:33 | 000,000,000 | -H-D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 23:49:07 | 000,000,000 | -H-D | M]



    [2009/07/10 19:01:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Extensions

    [2011/12/30 18:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions

    [2011/07/16 22:58:21 | 000,000,000 | -H-D | M] (Flashblock) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

    [2011/10/03 17:54:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    [2010/08/08 13:22:43 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    [2011/11/21 21:15:17 | 000,000,000 | -H-D | M] (BarTab) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\bartap@philikon.de

    [2011/12/30 18:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/08/02 20:01:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    [2009/07/20 23:38:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    [2010/10/12 15:33:32 | 000,124,344 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

    [2010/10/12 15:37:06 | 000,070,592 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

    [2010/10/12 15:35:42 | 000,091,576 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

    [2010/10/12 15:34:56 | 000,022,464 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

    [2010/07/17 04:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    [2010/10/12 17:16:54 | 000,484,768 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

    [2010/10/12 15:37:02 | 000,024,000 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

    [2011/03/16 17:14:58 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

    [2011/03/16 17:14:58 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

    [2011/03/16 17:14:58 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

    [2011/03/16 17:14:58 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml



    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)

    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O7 - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O13 - gopher Prefix: missing

    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31ACEB1F-49A9-4F9A-9E49-A5190977EE7A}: DhcpNameServer = 192.168.1.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9320EF47-532A-4291-998C-C147787C40C9}: DhcpNameServer = 192.168.1.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9832C338-BCF0-44BA-B579-0F4693C7A223}: DhcpNameServer = 192.168.1.1

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

    O24 - Desktop WallPaper: C:\Users\J_D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

    O24 - Desktop BackupWallPaper: C:\Users\J_D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*



    NetSvcs: FastUserSwitchingCompatibility - File not found

    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

    NetSvcs: Nla - File not found

    NetSvcs: Ntmssvc - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: SRService - File not found

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: LogonHours - File not found

    NetSvcs: PCAudit - File not found

    NetSvcs: helpsvc - File not found

    NetSvcs: uploadmgr - File not found



    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)



    CREATERESTOREPOINT



    Error creating restore point.



    ========== Files/Folders - Created Within 30 Days ==========



    [2012/01/08 12:09:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

    [2012/01/07 23:44:18 | 000,000,000 | ---D | C] -- C:\Users\J_D\Desktop\bootkit_remover

    [2012/01/07 23:39:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

    [2012/01/07 16:05:57 | 000,000,000 | ---D | C] -- C:\_OTL

    [2012/01/07 14:38:47 | 000,000,000 | --SD | C] -- C:\Joe

    [2012/01/07 13:07:27 | 004,369,970 | R--- | C] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

    [2012/01/06 21:51:18 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

    [2012/01/06 17:29:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2012/01/06 17:29:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2012/01/06 17:29:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2012/01/06 17:29:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

    [2012/01/06 17:29:41 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2012/01/06 16:56:02 | 000,000,000 | ---D | C] -- C:\Users\J_D\AV

    [2012/01/06 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Malwarebytes

    [2012/01/06 15:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/01/06 15:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2012/01/06 15:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    [2012/01/06 15:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2012/01/06 13:50:55 | 000,000,000 | ---D | C] -- C:\From_Desktop

    [2012/01/06 13:50:00 | 000,000,000 | -H-D | C] -- C:\Job Applications CV etc. Joe

    [2012/01/06 13:49:14 | 000,000,000 | -H-D | C] -- C:\Wedding

    [2012/01/06 13:47:41 | 000,000,000 | R--D | C] -- C:\Photos

    [3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files - Modified Within 30 Days ==========



    [2012/01/08 12:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/01/08 12:07:22 | 153,938,124 | ---- | M] () -- C:\Windows\MEMORY.DMP

    [2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

    [2012/01/06 21:54:28 | 000,000,512 | ---- | M] () -- C:\Users\J_D\Desktop\MBR.dat

    [2012/01/06 21:53:28 | 000,001,356 | ---- | M] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

    [2012/01/06 21:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

    [2012/01/06 17:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

    [2012/01/06 15:52:57 | 000,000,932 | ---- | M] () -- C:\Users\J_D\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

    [2012/01/06 12:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/01/06 12:51:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    [2011/12/30 18:34:45 | 000,601,392 | -H-- | M] () -- C:\Windows\System32\perfh009.dat

    [2011/12/30 18:34:45 | 000,104,548 | -H-- | M] () -- C:\Windows\System32\perfc009.dat

    [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files Created - No Company Name ==========



    [2012/01/06 21:54:28 | 000,000,512 | ---- | C] () -- C:\Users\J_D\Desktop\MBR.dat

    [2012/01/06 17:29:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

    [2012/01/06 17:29:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

    [2012/01/06 17:29:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2012/01/06 17:29:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2012/01/06 17:29:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2012/01/06 15:52:57 | 000,000,932 | ---- | C] () -- C:\Users\J_D\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

    [2010/06/10 18:18:28 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini

    [2010/05/05 12:52:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

    [2010/04/26 10:43:51 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

    [2010/04/26 10:43:51 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

    [2010/03/09 07:53:06 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe

    [2010/03/09 07:53:06 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini

    [2009/12/17 11:14:17 | 000,228,648 | ---- | C] () -- C:\Windows\OptChecker.exe

    [2009/11/27 18:32:35 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

    [2009/11/27 18:28:19 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

    [2009/11/20 09:16:29 | 000,000,642 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wklnhst.dat

    [2009/11/13 22:58:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

    [2009/10/06 16:49:18 | 000,008,704 | -H-- | C] () -- C:\Users\J_D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2009/09/25 01:30:01 | 000,001,356 | ---- | C] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

    [2009/07/20 19:17:58 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe

    [2009/07/20 19:10:48 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\InstallVCOM.exe

    [2009/07/14 18:51:25 | 000,000,138 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wpstate.ini

    [2009/07/10 19:04:55 | 000,011,854 | -H-- | C] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf

    [2009/07/10 18:38:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    [2009/07/04 14:30:03 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

    [2009/07/04 14:28:50 | 000,021,840 | -H-- | C] () -- C:\Windows\System32\SIntfNT.dll

    [2009/07/04 14:28:50 | 000,017,212 | -H-- | C] () -- C:\Windows\System32\SIntf32.dll

    [2009/07/04 14:28:50 | 000,012,067 | -H-- | C] () -- C:\Windows\System32\SIntf16.dll

    [2009/06/08 05:31:24 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll

    [2009/06/08 04:56:40 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll

    [2008/10/25 02:24:22 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll

    [2008/08/27 23:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

    [2008/08/27 23:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

    [2008/08/27 22:49:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

    [2008/08/27 22:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

    [2008/08/27 22:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

    [2008/08/27 22:49:15 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

    [2008/08/27 22:48:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat

    [2008/08/27 22:48:57 | 000,174,819 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat

    [2008/08/27 22:48:57 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe

    [2008/08/27 22:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    [2008/08/15 05:47:01 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    [2008/05/04 16:39:34 | 000,002,560 | -H-- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll

    [2008/01/21 02:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

    [2007/10/25 16:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

    [2006/12/13 15:03:14 | 000,074,240 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll

    [2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

    [2006/11/02 12:44:53 | 000,445,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

    [2006/11/02 10:33:01 | 000,601,392 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

    [2006/11/02 10:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

    [2006/11/02 10:33:01 | 000,104,548 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

    [2006/11/02 10:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

    [2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

    [2006/11/02 10:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    [2006/11/02 08:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

    [2006/11/02 07:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

    [2006/11/02 07:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

    [2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

    [2001/12/26 23:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll

    [2001/09/04 06:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll

    [2001/07/30 23:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

    [2001/07/24 05:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll



    ========== LOP Check ==========



    [2010/03/09 09:09:02 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Arduino

    [2009/11/24 22:17:11 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite

    [2011/03/17 15:12:07 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Echo Software

    [2009/12/01 16:14:50 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\GetRightToGo

    [2009/09/06 01:07:44 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\gtk-2.0

    [2011/10/14 15:39:14 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\ICAClient

    [2010/06/10 18:21:26 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Image Zone Express

    [2009/07/17 21:42:55 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\InterVideo

    [2009/12/01 16:05:39 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Microchip

    [2009/12/01 17:53:51 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\OpenOffice.org

    [2010/04/26 11:37:43 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\PC Suite

    [2010/01/05 14:34:31 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Printer Info Cache

    [2010/06/16 21:52:41 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Samsung

    [2011/12/30 00:21:30 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\SoftGrid Client

    [2009/11/13 22:09:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Sparx Systems

    [2011/12/29 22:37:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Spotify

    [2009/11/20 09:16:37 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Template

    [2011/04/14 09:20:18 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\TP

    [2012/01/06 12:51:16 | 000,032,630 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT



    ========== Purity Check ==========







    ========== Custom Scans ==========





    < %SYSTEMDRIVE%\*.*



    >


    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

    [2008/01/21 02:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr

    [2008/08/27 22:52:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

    [2010/01/04 23:46:51 | 000,003,215 | ---- | M] () -- C:\error.log

    [2009/12/01 14:54:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

    [2009/07/10 19:43:06 | 000,000,800 | ---- | M] () -- C:\MPUsbSIn.log

    [2009/12/01 14:54:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

    [2012/01/07 05:55:13 | 000,073,372 | ---- | M] () -- C:\OTL.Txt

    [2012/01/08 12:07:22 | 3264,606,208 | -HS- | M] () -- C:\pagefile.sys

    [2008/08/27 22:50:14 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

    [2012/01/07 14:38:24 | 000,000,368 | ---- | M] () -- C:\rkill.log

    [2012/01/06 17:09:20 | 000,074,782 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_17.01.12_log.txt

    [2012/01/07 23:41:48 | 000,074,264 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_07.01.2012_23.39.41_log.txt

    [2008/10/25 02:29:04 | 000,386,466 | ---- | M] () -- C:\vcredist_x86.log



    < %systemroot%\Fonts\*.com



    >


    [2006/11/02 12:35:34 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

    [2006/11/02 12:35:34 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

    [2006/11/02 12:35:34 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

    [2006/11/02 12:35:34 | 000,030,808 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont



    < %systemroot%\Fonts\*.dll



    >




    < %systemroot%\Fonts\*.ini



    >


    [2006/09/18 21:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini



    < %systemroot%\Fonts\*.ini2



    >




    < %systemroot%\Fonts\*.exe



    >




    < %systemroot%\system32\spool\prtprocs\w32x86\*.*



    >


    [2007/02/02 11:26:36 | 000,273,920 | -H-- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll

    [2008/01/21 02:32:37 | 000,089,600 | -H-- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

    [2006/10/27 02:56:12 | 000,033,104 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll



    < %systemroot%\REPAIR\*.bak1

    >




    < %systemroot%\REPAIR\*.ini



    >




    < %systemroot%\system32\*.jpg

    >




    < %systemroot%\*.jpg

    >




    < %systemroot%\*.png



    >




    < %systemroot%\*.scr

    >




    < %systemroot%\*._sy



    >




    < %APPDATA%\Adobe\Update\*.*



    >




    < %ALLUSERSPROFILE%\Favorites\*.*



    >




    < %APPDATA%\Microsoft\*.*



    >




    < %PROGRAMFILES%\*.*

    >


    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    [2004/01/12 07:45:28 | 000,011,854 | -H-- | M] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf



    < %APPDATA%\Update\*.*



    >




    < %systemroot%\*. /mp /s

    >




    < %systemroot%\System32\config\*.sav



    >


    [2008/01/21 03:31:11 | 015,716,352 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

    [2008/01/21 03:31:01 | 000,102,400 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

    [2008/01/21 03:31:12 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV

    [2006/11/02 10:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

    [2006/11/02 10:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV



    < %PROGRAMFILES%\bak. /s

    >




    < %systemroot%\system32\bak. /s



    >




    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x



    >




    < %systemroot%\system32\config\systemprofile\*.dat /x

    >




    < %systemroot%\*.config



    >




    < %systemroot%\system32\*.db



    >




    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x



    >




    < %USERPROFILE%\Desktop\*.exe



    >


    [2012/01/06 21:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

    [2011/05/07 17:51:05 | 772,116,456 | -H-- | M] () -- C:\Users\J_D\Desktop\AutoCADLT_2012_English_Win_32bit.exe

    [2011/10/14 15:42:53 | 014,108,096 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\J_D\Desktop\CitrixOnlinePluginWeb.exe

    [2011/08/05 16:53:04 | 005,496,112 | -H-- | M] (Macrovision Corporation) -- C:\Users\J_D\Desktop\filerecovery-demo.exe

    [2012/01/06 17:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

    [2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

    [2011/09/30 08:01:06 | 006,284,664 | -H-- | M] (Microsoft Corporation) -- C:\Users\J_D\Desktop\Silverlight.exe

    [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

    [2010/03/19 19:05:37 | 018,499,623 | -H-- | M] () -- C:\Users\J_D\Desktop\vlc-1.0.5-win32.exe

    [2010/03/19 18:59:45 | 001,364,522 | -H-- | M] () -- C:\Users\J_D\Desktop\wrar393.exe

    [2011/11/24 20:23:16 | 005,062,120 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Users\J_D\Desktop\zaSetupWeb_101_065_000.exe



    < %PROGRAMFILES%\Common Files\*.*



    >




    < %systemroot%\*.src



    >




    < %systemroot%\install\*.*



    >




    < %systemroot%\system32\DLL\*.*



    >




    < %systemroot%\system32\HelpFiles\*.*



    >




    < %systemroot%\system32\rundll\*.*

    >




    < %systemroot%\winn32\*.*

    >




    < %systemroot%\Java\*.*



    >




    < %systemroot%\system32\test\*.*



    >




    < %systemroot%\system32\Rundll32\*.*

    >




    < %systemroot%\AppPatch\Custom\*.*



    >




    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x



    >




    < %PROGRAMFILES%\PC-Doctor\Downloads\*.*



    >




    < %PROGRAMFILES%\Internet Explorer\*.tmp



    >




    < %PROGRAMFILES%\Internet Explorer\*.dat

    >




    < %USERPROFILE%\My Documents\*.exe



    >




    < %USERPROFILE%\*.exe

    >




    < %systemroot%\ADDINS\*.*



    >




    < %systemroot%\assembly\*.bak2



    >




    < %systemroot%\Config\*.*

    >




    < %systemroot%\REPAIR\*.bak2



    >




    < %systemroot%\SECURITY\Database\*.sdb /x



    >


    [2009/07/03 19:49:05 | 000,008,192 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.chk

    [2009/07/03 19:48:35 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.log

    [2008/10/25 02:16:03 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs

    [2008/10/25 02:16:03 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    [2009/07/03 19:48:35 | 001,056,768 | -H-- | M] () -- C:\Windows\SECURITY\Database\tmp.edb



    < %systemroot%\SYSTEM\*.bak2

    >




    < %systemroot%\Web\*.bak2

    >




    < %systemroot%\Driver Cache\*.*



    >




    < %PROGRAMFILES%\Mozilla Firefox\0*.exe



    >




    < %ProgramFiles%\Microsoft Common\*.*

    >




    < %ProgramFiles%\TinyProxy.



    >




    < %USERPROFILE%\Favorites\*.url /x



    >


    [2009/07/10 18:59:29 | 000,000,402 | -HS- | M] () -- C:\Users\J_D\Favorites\desktop.ini



    < %systemroot%\system32\*.bk



    >




    < %systemroot%\*.te

    >




    < %systemroot%\system32\system32\*.*



    >




    < %ALLUSERSPROFILE%\*.dat /x

    >


    [2011/09/02 18:23:37 | 000,007,406 | -H-- | M] () -- C:\ProgramData\hpzinstall.log



    < %systemroot%\system32\drivers\*.rmv



    >




    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c



    >




    < dir /b "%systemroot%\*.exe" | find /i " " /c



    >




    < %PROGRAMFILES%\Microsoft\*.*

    >




    < %systemroot%\System32\Wbem\proquota.exe



    >




    < %PROGRAMFILES%\Mozilla Firefox\*.dat

    >




    < %USERPROFILE%\Cookies\*.txt /x



    >




    < %SystemRoot%\system32\fonts\*.*



    >




    < %systemroot%\system32\winlog\*.*



    >




    < %systemroot%\system32\Language\*.*



    >




    < %systemroot%\system32\Settings\*.*

    >




    < %systemroot%\system32\*.quo



    >




    < %SYSTEMROOT%\AppPatch\*.exe



    >




    < %SYSTEMROOT%\inf\*.exe

    >




    < %SYSTEMROOT%\Installer\*.exe



    >




    < %systemroot%\system32\config\*.bak2



    >




    < %systemroot%\system32\Computers\*.*



    >




    < %SystemRoot%\system32\Sound\*.*

    >




    < %SystemRoot%\system32\SpecialImg\*.*



    >




    < %SystemRoot%\system32\code\*.*

    >




    < %SystemRoot%\system32\draft\*.*

    >




    < %SystemRoot%\system32\MSSSys\*.*



    >




    < %ProgramFiles%\Javascript\*.*



    >




    < %systemroot%\pchealth\helpctr\System\*.exe /s

    >




    < %systemroot%\Web\*.exe



    >




    < %systemroot%\system32\msn\*.*

    >




    < %systemroot%\system32\*.tro

    >




    < %AppData%\Microsoft\Installer\msupdates\*.*



    >




    < %ProgramFiles%\Messenger\*.*



    >




    < %systemroot%\system32\systhem32\*.*



    >




    < %systemroot%\system\*.exe

    >




    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU



    >




    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results >



    < \Install|LastSuccessTime /rs



    >






    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

    [C:\Windows\$NtUninstallKB33710$] -> -> Unknown point type



    < End of report >
     
  18. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Extras log:

    OTL Extras logfile created on: 08/01/2012 12:20:01 - Run 1

    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\J_D\Desktop

    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

    Internet Explorer (Version = 7.0.6001.18000)

    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy



    2.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 85.24% Memory free

    5.70 Gb Paging File | 5.47 Gb Available in Paging File | 96.00% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 139.28 Gb Total Space | 36.94 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

    Drive E: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.16% Space Free | Partition Type: FAT32



    Computer Name: JD | User Name: J_D | Logged in as Administrator.

    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



    ========== Extra Registry (SafeList) ==========





    ========== File Associations ==========



    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l



    [HKEY_USERS\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



    ========== Shell Spawning ==========



    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"

    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)



    ========== Security Center Settings ==========



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "cval" = 0



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    "DisableMonitoring" = 1



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    "AntiVirusOverride" = 1

    "AntiSpywareOverride" = 1

    "FirewallOverride" = 1

    "VistaSp1" = Reg Error: Unknown registry data type -- File not found



    ========== System Restore Settings ==========



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

    "DisableSR" = 0



    ========== Firewall Settings ==========



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    "EnableFirewall" = 0

    "DisableNotifications" = 0



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "EnableFirewall" = 0

    "DisableNotifications" = 0



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

    "EnableFirewall" = 0

    "DisableNotifications" = 0



    ========== Authorized Applications List ==========





    ========== Vista Active Open Ports Exception List ==========



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{1C849011-8A72-492E-B667-ED20EF6C58F1}" = rport=138 | protocol=17 | dir=out | app=system |

    "{2FB1A3B9-2327-48B9-BBD5-13F569D5E51B}" = lport=137 | protocol=17 | dir=in | app=system |

    "{3B159919-203B-4ED1-ADF6-23D58C8ECF75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

    "{401FAE4B-AD9A-4DF7-B33B-509093471E85}" = rport=139 | protocol=6 | dir=out | app=system |

    "{5662E499-833B-49AA-A581-0C49438293B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    "{99D5CA75-2884-4C31-A7D6-91D7C33D3BD6}" = lport=139 | protocol=6 | dir=in | app=system |

    "{A10E5FB6-43E4-4E6C-A819-9E827F5959F7}" = rport=137 | protocol=17 | dir=out | app=system |

    "{C01820F1-D7BD-4EFD-88AC-3F09305F5D87}" = rport=445 | protocol=6 | dir=out | app=system |

    "{C690997F-1A55-476D-B66A-E2ECE1EF4A58}" = lport=138 | protocol=17 | dir=in | app=system |

    "{C7E96352-B194-40A2-9FA2-68F6D7FAF547}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    "{D3A3FCE0-8AEE-4182-B26D-D94FB17A46CB}" = lport=445 | protocol=6 | dir=in | app=system |

    "{F0DCC09A-526A-400D-9CE5-BA1F5548B05B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |



    ========== Vista Active Application Exception List ==========



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{084AA9B9-9A8A-45F3-8A93-0A5069E950AA}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

    "{172F9ECB-8E6C-40AB-B685-1498EEB88EDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

    "{17B898DD-5C65-41F9-B9A6-9E3770546C56}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

    "{24321A40-BCB4-428B-9AB1-15B14102517A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

    "{3375F9DF-0F3A-40D0-979A-4A9E7D7DF06E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

    "{3A83480F-0355-49F3-A4BE-A72F9FC28281}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

    "{3EFB3A29-B8BB-47E1-AF90-9C8316BD9576}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{46B546B0-F205-4A41-BA05-7E87F04F71BB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

    "{4917C79B-EEA7-4F3F-ACA0-5F7BF9914370}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

    "{4E6758A7-74BF-479F-A995-DD779A3CCB69}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

    "{5071F9A0-9ABB-4AC6-A377-C384D4A32BDB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

    "{58FE3334-7323-472E-ADC8-D2FC0DD9A133}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

    "{60533F90-DB5C-4C2A-8B49-C1E6239E5C60}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

    "{6AB12C0F-7296-4904-82A8-F7DBB734FE06}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

    "{7188F786-A146-4EC9-A871-9632C57A1E73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

    "{77023E52-02D7-4C20-A98C-E48FD358846A}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |

    "{7C6347EC-E4E4-4A70-B81A-14C630C7ED38}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    "{7FA6F1F3-CAD9-4D53-9BB5-6D68BC5CDFC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    "{948EB7ED-60C2-4F4F-8FC7-E15E70386E34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

    "{A0B930BB-F97C-4456-A4B1-768F4B837F59}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

    "{BB0280C6-823D-48A2-89A3-EC9F94546F8E}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |

    "{C1DAA8F0-48F6-4107-9D38-27953ED7E840}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

    "{C59547BF-866D-4A20-B320-17D04EE29D9C}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

    "{D39D88F0-AED9-4E2C-869F-04332B5E63E7}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |

    "{E18F62AB-7439-4691-8DFC-EE6A7B99AA4F}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

    "{EB4041C0-53EB-40EF-8307-D4E42E9F0BB2}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |

    "{EE80248D-B542-48ED-8B4F-D3ADC35F5568}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

    "{F27A2A26-6000-4288-8A14-DFE7692CD450}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    "{F5F0C960-F868-49F6-A00B-4D9F3A33A40D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    "{F836D45C-2CC3-4E91-AC94-941DDAFB157D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |



    ========== HKEY_LOCAL_MACHINE Uninstall List ==========



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

    "{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese

    "{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish

    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

    "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver

    "{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech

    "{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

    "{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy

    "{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional

    "{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light

    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

    "{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch

    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21

    "{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian

    "{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing

    "{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New

    "{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static

    "{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian

    "{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish

    "{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish

    "{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German

    "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12

    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

    "{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista

    "{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese

    "{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

    "{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean

    "{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai

    "{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish

    "{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish

    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

    "{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish

    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

    "{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2

    "{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch

    "{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese

    "{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

    "{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian

    "{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard

    "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver

    "{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins

    "{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French

    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

    "{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish

    "{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese

    "{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian

    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

    "{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian

    "{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian

    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines

    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

    "{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

    "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English

    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

    "{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian

    "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter

    "{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek

    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

    "{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard

    "{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English

    "{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean

    "{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian

    "{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish

    "{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = Active@ File Recovery

    "{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager

    "{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek

    "{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish

    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

    "{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

    "{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation

    "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver

    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

    "{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai

    "{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish

    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

    "{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech

    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

    "{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German

    "{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional

    "{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

    "{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish

    "{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

    "Aspell" = Aspell Data

    "Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)

    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

    "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

    "FTDICOMM" = FTDI USB Serial Converter Drivers

    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

    "LManager" = Launch Manager

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)

    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010

    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

    "SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software

    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software

    "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software

    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

    "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software

    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software

    "Spotify" = Spotify

    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    "Total Annihilation" = Total Annihilation

    "VISPROR" = Microsoft Office Visio Professional 2007 Trial

    "VLC media player" = VLC media player 1.0.5

    "WinRAR archiver" = WinRAR archiver

    "ZoneAlarm" = ZoneAlarm



    ========== Last 10 Event Log Errors ==========



    [ Application Events ]

    Error - 04/12/2011 15:54:27 | Computer Name = jd | Source = Windows Search Service | ID = 3083

    Description =



    Error - 04/12/2011 18:01:47 | Computer Name = jd | Source = Application Error | ID = 1000

    Description = Faulting application AUDIODG.EXE, version 6.0.6001.18000, time stamp

    0x47919284, faulting module RtkAPO.dll, version 11.0.6000.69, time stamp 0x486c73e5,

    exception code 0xc0000005, fault offset 0x00185df5, process id 0x4dc, application

    start time 0x01ccb11a50b5cb9a.



    Error - 04/12/2011 18:22:29 | Computer Name = jd | Source = WinMgmt | ID = 10

    Description =



    Error - 05/12/2011 15:36:31 | Computer Name = jd | Source = WinMgmt | ID = 10

    Description =



    Error - 05/12/2011 17:50:06 | Computer Name = jd | Source = Windows Search Service | ID = 3083

    Description =



    Error - 07/12/2011 17:22:58 | Computer Name = jd | Source = CVHSVC | ID = 100

    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

    DownloadLatest Failed:



    Error - 09/12/2011 07:21:45 | Computer Name = jd | Source = CVHSVC | ID = 100

    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

    DownloadLatest Failed:



    Error - 11/12/2011 08:56:14 | Computer Name = jd | Source = CVHSVC | ID = 100

    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

    DownloadLatest Failed:



    Error - 11/12/2011 10:47:37 | Computer Name = jd | Source = Windows Search Service | ID = 3083

    Description =



    Error - 11/12/2011 11:11:36 | Computer Name = jd | Source = Windows Search Service | ID = 3083

    Description =



    [ System Events ]

    Error - 08/01/2012 08:07:45 | Computer Name = jd | Source = EventLog | ID = 6008

    Description = The previous system shutdown at 12:06:26 on 08/01/2012 was unexpected.



    Error - 08/01/2012 08:07:52 | Computer Name = jd | Source = Microsoft-Windows-Eventlog | ID = 22

    Description =



    Error - 08/01/2012 08:08:37 | Computer Name = jd | Source = DCOM | ID = 10005

    Description =



    Error - 08/01/2012 08:08:44 | Computer Name = jd | Source = DCOM | ID = 10005

    Description =



    Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7001

    Description =



    Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7003

    Description =



    Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7003

    Description =



    Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7001

    Description =



    Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7026

    Description =



    Error - 08/01/2012 08:09:06 | Computer Name = jd | Source = DCOM | ID = 10005

    Description =





    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
  20. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    UnHide worked, all my files are visible again and start menu is repopulated.

    The BSOD log is pretty long so I'll put it in the next reply. Very cool program that.
     
  21. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    ==================================================

    Dump File : Mini010812-03.dmp

    Crash Time : 08/01/2012 13:07:11

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8e16a936

    Parameter 3 : 0x8a9c9990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010812-03.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010812-01.dmp

    Crash Time : 08/01/2012 12:07:41

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8e167936

    Parameter 3 : 0x8a923990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010812-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010712-02.dmp

    Crash Time : 07/01/2012 11:10:10

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8e36a936

    Parameter 3 : 0x8c149990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010712-02.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010712-01.dmp

    Crash Time : 07/01/2012 00:32:14

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8df69936

    Parameter 3 : 0x8c34f990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010712-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010612-07.dmp

    Crash Time : 06/01/2012 23:01:26

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8dd66936

    Parameter 3 : 0x95423990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010612-07.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010612-06.dmp

    Crash Time : 06/01/2012 21:48:44

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8e161936

    Parameter 3 : 0x8c29d990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010612-06.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010612-04.dmp

    Crash Time : 06/01/2012 19:38:57

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8e162936

    Parameter 3 : 0x8e8e2990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010612-04.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini010612-01.dmp

    Crash Time : 06/01/2012 12:58:45

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8cf6a936

    Parameter 3 : 0x8c371990

    Parameter 4 : 0x00000000

    Caused By Driver : atikmdag.sys

    Caused By Address : atikmdag.sys+15d936

    File Description : ATI Radeon Kernel Mode Driver

    Product Name : ATI Radeon Family

    Company : ATI Technologies Inc.

    File Version : 7.01.01.523

    Processor : 32-bit

    Crash Address : atikmdag.sys+15d936

    Stack Address 1 : atikmdag.sys+35eac

    Stack Address 2 : atikmdag.sys+24674

    Stack Address 3 : atikmdag.sys+247c6

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini010612-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini123011-01.dmp

    Crash Time : 30/12/2011 21:59:40

    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

    Bug Check Code : 0x00000050

    Parameter 1 : 0x8f1aff0e

    Parameter 2 : 0x00000000

    Parameter 3 : 0x86d20640

    Parameter 4 : 0x00000002

    Caused By Driver : sptd.sys

    Caused By Address : sptd.sys+0

    File Description : SCSI Pass Through Direct Host

    Product Name : SCSI Pass Through Direct

    Company : Duplex Secure Ltd.

    File Version : 1.62.0.0 built by: WinDDK

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+a5195

    Stack Address 1 : ntkrnlpa.exe+5abf4

    Stack Address 2 :

    Stack Address 3 :

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini123011-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 133,488

    ==================================================



    ==================================================

    Dump File : Mini121311-01.dmp

    Crash Time : 13/12/2011 23:43:02

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x8212e218

    Parameter 3 : 0xa2b0472c

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+b78ba

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+ed218

    Stack Address 1 : ntkrnlpa.exe+ee6e0

    Stack Address 2 : win32k.sys+bae0e

    Stack Address 3 : win32k.sys+d4934

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini121311-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini120511-01.dmp

    Crash Time : 05/12/2011 19:35:58

    Bug Check String : BAD_POOL_CALLER

    Bug Check Code : 0x000000c2

    Parameter 1 : 0x00000007

    Parameter 2 : 0x0000110b

    Parameter 3 : 0x00820022

    Parameter 4 : 0xfe4253f8

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+d763f

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : ntkrnlpa.exe+ee00c

    Stack Address 2 : win32k.sys+7089

    Stack Address 3 : win32k.sys+6a04

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini120511-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini120211-01.dmp

    Crash Time : 02/12/2011 17:46:47

    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

    Bug Check Code : 0x00000050

    Parameter 1 : 0xfe600000

    Parameter 2 : 0x00000000

    Parameter 3 : 0x94ee6f74

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+6b4f

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+a5195

    Stack Address 1 : ntkrnlpa.exe+5abf4

    Stack Address 2 : win32k.sys+6f74

    Stack Address 3 : win32k.sys+69b0

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini120211-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini113011-01.dmp

    Crash Time : 30/11/2011 18:50:21

    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

    Bug Check Code : 0x00000050

    Parameter 1 : 0xfe423004

    Parameter 2 : 0x00000000

    Parameter 3 : 0x94c56f24

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+6b4f

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+a5195

    Stack Address 1 : ntkrnlpa.exe+5abf4

    Stack Address 2 : win32k.sys+6f24

    Stack Address 3 : win32k.sys+69b0

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini113011-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini112411-01.dmp

    Crash Time : 24/11/2011 22:41:50

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0xff097a9a

    Parameter 3 : 0x9f8bacf0

    Parameter 4 : 0x00000000

    Caused By Driver :

    Caused By Address :

    File Description :

    Product Name :

    Company :

    File Version :

    Processor : 32-bit

    Crash Address :

    Stack Address 1 :

    Stack Address 2 :

    Stack Address 3 :

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini112411-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini111211-01.dmp

    Crash Time : 12/11/2011 17:06:58

    Bug Check String : PFN_LIST_CORRUPT

    Bug Check Code : 0x0000004e

    Parameter 1 : 0x00000099

    Parameter 2 : 0x000ffff7

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd1e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : ntkrnlpa.exe+a398b

    Stack Address 2 : ntkrnlpa.exe+1b3d21

    Stack Address 3 : ntkrnlpa.exe+1b3dbe

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini111211-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini101611-01.dmp

    Crash Time : 16/10/2011 21:19:08

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x81578448

    Parameter 3 : 0x96101c8c

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+c8448

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : win32k.sys+c8448

    Stack Address 1 : win32k.sys+c9c15

    Stack Address 2 : win32k.sys+c9bcb

    Stack Address 3 : ntkrnlpa.exe+57a9a

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini101611-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini100911-01.dmp

    Crash Time : 09/10/2011 12:59:34

    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

    Bug Check Code : 0x00000050

    Parameter 1 : 0xfe46504c

    Parameter 2 : 0x00000000

    Parameter 3 : 0x952c6f74

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+6b4f

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+a5195

    Stack Address 1 : ntkrnlpa.exe+5abf4

    Stack Address 2 : win32k.sys+6f74

    Stack Address 3 : win32k.sys+69b0

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini100911-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini082911-01.dmp

    Crash Time : 29/08/2011 18:58:17

    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

    Bug Check Code : 0x00000050

    Parameter 1 : 0xfe600000

    Parameter 2 : 0x00000000

    Parameter 3 : 0x81806f74

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+936e3

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+a5195

    Stack Address 1 : ntkrnlpa.exe+5abf4

    Stack Address 2 : win32k.sys+6f74

    Stack Address 3 : win32k.sys+69b0

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini082911-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini081811-01.dmp

    Crash Time : 18/08/2011 22:00:03

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x955acff5

    Parameter 3 : 0x9ba3bc54

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+ccff5

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : win32k.sys+ccff5

    Stack Address 1 : win32k.sys+cd139

    Stack Address 2 : ntkrnlpa.exe+57a9a

    Stack Address 3 :

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini081811-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini071711-01.dmp

    Crash Time : 17/07/2011 10:05:56

    Bug Check String : PFN_LIST_CORRUPT

    Bug Check Code : 0x0000004e

    Parameter 1 : 0x00000099

    Parameter 2 : 0x0003c34a

    Parameter 3 : 0x00000002

    Parameter 4 : 0x00055619

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd1e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : ntkrnlpa.exe+a398b

    Stack Address 2 : ntkrnlpa.exe+9d9ba

    Stack Address 3 : ntkrnlpa.exe+efba4

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini071711-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini061311-01.dmp

    Crash Time : 13/06/2011 07:17:40

    Bug Check String : IRQL_NOT_LESS_OR_EQUAL

    Bug Check Code : 0x0000000a

    Parameter 1 : 0x0a1400a0

    Parameter 2 : 0x00000002

    Parameter 3 : 0x00000000

    Parameter 4 : 0x820d403d

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+5adc4

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+5adc4

    Stack Address 1 : ntkrnlpa.exe+8803d

    Stack Address 2 : ntkrnlpa.exe+88bf7

    Stack Address 3 : ntkrnlpa.exe+87495

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini061311-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini060811-01.dmp

    Crash Time : 08/06/2011 07:03:03

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x948d3801

    Parameter 3 : 0x9eff5c14

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+d3801

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : win32k.sys+d3801

    Stack Address 1 : win32k.sys+d409f

    Stack Address 2 : win32k.sys+d49c1

    Stack Address 3 : win32k.sys+d4b0b

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini060811-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini060711-01.dmp

    Crash Time : 07/06/2011 20:09:47

    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

    Bug Check Code : 0x1000008e

    Parameter 1 : 0xc0000005

    Parameter 2 : 0x953b8e33

    Parameter 3 : 0xa03c5c98

    Parameter 4 : 0x00000000

    Caused By Driver : win32k.sys

    Caused By Address : win32k.sys+c8e33

    File Description : Multi-User Win32 Driver

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : win32k.sys+c8e33

    Stack Address 1 : win32k.sys+cd15f

    Stack Address 2 :

    Stack Address 3 :

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini060711-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini060611-01.dmp

    Crash Time : 06/06/2011 07:42:40

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x85564020

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini060611-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini071510-01.dmp

    Crash Time : 15/07/2010 12:08:28

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0xae872020

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini071510-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini062810-01.dmp

    Crash Time : 28/06/2010 12:43:39

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x837b76b0

    Parameter 3 : 0x853d5030

    Parameter 4 : 0x85008c48

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd1e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : ntkrnlpa.exe+33b8c

    Stack Address 2 : ntkrnlpa.exe+336dc

    Stack Address 3 : ntkrnlpa.exe+b6d20

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini062810-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini062510-01.dmp

    Crash Time : 25/06/2010 06:56:26

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0xa32cdd78

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini062510-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini062410-01.dmp

    Crash Time : 24/06/2010 15:37:30

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x83b9db70

    Parameter 3 : 0x853fe380

    Parameter 4 : 0x85072268

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd1e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd1e3

    Stack Address 1 : ntkrnlpa.exe+33b8c

    Stack Address 2 : ntkrnlpa.exe+336dc

    Stack Address 3 : ntkrnlpa.exe+b6d20

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini062410-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini061010-01.dmp

    Crash Time : 10/06/2010 14:57:39

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x833656b0

    Parameter 3 : 0x84fcc030

    Parameter 4 : 0x849c23e8

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd0e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : ntkrnlpa.exe+33b5c

    Stack Address 2 : ntkrnlpa.exe+336ac

    Stack Address 3 : ntkrnlpa.exe+b6c40

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini061010-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini060310-01.dmp

    Crash Time : 03/06/2010 08:40:58

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0xa7906020

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini060310-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini052610-01.dmp

    Crash Time : 26/05/2010 14:48:32

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x833adb70

    Parameter 3 : 0x84fd6030

    Parameter 4 : 0x8514c560

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd0e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : ntkrnlpa.exe+33b5c

    Stack Address 2 : ntkrnlpa.exe+336ac

    Stack Address 3 : ntkrnlpa.exe+b6c40

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini052610-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini033110-01.dmp

    Crash Time : 31/03/2010 16:34:52

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x8c91da80

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini033110-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini031010-01.dmp

    Crash Time : 10/03/2010 10:14:28

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x84d83a30

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini031010-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini021410-01.dmp

    Crash Time : 14/02/2010 10:58:18

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x85522020

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini021410-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini021310-01.dmp

    Crash Time : 13/02/2010 16:31:29

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x848b7020

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini021310-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini020510-01.dmp

    Crash Time : 05/02/2010 18:11:13

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x85a51738

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini020510-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini020110-01.dmp

    Crash Time : 01/02/2010 17:41:18

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x850cf3c0

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini020110-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini012610-01.dmp

    Crash Time : 26/01/2010 17:23:12

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x833b56b0

    Parameter 3 : 0x84fc6030

    Parameter 4 : 0x8bf2a760

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd0e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : ntkrnlpa.exe+33b5c

    Stack Address 2 : ntkrnlpa.exe+336ac

    Stack Address 3 : ntkrnlpa.exe+b6c40

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini012610-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini012510-01.dmp

    Crash Time : 25/01/2010 21:31:48

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x84d40580

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini012510-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini121109-01.dmp

    Crash Time : 11/12/2009 09:58:54

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x833aed78

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini121109-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini120809-01.dmp

    Crash Time : 08/12/2009 21:56:03

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x833656b0

    Parameter 3 : 0x84fd4030

    Parameter 4 : 0x84053578

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd0e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : ntkrnlpa.exe+33b5c

    Stack Address 2 : ntkrnlpa.exe+336ac

    Stack Address 3 : ntkrnlpa.exe+b6c40

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini120809-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,352

    ==================================================



    ==================================================

    Dump File : Mini102609-01.dmp

    Crash Time : 26/10/2009 12:35:58

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x831add78

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini102609-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,304

    ==================================================



    ==================================================

    Dump File : Mini082609-01.dmp

    Crash Time : 26/08/2009 03:13:26

    Bug Check String : DRIVER_POWER_STATE_FAILURE

    Bug Check Code : 0x0000009f

    Parameter 1 : 0x00000003

    Parameter 2 : 0x83fa0b70

    Parameter 3 : 0x84d4f030

    Parameter 4 : 0x859d9e28

    Caused By Driver : ntkrnlpa.exe

    Caused By Address : ntkrnlpa.exe+cd0e3

    File Description : NT Kernel & System

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : ntkrnlpa.exe+33b5c

    Stack Address 2 : ntkrnlpa.exe+336ac

    Stack Address 3 : ntkrnlpa.exe+b6c40

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini082609-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,304

    ==================================================



    ==================================================

    Dump File : Mini082309-01.dmp

    Crash Time : 23/08/2009 19:05:02

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x855a74c0

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini082309-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,304

    ==================================================



    ==================================================

    Dump File : Mini081909-01.dmp

    Crash Time : 19/08/2009 17:04:12

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x843fd460

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini081909-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,304

    ==================================================



    ==================================================

    Dump File : Mini081809-01.dmp

    Crash Time : 18/08/2009 21:48:48

    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

    Bug Check Code : 0x100000ea

    Parameter 1 : 0x85825bd8

    Parameter 2 : 0x00000000

    Parameter 3 : 0x00000000

    Parameter 4 : 0x00000000

    Caused By Driver : dxgkrnl.sys

    Caused By Address : dxgkrnl.sys+15b60

    File Description : DirectX Graphics Kernel

    Product Name : Microsoft® Windows® Operating System

    Company : Microsoft Corporation

    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

    Processor : 32-bit

    Crash Address : ntkrnlpa.exe+cd0e3

    Stack Address 1 : dxgkrnl.sys+15b60

    Stack Address 2 : dxgkrnl.sys+d6cf

    Stack Address 3 : atikmdag.sys+349e2

    Computer Name :

    Full Path : C:\Windows\Minidump\Mini081809-01.dmp

    Processors Count : 1

    Major Version : 15

    Minor Version : 6001

    Dump File Size : 138,304

    ==================================================
     
  22. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    Ok, the BSOD from atikmdag.sy appears to be a pretty common issue with the catalyst control centre drivers. As a temporary check on that I renamed it to atikmdag.sy.old and tried booting to normal mode and it's booted fine (display settings are pretty borked but I guess that's down to the driver). What are the chances the BSOD was a completely unrelated issue and not caused by system-check? It's been running a few minutes now without system check or anti-malware 2012 popping or the mass of error messages. There is one message about the recycle bin being corrupted for C:\ and do I want to empty it.

    Any suggestions for next steps antivirus wise? I'll look into the catalyst control centre issue to see how I can get round that.

    Cheers
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good investigating job :)

    Your computer was definitely infected.
    The infection could have corrupted CCC files, or it was independent issue.
    CCC doesn't need to run as a startup, so you can disable it altogether.

    Now, when in normal mode, update MBAM, run "Quick scan" and post new log.
    Then post fresh OTL log.

    P.S. I'm not sure which setting is causing this but all your logs paste with double space, which requires a lot of scrolling. Can you fix it?
     
  24. jcd106

    jcd106 TS Rookie Topic Starter Posts: 20

    According to msconfig CCC is disabled at start up - not sure what's going on there.

    I've tried update MBAM a couple of times but the internet connection on my laptop drops out everytime (including using a wired connection). It claims that I only have local access even though I'm currently using the same connection on the internet fine. After a while the update times out. Confused by that one. When it times out from this attempt I'll run the quick scan without updating.

    As for logs I'm not sure but I'll try and fix it. Might be geany doing some strange formatting before I copy and paste.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You may want to reinstall your video driver later.

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...