Inactive [A] Vista System Check and Anti-malware 2012 removal

jcd106 · Jan 6, 2012

Hi,

I've got the System Check and Anti-malware 2012 virii on my laptop. It's now got to the stage where it BSODs if I try to boot normally; safe mode is working though.

I have AVG anti-virus but can't get it to run.

Following the 5-steps I ran MBAM, GMER and DDS. MBAM removed some programs but hasn't made any noticable difference. If anyone could look over the logs and suggest the next step that would be great.

MBAM:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)

Internet Explorer 7.0.6001.18000

J_D :: JD [administrator]

06/01/2012 16:07:28

mbam-log-2012-01-06 (16-07-28).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 284685

Time elapsed: 42 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gyjAEPulVY.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\gyjAEPulVY.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\J_D\AppData\Local\vqy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\ProgramData\gyjAEPulVY.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\ProgramData\PFVFibYKQESxet.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\J_D\AppData\Local\Temp\sblnmHWn.exe.part (Affiliate.Downloader) -> Quarantined and deleted successfully.

C:\Users\J_D\AppData\Local\Temp\wera0.8229707630205582.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.

(end)

GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit quick scan 2012-01-06 17:16:55

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C

Running: 9yftqqw2.exe; Driver: C:\Users\J_D\AppData\Local\Temp\fxldypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS dds.txt :

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21

Run by J_D at 17:17:30 on 2012-01-06

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2813.2362 [GMT 0:00]

.

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\ZoneLabs\vsmon.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eRecoveryService]

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NPSStartup]

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Skytel] Skytel.exe

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [GrpConv] grpconv -o

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{31ACEB1F-49A9-4F9A-9E49-A5190977EE7A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9320EF47-532A-4291-998C-C147787C40C9} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9832C338-BCF0-44BA-B579-0F4693C7A223} : DhcpNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\j_d\appdata\roaming\mozilla\firefox\profiles\6e54mba6.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\users\j_d\appdata\roaming\mozilla\firefox\profiles\6e54mba6.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-8-27 22072]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-3 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-3 27784]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-3 297752]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-4-26 30240]

S3 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-10-25 24576]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-26 36608]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]

S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]

S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]

S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-4-26 90240]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-4-26 14976]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-4-26 121856]

.

=============== Created Last 30 ================

.

2012-01-06 16:56:02 -------- d-----w- c:\users\j_d\AV

2012-01-06 15:53:06 -------- d-----w- c:\users\j_d\appdata\roaming\Malwarebytes

2012-01-06 15:52:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-06 15:52:55 -------- d-----w- c:\programdata\Malwarebytes

2012-01-06 15:52:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-06 13:50:55 -------- d-----w- C:\From_Desktop

2012-01-06 13:50:00 -------- d--h--w- C:\Job Applications CV etc. Joe

2012-01-06 13:49:14 -------- d--h--w- C:\Wedding

2012-01-06 13:47:41 -------- d-----r- C:\Photos

2012-01-06 12:38:15 708478 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-01-06 12:35:44 -------- d-----w- c:\windows\LastGood.Tmp

2011-12-10 01:17:12 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{e8ef7495-e905-4a60-9078-9152c7da58c6}\mpengine.dll

.

==================== Find3M ====================

.

2011-12-31 05:50:47 184320 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-11-15 14:29:56 222080 ---h--w- c:\windows\system32\MpSigStub.exe

2011-11-11 20:37:17 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 17:18:38.88 ===============

DDS Attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 25/10/2008 03:16:27

System Uptime: 06/01/2012 16:56:57 (1 hours ago)

.

Motherboard: eMachines | | eMachines D620

Processor: AMD Athlon(tm) Processor 2650e | Socket M2/S1G1 | 1596/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 37.085 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 1 (SP1)

32 Bit HP CIO Components Installer

Acrobat.com

Active@ File Recovery

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9.1

AMD USB Audio Driver Filter

Aspell 0.6 Dictionary (Language: en)

Aspell Data

ATI Catalyst Install Manager

AVG Free 8.5

Bejeweled 2 Deluxe

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

eMachines

eMachines Recovery Management

FreeMind

FTDI USB Serial Converter Drivers

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Update

HPSSupply

InterVideo WinDVD 8

J2SE Runtime Environment 5.0 Update 12

Java Auto Updater

Java(TM) 6 Update 21

Launch Manager

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.60.0.1800

Marvell Miniport Driver

Microsoft .NET Framework 3.5 SP1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office Home and Business 2010 - English

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio Professional 2007

Microsoft Office Visio Professional 2007 Trial

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2008 Management Objects

Mozilla Firefox (3.6.25)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTI Backup Now 5

NTI Backup Now Standard

Paint.NET v3.5.10

Programmer's Notepad 2

Realtek High Definition Audio Driver

SAMSUNG Android USB Modem Software

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

SAMSUNG Mobile Modem V2 Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Driver

SAMSUNG Mobile USB Modem 1.0 Software

Samsung Mobile USB Modem Device Software

SAMSUNG Mobile USB Modem Software

SAMSUNG SYMBIAN USB Download Driver

SAMSUNG USB Mobile Device Software

Skins

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 9

Spotify

SQL Server System CLR Types

Synaptics Pointing Device Driver

Total Annihilation

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC 9.0 Runtime

VirtualCom driver

VLC media player 1.0.5

Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

WinRAR archiver

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

30/12/2011 22:00:12, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

30/12/2011 22:00:12, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

30/12/2011 22:00:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

30/12/2011 21:59:17, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

30/12/2011 18:30:44, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

30/12/2011 18:30:21, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

06/01/2012 13:43:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 ctxusbm spldr sptd Wanarpv6

06/01/2012 12:59:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

06/01/2012 12:59:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 ctxusbm DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Vsdatant Wanarpv6

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:47, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

06/01/2012 12:59:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

06/01/2012 12:59:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

06/01/2012 12:59:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

06/01/2012 12:58:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

06/01/2012 12:58:14, Error: sptd [4] - Driver detected an internal error in its data structures for .

06/01/2012 10:32:03, Error: PlugPlayManager [10] - Error writing to server side install pipe

06/01/2012 10:30:10, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

06/01/2012 10:30:10, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

.

==== End Of File ===========================

Broni · Jan 6, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jcd106 · Jan 6, 2012

Thanks for the very quick response Broni!

I ran aswMBR and got the log below. ComboFix hangs at the scanning stage. I tried it for half an hour, then tried running rKill (log below as well, the desktop flickered a few times but it didn't seem to kill anything) and tried again. It's been running another 20 minutes or so but not got any further. I have AVG installed but not running, I'll uninstall it and have another try.

All of this is in safe mode as I can't get into normal mode.

aswMBR:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-06 21:51:20

-----------------------------

21:51:20.451 OS Version: Windows 6.0.6001 Service Pack 1

21:51:20.451 Number of processors: 1 586 0x7F02

21:51:20.451 ComputerName: JD UserName:

21:51:21.387 Initialize success

21:53:46.139 AVAST engine download error: 0

21:53:56.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:53:56.513 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3

21:53:56.529 Disk 0 MBR read successfully

21:53:56.529 Disk 0 MBR scan

21:53:56.575 Disk 0 unknown MBR code

21:53:56.575 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048

21:53:56.591 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142625 MB offset 20482048

21:53:56.607 Disk 0 scanning sectors +312578048

21:53:56.700 Disk 0 scanning C:\Windows\system32\drivers

21:54:03.502 Service scanning

21:54:05.639 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32

21:54:06.232 Modules scanning

21:54:11.380 Disk 0 trace - called modules:

21:54:11.427 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

21:54:11.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85324528]

21:54:11.427 3 CLASSPNP.SYS[89fa7745] -> nt!IofCallDriver -> [0x84575918]

21:54:11.442 5 acpi.sys[8072e6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85326448]

21:54:11.442 Scan finished successfully

21:54:28.009 Disk 0 MBR has been saved successfully to "C:\Users\J_D\Desktop\MBR.dat"

21:54:28.009 The log file has been saved successfully to "C:\Users\J_D\Desktop\aswMBR.txt"

21:54:42.143 Disk 0 MBR has been saved successfully to "E:\Logs\MBR.dat"

21:54:42.159 The log file has been saved successfully to "E:\Logs\aswMBR.txt"

rKill:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 06/01/2012 at 22:32:33.

Operating System: Windows Vista (TM) Home Basic

Processes terminated by Rkill or while it was running:

Rkill completed on 06/01/2012 at 22:32:38.

Broni · Jan 6, 2012

As my instructions say you must uninstall AVG first.

jcd106 · Jan 6, 2012

Yep, uninstalled AVG but ComboFix is still hanging at the same place. Have left it running incase it's just taking a while

Broni · Jan 6, 2012

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

jcd106 · Jan 6, 2012

Will do, thanks for your help

jcd106 · Jan 6, 2012

OTL log :

OTL logfile created on: 1/7/2012 12:52:11 AM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Basic Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 37.03 Gb Free Space | 26.59% Space Free | Partition Type: NTFS

Drive D: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.18% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 10:01:58 | 000,066,112 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

SRV - [2010/06/23 07:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/03/25 04:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/02 16:23:52 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/12/02 16:23:46 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2008/06/11 13:18:30 | 000,024,576 | -H-- | M] () [On_Demand] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2007/01/04 21:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WisINT15)

DRV - File not found [Kernel | On_Demand] -- -- (vsdatant7)

DRV - File not found [Kernel | On_Demand] -- -- (pccsmcfd)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2010/07/14 06:51:56 | 000,065,584 | -H-- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2010/03/08 19:18:14 | 000,061,067 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2010/03/08 19:18:14 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2009/12/02 16:23:52 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2009/12/02 16:23:50 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/12/02 16:23:48 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2009/12/02 16:23:46 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009/11/24 17:02:57 | 000,691,696 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009/10/05 03:29:46 | 000,036,608 | -H-- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/09/30 01:53:12 | 001,184,768 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/09/11 04:40:06 | 000,121,856 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2009/09/11 04:40:06 | 000,090,240 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2009/09/11 04:40:06 | 000,014,976 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2009/09/04 05:12:50 | 000,030,240 | -H-- | M] (Google Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2008/06/11 13:13:24 | 000,015,392 | -H-- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/05/28 19:54:20 | 000,022,072 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2008/04/28 08:26:42 | 000,014,352 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2007/04/17 22:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\J_D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\J_D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 19:14:33 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 18:49:07 | 000,000,000 | -H-D | M]

[2009/07/10 14:01:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Extensions

[2011/12/30 13:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions

[2011/07/16 17:58:21 | 000,000,000 | -H-D | M] (Flashblock) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2011/10/03 12:54:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/08/08 08:22:43 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2011/11/21 16:15:17 | 000,000,000 | -H-D | M] (BarTab) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\bartap@philikon.de

[2011/12/30 13:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/02 15:01:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2009/07/20 18:38:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2010/10/12 10:33:32 | 000,124,344 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 10:37:06 | 000,070,592 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 10:35:42 | 000,091,576 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010/10/12 10:34:56 | 000,022,464 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2010/07/16 23:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/10/12 12:16:54 | 000,484,768 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2010/10/12 10:37:02 | 000,024,000 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2011/03/16 12:14:58 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/03/16 12:14:58 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/03/16 12:14:58 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/03/16 12:14:58 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\J_D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\Shell\AutoRun\command - "" = WDSetup.exe

O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell - "" = AutoRun

O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE

O33 - MountPoints2\E\Shell\AutoRun\command - "" = WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 18:05:09 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/01/06 16:56:04 | 004,369,970 | R--- | C] (Swearware) -- C:\Users\J_D\Desktop\ComboFix.exe

[2012/01/06 16:51:18 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

[2012/01/06 12:29:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/01/06 12:29:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/01/06 12:29:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/01/06 12:29:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/06 12:29:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/06 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Malwarebytes

[2012/01/06 10:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/06 10:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/01/06 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/06 10:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/06 08:50:55 | 000,000,000 | ---D | C] -- C:\From_Desktop

[2012/01/06 08:50:00 | 000,000,000 | -H-D | C] -- C:\Job Applications CV etc. Joe

[2012/01/06 08:49:14 | 000,000,000 | -H-D | C] -- C:\Wedding

[2012/01/06 08:47:41 | 000,000,000 | R--D | C] -- C:\Photos

[2011/12/30 16:25:27 | 000,000,000 | -H-D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 19:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/06 19:31:55 | 157,300,940 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/01/06 16:54:28 | 000,000,512 | ---- | M] () -- C:\Users\J_D\Desktop\MBR.dat

[2012/01/06 16:53:28 | 000,001,356 | ---- | M] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

[2012/01/06 16:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

[2012/01/06 12:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\ComboFix.exe

[2012/01/06 10:52:57 | 000,000,932 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/01/06 10:52:57 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/06 10:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/06 07:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/06 07:51:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

[2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

[2011/12/30 17:00:39 | 000,000,631 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2011/12/30 16:25:27 | 000,000,607 | -H-- | M] () -- C:\Users\J_D\Desktop\System Check.lnk

[2011/12/30 16:25:20 | 000,000,344 | -H-- | M] () -- C:\ProgramData\PFVFibYKQESxet

[2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1

[2011/12/30 16:24:29 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmer's Notepad

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now 5

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/12/30 16:24:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (English)

[2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

[2011/12/30 16:24:28 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines GameZone

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2011/12/30 16:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011/12/30 16:24:27 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/12/30 16:24:27 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/12/30 16:24:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArgoUML

[2011/12/30 16:24:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery

[2011/12/30 13:34:45 | 000,601,392 | -H-- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/30 13:34:45 | 000,104,548 | -H-- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 16:54:28 | 000,000,512 | ---- | C] () -- C:\Users\J_D\Desktop\MBR.dat

[2012/01/06 12:29:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/06 12:29:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/06 12:29:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/06 12:29:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/06 12:29:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/06 10:52:57 | 000,000,932 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/01/06 10:52:57 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/30 17:00:39 | 000,000,631 | ---- | C] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2011/12/30 16:25:27 | 000,000,607 | -H-- | C] () -- C:\Users\J_D\Desktop\System Check.lnk

[2011/12/30 16:25:20 | 000,000,344 | -H-- | C] () -- C:\ProgramData\PFVFibYKQESxet

[2011/12/30 14:11:47 | 000,010,396 | -HS- | C] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

[2011/12/30 14:11:47 | 000,010,396 | -HS- | C] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva

[2010/06/10 13:18:28 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini

[2010/05/05 07:52:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2010/04/26 05:43:51 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010/04/26 05:43:51 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2010/03/09 02:53:06 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe

[2010/03/09 02:53:06 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini

[2009/12/17 06:14:17 | 000,228,648 | ---- | C] () -- C:\Windows\OptChecker.exe

[2009/11/27 13:32:35 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

[2009/11/27 13:28:19 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2009/11/20 04:16:29 | 000,000,642 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wklnhst.dat

[2009/11/13 17:58:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/10/06 11:49:18 | 000,008,704 | -H-- | C] () -- C:\Users\J_D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/24 20:30:01 | 000,001,356 | ---- | C] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

[2009/07/20 14:17:58 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe

[2009/07/20 14:10:48 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\InstallVCOM.exe

[2009/07/14 13:51:25 | 000,000,138 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wpstate.ini

[2009/07/10 14:04:55 | 000,011,854 | -H-- | C] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf

[2009/07/10 13:38:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/07/04 09:30:03 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2009/07/04 09:28:50 | 000,021,840 | -H-- | C] () -- C:\Windows\System32\SIntfNT.dll

[2009/07/04 09:28:50 | 000,017,212 | -H-- | C] () -- C:\Windows\System32\SIntf32.dll

[2009/07/04 09:28:50 | 000,012,067 | -H-- | C] () -- C:\Windows\System32\SIntf16.dll

[2009/06/08 00:31:24 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll

[2009/06/07 23:56:40 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll

[2008/10/24 21:24:22 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll

[2008/08/27 18:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2008/08/27 18:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2008/08/27 17:49:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/08/27 17:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2008/08/27 17:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/08/27 17:49:15 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2008/08/27 17:48:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/08/27 17:48:57 | 000,174,819 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/08/27 17:48:57 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/08/27 17:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/08/15 00:47:01 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/05/04 11:39:34 | 000,002,560 | -H-- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll

[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2007/10/25 11:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2006/12/13 10:03:14 | 000,074,240 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,445,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,601,392 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,104,548 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 05:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 18:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/03/09 04:09:02 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Arduino

[2009/11/24 17:17:11 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite

[2011/03/17 10:12:07 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Echo Software

[2009/12/01 11:14:50 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\GetRightToGo

[2009/09/05 20:07:44 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\gtk-2.0

[2011/10/14 10:39:14 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\ICAClient

[2010/06/10 13:21:26 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Image Zone Express

[2009/07/17 16:42:55 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\InterVideo

[2009/12/01 11:05:39 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Microchip

[2009/12/01 12:53:51 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\OpenOffice.org

[2010/04/26 06:37:43 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\PC Suite

[2010/01/05 09:34:31 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Printer Info Cache

[2010/06/16 16:52:41 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Samsung

[2011/12/29 19:21:30 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\SoftGrid Client

[2009/11/13 17:09:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Sparx Systems

[2011/12/29 17:37:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Spotify

[2009/11/20 04:16:37 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Template

[2011/04/14 04:20:18 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\TP

[2009/07/03 13:12:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data

[2009/09/24 17:07:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\AutomatedQA

[2009/07/03 14:08:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\CheckPoint

[2011/10/14 10:41:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\Citrix

[2009/11/24 17:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\DAEMON Tools Lite

[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2008/08/27 17:56:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\FloodLightGames

[2009/07/17 16:43:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\InterVideo

[2010/04/26 06:37:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\PC Suite

[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2011/08/05 15:22:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP

[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2011/07/22 04:29:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\VirtualizedApplications

[2009/08/25 14:41:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\WindowsSearch

[2012/01/06 07:51:16 | 000,032,630 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E00596C

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >

Broni · Jan 6, 2012

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O33 - MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell - "" = AutoRun
O33 - MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\E\Shell\AutoRun\command - "" = WDSetup.exe
[2011/12/30 16:25:27 | 000,000,000 | -H-D | C] -- C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva
[2012/01/06 05:30:53 | 000,010,396 | -HS- | M] () -- C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva
[2011/12/30 17:00:39 | 000,000,631 | ---- | M] () -- C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/30 16:25:27 | 000,000,607 | -H-- | M] () -- C:\Users\J_D\Desktop\System Check.lnk
[2011/12/30 16:25:20 | 000,000,344 | -H-- | M] () -- C:\ProgramData\PFVFibYKQESxet
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Delete your Combofix file, download fresh one and see if it'll run.

jcd106 · Jan 7, 2012

Here's the log from the OTL fix. I'm still getting BSOD when I boot to normal mode but safe mode is working. The BSOD's not up long enough for me to copy it down but there's no error code that I can see, just what appears to be memory addresses and a dump counter.

Retrying ComboFix with a fresh install from the other location now.

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eeadcaa-d942-11de-a93a-806e6f6e6963}\ not found.

File WDSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96096c5e-d945-11de-930e-001d72de6565}\ not found.

File F:\AUTORUN.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

File WDSetup.exe not found.

C:\Users\J_D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.

C:\Users\J_D\AppData\Local\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva moved successfully.

C:\ProgramData\ow8vc82amj73707jl0a24p8y066v3a138134k1f0b0pva moved successfully.

C:\Users\J_D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.

C:\Users\J_D\Desktop\System Check.lnk moved successfully.

C:\ProgramData\PFVFibYKQESxet moved successfully.

ADS C:\ProgramData\TEMP:9F683177 deleted successfully.

ADS C:\ProgramData\TEMP:9E00596C deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:C46995DA deleted successfully.

ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01072012_110557

Broni · Jan 7, 2012

Trying Combofix?

jcd106 · Jan 7, 2012

Still no joy with ComboFix. Tried a couple of downloads and with and without rKill. Left for a couple of hours, nothing.

Broni · Jan 7, 2012

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=============================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

jcd106 · Jan 7, 2012

TDSSkiller found 255 objects but 0 threats.

TDSS log:

23:39:41.0305 1108 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

23:39:43.0317 1108 ============================================================

23:39:43.0317 1108 Current date / time: 2012/01/07 23:39:43.0317

23:39:43.0317 1108 SystemInfo:

23:39:43.0317 1108

23:39:43.0317 1108 OS Version: 6.0.6001 ServicePack: 1.0

23:39:43.0317 1108 Product type: Workstation

23:39:43.0317 1108 ComputerName: JD

23:39:43.0317 1108 UserName: J_D

23:39:43.0317 1108 Windows directory: C:\Windows

23:39:43.0317 1108 System windows directory: C:\Windows

23:39:43.0317 1108 Processor architecture: Intel x86

23:39:43.0317 1108 Number of processors: 1

23:39:43.0317 1108 Page size: 0x1000

23:39:43.0317 1108 Boot type: Safe boot with network

23:39:43.0317 1108 ============================================================

23:39:44.0706 1108 Initialize success

23:40:04.0830 1548 ============================================================

23:40:04.0830 1548 Scan started

23:40:04.0830 1548 Mode: Manual;

23:40:04.0830 1548 ============================================================

23:40:05.0844 1548 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

23:40:05.0844 1548 ACPI - ok

23:40:06.0078 1548 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

23:40:06.0078 1548 adp94xx - ok

23:40:06.0296 1548 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

23:40:06.0312 1548 adpahci - ok

23:40:06.0499 1548 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

23:40:06.0514 1548 adpu160m - ok

23:40:06.0686 1548 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

23:40:06.0686 1548 adpu320 - ok

23:40:06.0951 1548 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

23:40:06.0967 1548 AFD - ok

23:40:07.0138 1548 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

23:40:07.0138 1548 agp440 - ok

23:40:07.0372 1548 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:40:07.0372 1548 aic78xx - ok

23:40:07.0528 1548 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

23:40:07.0528 1548 aliide - ok

23:40:07.0700 1548 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

23:40:07.0700 1548 amdagp - ok

23:40:07.0887 1548 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

23:40:07.0887 1548 amdide - ok

23:40:08.0090 1548 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

23:40:08.0106 1548 AmdK7 - ok

23:40:08.0277 1548 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

23:40:08.0277 1548 AmdK8 - ok

23:40:08.0496 1548 androidusb (93340c395a2b0470cdf7038c808d4881) C:\Windows\system32\Drivers\ssadadb.sys

23:40:08.0496 1548 androidusb - ok

23:40:08.0761 1548 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

23:40:08.0761 1548 arc - ok

23:40:08.0964 1548 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

23:40:08.0979 1548 arcsas - ok

23:40:09.0042 1548 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:40:09.0042 1548 AsyncMac - ok

23:40:09.0229 1548 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

23:40:09.0229 1548 atapi - ok

23:40:09.0478 1548 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys

23:40:09.0525 1548 athr - ok

23:40:09.0822 1548 atikmdag (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

23:40:09.0978 1548 atikmdag - ok

23:40:10.0134 1548 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

23:40:10.0134 1548 AtiPcie - ok

23:40:10.0368 1548 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:40:10.0368 1548 Beep - ok

23:40:10.0570 1548 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

23:40:10.0586 1548 blbdrive - ok

23:40:10.0773 1548 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

23:40:10.0773 1548 bowser - ok

23:40:10.0976 1548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:40:10.0976 1548 BrFiltLo - ok

23:40:11.0054 1548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:40:11.0054 1548 BrFiltUp - ok

23:40:11.0085 1548 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:40:11.0101 1548 Brserid - ok

23:40:11.0148 1548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:40:11.0163 1548 BrSerWdm - ok

23:40:11.0350 1548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:40:11.0350 1548 BrUsbMdm - ok

23:40:11.0522 1548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:40:11.0522 1548 BrUsbSer - ok

23:40:11.0740 1548 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:40:11.0740 1548 BTHMODEM - ok

23:40:11.0896 1548 catchme - ok

23:40:12.0037 1548 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:40:12.0037 1548 cdfs - ok

23:40:12.0146 1548 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

23:40:12.0146 1548 cdrom - ok

23:40:12.0318 1548 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

23:40:12.0318 1548 circlass - ok

23:40:12.0380 1548 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

23:40:12.0396 1548 CLFS - ok

23:40:12.0567 1548 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

23:40:12.0567 1548 CmBatt - ok

23:40:12.0708 1548 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

23:40:12.0708 1548 cmdide - ok

23:40:12.0770 1548 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

23:40:12.0770 1548 Compbatt - ok

23:40:12.0786 1548 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

23:40:12.0786 1548 crcdisk - ok

23:40:12.0832 1548 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

23:40:12.0848 1548 Crusoe - ok

23:40:13.0035 1548 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

23:40:13.0051 1548 ctxusbm - ok

23:40:13.0160 1548 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

23:40:13.0160 1548 DfsC - ok

23:40:13.0394 1548 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

23:40:13.0394 1548 disk - ok

23:40:13.0566 1548 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

23:40:13.0566 1548 DKbFltr - ok

23:40:13.0659 1548 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

23:40:13.0659 1548 Dot4 - ok

23:40:13.0815 1548 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:40:13.0815 1548 Dot4Print - ok

23:40:13.0878 1548 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

23:40:13.0893 1548 dot4usb - ok

23:40:14.0002 1548 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:40:14.0002 1548 drmkaud - ok

23:40:14.0127 1548 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

23:40:14.0174 1548 DXGKrnl - ok

23:40:14.0377 1548 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:40:14.0392 1548 E1G60 - ok

23:40:14.0595 1548 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

23:40:14.0611 1548 Ecache - ok

23:40:14.0782 1548 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

23:40:14.0829 1548 elxstor - ok

23:40:14.0985 1548 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

23:40:14.0985 1548 ErrDev - ok

23:40:15.0079 1548 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

23:40:15.0079 1548 exfat - ok

23:40:15.0266 1548 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

23:40:15.0266 1548 fastfat - ok

23:40:15.0422 1548 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

23:40:15.0422 1548 fdc - ok

23:40:15.0469 1548 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:40:15.0469 1548 FileInfo - ok

23:40:15.0516 1548 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:40:15.0516 1548 Filetrace - ok

23:40:15.0531 1548 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

23:40:15.0531 1548 flpydisk - ok

23:40:15.0578 1548 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

23:40:15.0594 1548 FltMgr - ok

23:40:15.0734 1548 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

23:40:15.0734 1548 FsUsbExDisk - ok

23:40:15.0812 1548 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:40:15.0812 1548 Fs_Rec - ok

23:40:16.0015 1548 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\Windows\system32\drivers\ftdibus.sys

23:40:16.0015 1548 FTDIBUS - ok

23:40:16.0218 1548 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\Windows\system32\drivers\ftser2k.sys

23:40:16.0233 1548 FTSER2K - ok

23:40:16.0405 1548 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

23:40:16.0436 1548 gagp30kx - ok

23:40:16.0608 1548 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:40:16.0623 1548 HdAudAddService - ok

23:40:16.0795 1548 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:40:16.0795 1548 HDAudBus - ok

23:40:16.0920 1548 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:40:16.0920 1548 HidBth - ok

23:40:16.0951 1548 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:40:16.0951 1548 HidIr - ok

23:40:17.0107 1548 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

23:40:17.0107 1548 HidUsb - ok

23:40:17.0185 1548 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

23:40:17.0185 1548 HpCISSs - ok

23:40:17.0263 1548 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys

23:40:17.0278 1548 HTTP - ok

23:40:17.0419 1548 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

23:40:17.0419 1548 i2omp - ok

23:40:17.0575 1548 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:40:17.0575 1548 i8042prt - ok

23:40:17.0637 1548 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

23:40:17.0637 1548 iaStorV - ok

23:40:17.0824 1548 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:40:17.0824 1548 iirsp - ok

23:40:17.0918 1548 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys

23:40:17.0918 1548 int15 - ok

23:40:18.0136 1548 IntcAzAudAddService (1fa4f33e68bb76041e213f170d17a406) C:\Windows\system32\drivers\RTKVHDA.sys

23:40:18.0214 1548 IntcAzAudAddService - ok

23:40:18.0339 1548 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

23:40:18.0339 1548 intelide - ok

23:40:18.0386 1548 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

23:40:18.0386 1548 intelppm - ok

23:40:18.0542 1548 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:40:18.0542 1548 IpFilterDriver - ok

23:40:18.0558 1548 IpInIp - ok

23:40:18.0604 1548 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

23:40:18.0620 1548 IPMIDRV - ok

23:40:18.0636 1548 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:40:18.0636 1548 IPNAT - ok

23:40:18.0807 1548 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:40:18.0807 1548 IRENUM - ok

23:40:18.0932 1548 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

23:40:18.0932 1548 isapnp - ok

23:40:18.0994 1548 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

23:40:18.0994 1548 iScsiPrt - ok

23:40:19.0010 1548 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:40:19.0010 1548 iteatapi - ok

23:40:19.0150 1548 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:40:19.0150 1548 iteraid - ok

23:40:19.0213 1548 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:40:19.0213 1548 kbdclass - ok

23:40:19.0431 1548 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

23:40:19.0431 1548 kbdhid - ok

23:40:19.0603 1548 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

23:40:19.0603 1548 KSecDD - ok

23:40:19.0759 1548 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:40:19.0759 1548 lltdio - ok

23:40:19.0852 1548 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

23:40:19.0852 1548 LSI_FC - ok

23:40:19.0962 1548 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

23:40:19.0962 1548 LSI_SAS - ok

23:40:20.0055 1548 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

23:40:20.0055 1548 LSI_SCSI - ok

23:40:20.0133 1548 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:40:20.0149 1548 luafv - ok

23:40:20.0211 1548 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

23:40:20.0211 1548 megasas - ok

23:40:20.0274 1548 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

23:40:20.0274 1548 MegaSR - ok

23:40:20.0461 1548 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:40:20.0461 1548 Modem - ok

23:40:20.0539 1548 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:40:20.0539 1548 monitor - ok

23:40:20.0586 1548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:40:20.0601 1548 mouclass - ok

23:40:20.0804 1548 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

23:40:20.0804 1548 mouhid - ok

23:40:20.0960 1548 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:40:20.0960 1548 MountMgr - ok

23:40:21.0007 1548 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

23:40:21.0038 1548 mpio - ok

23:40:21.0147 1548 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:40:21.0147 1548 mpsdrv - ok

23:40:21.0225 1548 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:40:21.0225 1548 Mraid35x - ok

23:40:21.0272 1548 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

23:40:21.0288 1548 MRxDAV - ok

23:40:21.0428 1548 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:40:21.0444 1548 mrxsmb - ok

23:40:21.0475 1548 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:40:21.0475 1548 mrxsmb10 - ok

23:40:21.0537 1548 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:40:21.0537 1548 mrxsmb20 - ok

23:40:21.0631 1548 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

23:40:21.0662 1548 msahci - ok

23:40:21.0709 1548 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

23:40:21.0756 1548 msdsm - ok

23:40:21.0896 1548 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:40:21.0896 1548 Msfs - ok

23:40:21.0974 1548 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:40:21.0974 1548 msisadrv - ok

23:40:22.0146 1548 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:40:22.0146 1548 MSKSSRV - ok

23:40:22.0208 1548 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:40:22.0208 1548 MSPCLOCK - ok

23:40:22.0395 1548 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:40:22.0395 1548 MSPQM - ok

23:40:22.0520 1548 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

23:40:22.0520 1548 MsRPC - ok

23:40:22.0598 1548 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:40:22.0598 1548 mssmbios - ok

23:40:22.0614 1548 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:40:22.0614 1548 MSTEE - ok

23:40:22.0676 1548 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

23:40:22.0676 1548 Mup - ok

23:40:22.0816 1548 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

23:40:22.0816 1548 NativeWifiP - ok

23:40:22.0894 1548 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

23:40:22.0941 1548 NDIS - ok

23:40:23.0097 1548 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:40:23.0097 1548 NdisTapi - ok

23:40:23.0113 1548 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:40:23.0128 1548 Ndisuio - ok

23:40:23.0175 1548 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

23:40:23.0191 1548 NdisWan - ok

23:40:23.0222 1548 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:40:23.0222 1548 NDProxy - ok

23:40:23.0409 1548 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:40:23.0425 1548 NetBIOS - ok

23:40:23.0487 1548 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

23:40:23.0503 1548 netbt - ok

23:40:23.0721 1548 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:40:23.0721 1548 nfrd960 - ok

23:40:23.0877 1548 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

23:40:23.0877 1548 Npfs - ok

23:40:23.0924 1548 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:40:23.0924 1548 nsiproxy - ok

23:40:24.0033 1548 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

23:40:24.0049 1548 Ntfs - ok

23:40:24.0189 1548 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

23:40:24.0189 1548 NTIDrvr - ok

23:40:24.0267 1548 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:40:24.0267 1548 ntrigdigi - ok

23:40:24.0314 1548 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:40:24.0314 1548 Null - ok

23:40:24.0345 1548 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

23:40:24.0345 1548 nvraid - ok

23:40:24.0532 1548 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

23:40:24.0532 1548 nvstor - ok

23:40:24.0688 1548 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

23:40:24.0704 1548 nv_agp - ok

23:40:24.0720 1548 NwlnkFlt - ok

23:40:24.0735 1548 NwlnkFwd - ok

23:40:24.0798 1548 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

23:40:24.0798 1548 ohci1394 - ok

23:40:25.0000 1548 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

23:40:25.0000 1548 Parport - ok

23:40:25.0063 1548 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

23:40:25.0063 1548 partmgr - ok

23:40:25.0203 1548 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

23:40:25.0203 1548 Parvdm - ok

23:40:25.0250 1548 pccsmcfd - ok

23:40:25.0328 1548 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

23:40:25.0328 1548 pci - ok

23:40:25.0500 1548 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

23:40:25.0500 1548 pciide - ok

23:40:25.0531 1548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

23:40:25.0546 1548 pcmcia - ok

23:40:25.0624 1548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:40:25.0671 1548 PEAUTH - ok

23:40:25.0905 1548 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:40:25.0905 1548 PptpMiniport - ok

23:40:25.0968 1548 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

23:40:25.0968 1548 Processor - ok

23:40:26.0061 1548 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

23:40:26.0077 1548 PSched - ok

23:40:26.0217 1548 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

23:40:26.0280 1548 ql2300 - ok

23:40:26.0389 1548 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:40:26.0420 1548 ql40xx - ok

23:40:26.0451 1548 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:40:26.0451 1548 QWAVEdrv - ok

23:40:26.0623 1548 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

23:40:26.0638 1548 R300 - ok

23:40:26.0748 1548 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:40:26.0748 1548 RasAcd - ok

23:40:26.0826 1548 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:40:26.0826 1548 Rasl2tp - ok

23:40:26.0872 1548 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

23:40:26.0872 1548 RasPppoe - ok

23:40:26.0904 1548 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

23:40:26.0904 1548 RasSstp - ok

23:40:26.0966 1548 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

23:40:26.0966 1548 rdbss - ok

23:40:27.0153 1548 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:40:27.0153 1548 RDPCDD - ok

23:40:27.0262 1548 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

23:40:27.0262 1548 rdpdr - ok

23:40:27.0309 1548 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:40:27.0325 1548 RDPENCDD - ok

23:40:27.0356 1548 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

23:40:27.0356 1548 RDPWD - ok

23:40:27.0434 1548 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

23:40:27.0434 1548 regi - ok

23:40:27.0684 1548 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:40:27.0684 1548 rspndr - ok

23:40:27.0918 1548 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

23:40:27.0918 1548 RTL8169 - ok

23:40:28.0058 1548 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:40:28.0058 1548 sbp2port - ok

23:40:28.0136 1548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:40:28.0136 1548 secdrv - ok

23:40:28.0214 1548 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

23:40:28.0214 1548 Serenum - ok

23:40:28.0354 1548 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

23:40:28.0354 1548 Serial - ok

23:40:28.0417 1548 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:40:28.0417 1548 sermouse - ok

23:40:28.0573 1548 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

23:40:28.0573 1548 sffdisk - ok

23:40:28.0620 1548 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

23:40:28.0620 1548 sffp_mmc - ok

23:40:28.0651 1548 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

23:40:28.0651 1548 sffp_sd - ok

23:40:28.0666 1548 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:40:28.0666 1548 sfloppy - ok

23:40:28.0869 1548 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\Windows\system32\DRIVERS\Sftfslh.sys

23:40:28.0869 1548 Sftfs - ok

23:40:28.0900 1548 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\Windows\system32\DRIVERS\Sftplaylh.sys

23:40:28.0932 1548 Sftplay - ok

23:40:28.0963 1548 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\Windows\system32\DRIVERS\Sftredirlh.sys

23:40:28.0963 1548 Sftredir - ok

23:40:29.0103 1548 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\Windows\system32\DRIVERS\Sftvollh.sys

23:40:29.0103 1548 Sftvol - ok

23:40:29.0181 1548 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

23:40:29.0181 1548 sisagp - ok

23:40:29.0353 1548 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

23:40:29.0353 1548 SiSRaid2 - ok

23:40:29.0462 1548 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

23:40:29.0462 1548 SiSRaid4 - ok

23:40:29.0524 1548 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

23:40:29.0524 1548 Smb - ok

23:40:29.0571 1548 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:40:29.0571 1548 spldr - ok

23:40:29.0790 1548 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

23:40:29.0836 1548 sptd - ok

23:40:29.0992 1548 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys

23:40:29.0992 1548 srv - ok

23:40:30.0070 1548 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys

23:40:30.0070 1548 srv2 - ok

23:40:30.0226 1548 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys

23:40:30.0242 1548 srvnet - ok

23:40:30.0336 1548 ssadbus (0b565af603eea1df046ff980ac54ec6d) C:\Windows\system32\DRIVERS\ssadbus.sys

23:40:30.0351 1548 ssadbus - ok

23:40:30.0492 1548 ssadmdfl (080766dfc1cc8d36c28b4003673c8cb0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

23:40:30.0492 1548 ssadmdfl - ok

23:40:30.0648 1548 ssadmdm (e83b435413580a8707ed8070072c0da2) C:\Windows\system32\DRIVERS\ssadmdm.sys

23:40:30.0663 1548 ssadmdm - ok

23:40:30.0741 1548 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:40:30.0741 1548 swenum - ok

23:40:30.0913 1548 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:40:30.0913 1548 Symc8xx - ok

23:40:31.0084 1548 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:40:31.0084 1548 Sym_hi - ok

23:40:31.0147 1548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:40:31.0147 1548 Sym_u3 - ok

23:40:31.0272 1548 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys

23:40:31.0272 1548 SynTP - ok

23:40:31.0428 1548 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys

23:40:31.0474 1548 Tcpip - ok

23:40:31.0662 1548 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys

23:40:31.0662 1548 Tcpip6 - ok

23:40:31.0818 1548 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

23:40:31.0818 1548 tcpipreg - ok

23:40:31.0880 1548 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:40:31.0880 1548 TDPIPE - ok

23:40:31.0896 1548 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:40:31.0896 1548 TDTCP - ok

23:40:31.0958 1548 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

23:40:31.0958 1548 tdx - ok

23:40:32.0005 1548 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

23:40:32.0005 1548 TermDD - ok

23:40:32.0208 1548 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:40:32.0208 1548 tssecsrv - ok

23:40:32.0348 1548 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:40:32.0348 1548 tunmp - ok

23:40:32.0457 1548 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

23:40:32.0457 1548 tunnel - ok

23:40:32.0582 1548 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

23:40:32.0582 1548 uagp35 - ok

23:40:32.0644 1548 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

23:40:32.0644 1548 udfs - ok

23:40:32.0707 1548 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

23:40:32.0722 1548 uliagpkx - ok

23:40:32.0769 1548 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

23:40:32.0785 1548 uliahci - ok

23:40:32.0925 1548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:40:32.0925 1548 UlSata - ok

23:40:32.0956 1548 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:40:32.0956 1548 ulsata2 - ok

23:40:33.0019 1548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:40:33.0019 1548 umbus - ok

23:40:33.0066 1548 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

23:40:33.0081 1548 usbccgp - ok

23:40:33.0097 1548 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:40:33.0097 1548 usbcir - ok

23:40:33.0237 1548 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

23:40:33.0237 1548 usbehci - ok

23:40:33.0487 1548 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys

23:40:33.0487 1548 usbfilter - ok

23:40:33.0643 1548 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

23:40:33.0658 1548 usbhub - ok

23:40:33.0690 1548 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

23:40:33.0690 1548 usbohci - ok

23:40:33.0799 1548 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:40:33.0799 1548 usbprint - ok

23:40:33.0908 1548 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

23:40:33.0908 1548 usbscan - ok

23:40:33.0986 1548 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:40:33.0986 1548 USBSTOR - ok

23:40:34.0002 1548 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

23:40:34.0033 1548 usbuhci - ok

23:40:34.0064 1548 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

23:40:34.0064 1548 usbvideo - ok

23:40:34.0314 1548 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

23:40:34.0314 1548 vga - ok

23:40:34.0501 1548 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:40:34.0501 1548 VgaSave - ok

23:40:34.0548 1548 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

23:40:34.0548 1548 viaagp - ok

23:40:34.0579 1548 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

23:40:34.0579 1548 ViaC7 - ok

23:40:34.0594 1548 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

23:40:34.0594 1548 viaide - ok

23:40:34.0641 1548 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:40:34.0657 1548 volmgr - ok

23:40:34.0797 1548 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

23:40:34.0797 1548 volmgrx - ok

23:40:34.0953 1548 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

23:40:34.0953 1548 volsnap - ok

23:40:35.0062 1548 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys

23:40:35.0094 1548 Vsdatant - ok

23:40:35.0187 1548 vsdatant7 - ok

23:40:35.0265 1548 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

23:40:35.0265 1548 vsmraid - ok

23:40:35.0328 1548 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:40:35.0343 1548 WacomPen - ok

23:40:35.0374 1548 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:40:35.0374 1548 Wanarp - ok

23:40:35.0421 1548 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:40:35.0421 1548 Wanarpv6 - ok

23:40:35.0452 1548 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

23:40:35.0452 1548 Wd - ok

23:40:35.0515 1548 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:40:35.0530 1548 Wdf01000 - ok

23:40:35.0749 1548 WisINT15 - ok

23:40:35.0874 1548 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

23:40:35.0874 1548 WmiAcpi - ok

23:40:36.0030 1548 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

23:40:36.0045 1548 WpdUsb - ok

23:40:36.0154 1548 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:40:36.0154 1548 ws2ifsl - ok

23:40:36.0295 1548 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:40:36.0310 1548 WUDFRd - ok

23:40:36.0451 1548 yukonwlh (76213f365d474b98cebe61973ef92517) C:\Windows\system32\DRIVERS\yk60x86.sys

23:40:36.0466 1548 yukonwlh - ok

23:40:36.0529 1548 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0

23:40:37.0683 1548 \Device\Harddisk0\DR0 - ok

23:40:37.0683 1548 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

23:40:37.0777 1548 \Device\Harddisk1\DR1 - ok

23:40:37.0808 1548 Boot (0x1200) (9cf94513bd9012680ea8ab21e5e7298e) \Device\Harddisk0\DR0\Partition0

23:40:37.0824 1548 \Device\Harddisk0\DR0\Partition0 - ok

23:40:37.0824 1548 Boot (0x1200) (e43b676372b92dcca58027129a18242f) \Device\Harddisk1\DR1\Partition0

23:40:37.0824 1548 \Device\Harddisk1\DR1\Partition0 - ok

23:40:37.0839 1548 ============================================================

23:40:37.0839 1548 Scan finished

23:40:37.0839 1548 ============================================================

23:40:37.0855 1480 Detected object count: 0

23:40:37.0855 1480 Actual detected object count: 0

jcd106 · Jan 7, 2012

Bootkit remover log:

Bootkit Remover

(c) 2009 Esage Lab

www.esagelab.com

Program version: 1.2.0.1

OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600

1), 32-bit

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000

Boot sector MD5 is: c3f4814ee2c87f8f4fc3acd72454a04d

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.

To inspect the boot code manually, dump the master boot sector:

remover.exe dump <device_name> [output_file]

To disinfect the master boot sector, use the following command:

remover.exe fix <device_name>

Done;

Press any key to quit...

Broni · Jan 7, 2012

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jcd106 · Jan 8, 2012

Situtation seems to be the same as before, BSOD on booting to normal mode and all my files are hidden. I've not been able to check if I'm still getting page redirects as firefox just times out instead.

Here's the OTL log files:

OTL logfile created on: 08/01/2012 12:20:01 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\J_D\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 85.24% Memory free

5.70 Gb Paging File | 5.47 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 36.94 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.16% Space Free | Partition Type: FAT32

Computer Name: JD | User Name: J_D | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/24 20:17:36 | 008,794,464 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/01/30 01:41:12 | 004,254,560 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 15:01:58 | 000,066,112 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/03/25 09:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/02 21:23:52 | 000,209,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/12/02 21:23:46 | 000,483,688 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2008/06/11 18:18:30 | 000,024,576 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2007/01/05 02:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/07/14 11:51:56 | 000,065,584 | -H-- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2010/05/15 15:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2010/03/09 00:18:14 | 000,061,067 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2010/03/09 00:18:14 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2009/12/02 21:23:52 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2009/12/02 21:23:50 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/12/02 21:23:48 | 000,195,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2009/12/02 21:23:46 | 000,550,760 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009/11/24 22:02:57 | 000,691,696 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/10/05 08:29:46 | 000,036,608 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/09/30 06:53:12 | 001,184,768 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/09/11 09:40:06 | 000,121,856 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2009/09/11 09:40:06 | 000,090,240 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2009/09/11 09:40:06 | 000,014,976 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2009/09/04 10:12:50 | 000,030,240 | -H-- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2008/06/11 18:13:24 | 000,015,392 | -H-- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/05/29 00:54:20 | 000,022,072 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2008/04/28 13:26:42 | 000,014,352 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2007/04/18 03:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=d620

IE - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 00:14:33 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 23:49:07 | 000,000,000 | -H-D | M]

[2009/07/10 19:01:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Extensions

[2011/12/30 18:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions

[2011/07/16 22:58:21 | 000,000,000 | -H-D | M] (Flashblock) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2011/10/03 17:54:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/08/08 13:22:43 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2011/11/21 21:15:17 | 000,000,000 | -H-D | M] (BarTab) -- C:\Users\J_D\AppData\Roaming\Mozilla\Firefox\Profiles\6e54mba6.default\extensions\bartap@philikon.de

[2011/12/30 18:40:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/02 20:01:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2009/07/20 23:38:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2010/10/12 15:33:32 | 000,124,344 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 15:37:06 | 000,070,592 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 15:35:42 | 000,091,576 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010/10/12 15:34:56 | 000,022,464 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2010/07/17 04:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/10/12 17:16:54 | 000,484,768 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2010/10/12 15:37:02 | 000,024,000 | -H-- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2011/03/16 17:14:58 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/03/16 17:14:58 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/03/16 17:14:58 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/03/16 17:14:58 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31ACEB1F-49A9-4F9A-9E49-A5190977EE7A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9320EF47-532A-4291-998C-C147787C40C9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9832C338-BCF0-44BA-B579-0F4693C7A223}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\J_D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\J_D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 12:09:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

[2012/01/07 23:44:18 | 000,000,000 | ---D | C] -- C:\Users\J_D\Desktop\bootkit_remover

[2012/01/07 23:39:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

[2012/01/07 16:05:57 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/01/07 14:38:47 | 000,000,000 | --SD | C] -- C:\Joe

[2012/01/07 13:07:27 | 004,369,970 | R--- | C] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

[2012/01/06 21:51:18 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

[2012/01/06 17:29:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/01/06 17:29:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/01/06 17:29:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/01/06 17:29:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/06 17:29:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/06 16:56:02 | 000,000,000 | ---D | C] -- C:\Users\J_D\AV

[2012/01/06 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\J_D\AppData\Roaming\Malwarebytes

[2012/01/06 15:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/06 15:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/01/06 15:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/06 15:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/06 13:50:55 | 000,000,000 | ---D | C] -- C:\From_Desktop

[2012/01/06 13:50:00 | 000,000,000 | -H-D | C] -- C:\Job Applications CV etc. Joe

[2012/01/06 13:49:14 | 000,000,000 | -H-D | C] -- C:\Wedding

[2012/01/06 13:47:41 | 000,000,000 | R--D | C] -- C:\Photos

[3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 12:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/08 12:07:22 | 153,938,124 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

[2012/01/06 21:54:28 | 000,000,512 | ---- | M] () -- C:\Users\J_D\Desktop\MBR.dat

[2012/01/06 21:53:28 | 000,001,356 | ---- | M] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

[2012/01/06 21:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

[2012/01/06 17:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

[2012/01/06 15:52:57 | 000,000,932 | ---- | M] () -- C:\Users\J_D\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/01/06 12:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/06 12:51:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/30 18:34:45 | 000,601,392 | -H-- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/30 18:34:45 | 000,104,548 | -H-- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[3 C:\Users\J_D\Documents\*.tmp files -> C:\Users\J_D\Documents\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 21:54:28 | 000,000,512 | ---- | C] () -- C:\Users\J_D\Desktop\MBR.dat

[2012/01/06 17:29:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/06 17:29:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/06 17:29:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/06 17:29:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/06 17:29:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/06 15:52:57 | 000,000,932 | ---- | C] () -- C:\Users\J_D\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2010/06/10 18:18:28 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini

[2010/05/05 12:52:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2010/04/26 10:43:51 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010/04/26 10:43:51 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2010/03/09 07:53:06 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe

[2010/03/09 07:53:06 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini

[2009/12/17 11:14:17 | 000,228,648 | ---- | C] () -- C:\Windows\OptChecker.exe

[2009/11/27 18:32:35 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

[2009/11/27 18:28:19 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2009/11/20 09:16:29 | 000,000,642 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wklnhst.dat

[2009/11/13 22:58:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/10/06 16:49:18 | 000,008,704 | -H-- | C] () -- C:\Users\J_D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/25 01:30:01 | 000,001,356 | ---- | C] () -- C:\Users\J_D\AppData\Local\d3d9caps.dat

[2009/07/20 19:17:58 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe

[2009/07/20 19:10:48 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\InstallVCOM.exe

[2009/07/14 18:51:25 | 000,000,138 | -H-- | C] () -- C:\Users\J_D\AppData\Roaming\wpstate.ini

[2009/07/10 19:04:55 | 000,011,854 | -H-- | C] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf

[2009/07/10 18:38:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/07/04 14:30:03 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2009/07/04 14:28:50 | 000,021,840 | -H-- | C] () -- C:\Windows\System32\SIntfNT.dll

[2009/07/04 14:28:50 | 000,017,212 | -H-- | C] () -- C:\Windows\System32\SIntf32.dll

[2009/07/04 14:28:50 | 000,012,067 | -H-- | C] () -- C:\Windows\System32\SIntf16.dll

[2009/06/08 05:31:24 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll

[2009/06/08 04:56:40 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll

[2008/10/25 02:24:22 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll

[2008/08/27 23:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2008/08/27 23:14:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2008/08/27 22:49:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/08/27 22:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2008/08/27 22:49:15 | 000,000,520 | -H-- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/08/27 22:49:15 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2008/08/27 22:48:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/08/27 22:48:57 | 000,174,819 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/08/27 22:48:57 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/08/27 22:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/08/15 05:47:01 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/05/04 16:39:34 | 000,002,560 | -H-- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll

[2008/01/21 02:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2007/10/25 16:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2006/12/13 15:03:14 | 000,074,240 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll

[2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 12:44:53 | 000,445,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 10:33:01 | 000,601,392 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 10:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 10:33:01 | 000,104,548 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 10:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 10:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 08:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 07:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 07:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 23:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 06:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 23:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 05:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/03/09 09:09:02 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Arduino

[2009/11/24 22:17:11 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\DAEMON Tools Lite

[2011/03/17 15:12:07 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Echo Software

[2009/12/01 16:14:50 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\GetRightToGo

[2009/09/06 01:07:44 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\gtk-2.0

[2011/10/14 15:39:14 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\ICAClient

[2010/06/10 18:21:26 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Image Zone Express

[2009/07/17 21:42:55 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\InterVideo

[2009/12/01 16:05:39 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Microchip

[2009/12/01 17:53:51 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\OpenOffice.org

[2010/04/26 11:37:43 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\PC Suite

[2010/01/05 14:34:31 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Printer Info Cache

[2010/06/16 21:52:41 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Samsung

[2011/12/30 00:21:30 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\SoftGrid Client

[2009/11/13 22:09:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Sparx Systems

[2011/12/29 22:37:24 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Spotify

[2009/11/20 09:16:37 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\Template

[2011/04/14 09:20:18 | 000,000,000 | -H-D | M] -- C:\Users\J_D\AppData\Roaming\TP

[2012/01/06 12:51:16 | 000,032,630 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.*

>

[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2008/01/21 02:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2008/08/27 22:52:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/01/04 23:46:51 | 000,003,215 | ---- | M] () -- C:\error.log

[2009/12/01 14:54:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/07/10 19:43:06 | 000,000,800 | ---- | M] () -- C:\MPUsbSIn.log

[2009/12/01 14:54:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/01/07 05:55:13 | 000,073,372 | ---- | M] () -- C:\OTL.Txt

[2012/01/08 12:07:22 | 3264,606,208 | -HS- | M] () -- C:\pagefile.sys

[2008/08/27 22:50:14 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

[2012/01/07 14:38:24 | 000,000,368 | ---- | M] () -- C:\rkill.log

[2012/01/06 17:09:20 | 000,074,782 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_17.01.12_log.txt

[2012/01/07 23:41:48 | 000,074,264 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_07.01.2012_23.39.41_log.txt

[2008/10/25 02:29:04 | 000,386,466 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com

>

[2006/11/02 12:35:34 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 12:35:34 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 12:35:34 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 12:35:34 | 000,030,808 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll

>

< %systemroot%\Fonts\*.ini

>

[2006/09/18 21:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2

>

< %systemroot%\Fonts\*.exe

>

< %systemroot%\system32\spool\prtprocs\w32x86\*.*

>

[2007/02/02 11:26:36 | 000,273,920 | -H-- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll

[2008/01/21 02:32:37 | 000,089,600 | -H-- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/10/27 02:56:12 | 000,033,104 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1

>

< %systemroot%\REPAIR\*.ini

>

< %systemroot%\system32\*.jpg

>

< %systemroot%\*.jpg

>

< %systemroot%\*.png

>

< %systemroot%\*.scr

>

< %systemroot%\*._sy

>

< %APPDATA%\Adobe\Update\*.*

>

< %ALLUSERSPROFILE%\Favorites\*.*

>

< %APPDATA%\Microsoft\*.*

>

< %PROGRAMFILES%\*.*

>

[2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2004/01/12 07:45:28 | 000,011,854 | -H-- | M] () -- C:\Program Files\MPLAB_LicenseAgreement.rtf

< %APPDATA%\Update\*.*

>

< %systemroot%\*. /mp /s

>

< %systemroot%\System32\config\*.sav

>

[2008/01/21 03:31:11 | 015,716,352 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 03:31:01 | 000,102,400 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 03:31:12 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 10:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 10:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s

>

< %systemroot%\system32\bak. /s

>

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x

>

< %systemroot%\system32\config\systemprofile\*.dat /x

>

< %systemroot%\*.config

>

< %systemroot%\system32\*.db

>

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x

>

< %USERPROFILE%\Desktop\*.exe

>

[2012/01/06 21:48:18 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\J_D\Desktop\aswMBR.exe

[2011/05/07 17:51:05 | 772,116,456 | -H-- | M] () -- C:\Users\J_D\Desktop\AutoCADLT_2012_English_Win_32bit.exe

[2011/10/14 15:42:53 | 014,108,096 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\J_D\Desktop\CitrixOnlinePluginWeb.exe

[2011/08/05 16:53:04 | 005,496,112 | -H-- | M] (Macrovision Corporation) -- C:\Users\J_D\Desktop\filerecovery-demo.exe

[2012/01/06 17:26:50 | 004,369,970 | R--- | M] (Swearware) -- C:\Users\J_D\Desktop\Joe.exe

[2012/01/08 12:04:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\J_D\Desktop\OTL.exe

[2011/09/30 08:01:06 | 006,284,664 | -H-- | M] (Microsoft Corporation) -- C:\Users\J_D\Desktop\Silverlight.exe

[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J_D\Desktop\TDSSKiller.exe

[2010/03/19 19:05:37 | 018,499,623 | -H-- | M] () -- C:\Users\J_D\Desktop\vlc-1.0.5-win32.exe

[2010/03/19 18:59:45 | 001,364,522 | -H-- | M] () -- C:\Users\J_D\Desktop\wrar393.exe

[2011/11/24 20:23:16 | 005,062,120 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Users\J_D\Desktop\zaSetupWeb_101_065_000.exe

< %PROGRAMFILES%\Common Files\*.*

>

< %systemroot%\*.src

>

< %systemroot%\install\*.*

>

< %systemroot%\system32\DLL\*.*

>

< %systemroot%\system32\HelpFiles\*.*

>

< %systemroot%\system32\rundll\*.*

>

< %systemroot%\winn32\*.*

>

< %systemroot%\Java\*.*

>

< %systemroot%\system32\test\*.*

>

< %systemroot%\system32\Rundll32\*.*

>

< %systemroot%\AppPatch\Custom\*.*

>

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x

>

< %PROGRAMFILES%\PC-Doctor\Downloads\*.*

>

< %PROGRAMFILES%\Internet Explorer\*.tmp

>

< %PROGRAMFILES%\Internet Explorer\*.dat

>

< %USERPROFILE%\My Documents\*.exe

>

< %USERPROFILE%\*.exe

>

< %systemroot%\ADDINS\*.*

>

< %systemroot%\assembly\*.bak2

>

< %systemroot%\Config\*.*

>

< %systemroot%\REPAIR\*.bak2

>

< %systemroot%\SECURITY\Database\*.sdb /x

>

[2009/07/03 19:49:05 | 000,008,192 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.chk

[2009/07/03 19:48:35 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.log

[2008/10/25 02:16:03 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs

[2008/10/25 02:16:03 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

[2009/07/03 19:48:35 | 001,056,768 | -H-- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2

>

< %systemroot%\Web\*.bak2

>

< %systemroot%\Driver Cache\*.*

>

< %PROGRAMFILES%\Mozilla Firefox\0*.exe

>

< %ProgramFiles%\Microsoft Common\*.*

>

< %ProgramFiles%\TinyProxy.

>

< %USERPROFILE%\Favorites\*.url /x

>

[2009/07/10 18:59:29 | 000,000,402 | -HS- | M] () -- C:\Users\J_D\Favorites\desktop.ini

< %systemroot%\system32\*.bk

>

< %systemroot%\*.te

>

< %systemroot%\system32\system32\*.*

>

< %ALLUSERSPROFILE%\*.dat /x

>

[2011/09/02 18:23:37 | 000,007,406 | -H-- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv

>

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c

>

< dir /b "%systemroot%\*.exe" | find /i " " /c

>

< %PROGRAMFILES%\Microsoft\*.*

>

< %systemroot%\System32\Wbem\proquota.exe

>

< %PROGRAMFILES%\Mozilla Firefox\*.dat

>

< %USERPROFILE%\Cookies\*.txt /x

>

< %SystemRoot%\system32\fonts\*.*

>

< %systemroot%\system32\winlog\*.*

>

< %systemroot%\system32\Language\*.*

>

< %systemroot%\system32\Settings\*.*

>

< %systemroot%\system32\*.quo

>

< %SYSTEMROOT%\AppPatch\*.exe

>

< %SYSTEMROOT%\inf\*.exe

>

< %SYSTEMROOT%\Installer\*.exe

>

< %systemroot%\system32\config\*.bak2

>

< %systemroot%\system32\Computers\*.*

>

< %SystemRoot%\system32\Sound\*.*

>

< %SystemRoot%\system32\SpecialImg\*.*

>

< %SystemRoot%\system32\code\*.*

>

< %SystemRoot%\system32\draft\*.*

>

< %SystemRoot%\system32\MSSSys\*.*

>

< %ProgramFiles%\Javascript\*.*

>

< %systemroot%\pchealth\helpctr\System\*.exe /s

>

< %systemroot%\Web\*.exe

>

< %systemroot%\system32\msn\*.*

>

< %systemroot%\system32\*.tro

>

< %AppData%\Microsoft\Installer\msupdates\*.*

>

< %ProgramFiles%\Messenger\*.*

>

< %systemroot%\system32\systhem32\*.*

>

< %systemroot%\system\*.exe

>

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

>

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results >

< \Install|LastSuccessTime /rs

>

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB33710$] -> -> Unknown point type

< End of report >

jcd106 · Jan 8, 2012

Extras log:

OTL Extras logfile created on: 08/01/2012 12:20:01 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\J_D\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 85.24% Memory free

5.70 Gb Paging File | 5.47 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 36.94 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 3.58 Gb Free Space | 96.16% Space Free | Partition Type: FAT32

Computer Name: JD | User Name: J_D | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-984758997-1744220493-4182726412-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 1

"FirewallOverride" = 1

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1C849011-8A72-492E-B667-ED20EF6C58F1}" = rport=138 | protocol=17 | dir=out | app=system |

"{2FB1A3B9-2327-48B9-BBD5-13F569D5E51B}" = lport=137 | protocol=17 | dir=in | app=system |

"{3B159919-203B-4ED1-ADF6-23D58C8ECF75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{401FAE4B-AD9A-4DF7-B33B-509093471E85}" = rport=139 | protocol=6 | dir=out | app=system |

"{5662E499-833B-49AA-A581-0C49438293B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{99D5CA75-2884-4C31-A7D6-91D7C33D3BD6}" = lport=139 | protocol=6 | dir=in | app=system |

"{A10E5FB6-43E4-4E6C-A819-9E827F5959F7}" = rport=137 | protocol=17 | dir=out | app=system |

"{C01820F1-D7BD-4EFD-88AC-3F09305F5D87}" = rport=445 | protocol=6 | dir=out | app=system |

"{C690997F-1A55-476D-B66A-E2ECE1EF4A58}" = lport=138 | protocol=17 | dir=in | app=system |

"{C7E96352-B194-40A2-9FA2-68F6D7FAF547}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D3A3FCE0-8AEE-4182-B26D-D94FB17A46CB}" = lport=445 | protocol=6 | dir=in | app=system |

"{F0DCC09A-526A-400D-9CE5-BA1F5548B05B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{084AA9B9-9A8A-45F3-8A93-0A5069E950AA}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"{172F9ECB-8E6C-40AB-B685-1498EEB88EDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{17B898DD-5C65-41F9-B9A6-9E3770546C56}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{24321A40-BCB4-428B-9AB1-15B14102517A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{3375F9DF-0F3A-40D0-979A-4A9E7D7DF06E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{3A83480F-0355-49F3-A4BE-A72F9FC28281}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{3EFB3A29-B8BB-47E1-AF90-9C8316BD9576}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{46B546B0-F205-4A41-BA05-7E87F04F71BB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |

"{4917C79B-EEA7-4F3F-ACA0-5F7BF9914370}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{4E6758A7-74BF-479F-A995-DD779A3CCB69}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{5071F9A0-9ABB-4AC6-A377-C384D4A32BDB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |

"{58FE3334-7323-472E-ADC8-D2FC0DD9A133}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"{60533F90-DB5C-4C2A-8B49-C1E6239E5C60}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{6AB12C0F-7296-4904-82A8-F7DBB734FE06}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{7188F786-A146-4EC9-A871-9632C57A1E73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{77023E52-02D7-4C20-A98C-E48FD358846A}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |

"{7C6347EC-E4E4-4A70-B81A-14C630C7ED38}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7FA6F1F3-CAD9-4D53-9BB5-6D68BC5CDFC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{948EB7ED-60C2-4F4F-8FC7-E15E70386E34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{A0B930BB-F97C-4456-A4B1-768F4B837F59}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{BB0280C6-823D-48A2-89A3-EC9F94546F8E}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |

"{C1DAA8F0-48F6-4107-9D38-27953ED7E840}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{C59547BF-866D-4A20-B320-17D04EE29D9C}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{D39D88F0-AED9-4E2C-869F-04332B5E63E7}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |

"{E18F62AB-7439-4691-8DFC-EE6A7B99AA4F}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"{EB4041C0-53EB-40EF-8307-D4E42E9F0BB2}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |

"{EE80248D-B542-48ED-8B4F-D3ADC35F5568}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"{F27A2A26-6000-4288-8A14-DFE7692CD450}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F5F0C960-F868-49F6-A00B-4D9F3A33A40D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F836D45C-2CC3-4E91-AC94-941DDAFB157D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese

"{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver

"{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy

"{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional

"{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21

"{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian

"{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing

"{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New

"{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static

"{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian

"{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish

"{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish

"{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German

"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista

"{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean

"{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai

"{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish

"{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2

"{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch

"{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian

"{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard

"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver

"{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins

"{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish

"{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese

"{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian

"{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English

"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian

"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter

"{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard

"{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English

"{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean

"{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian

"{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish

"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = Active@ File Recovery

"{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager

"{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek

"{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation

"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai

"{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German

"{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish

"{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Aspell" = Aspell Data

"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

"FTDICOMM" = FTDI USB Serial Converter Drivers

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software

"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software

"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software

"Spotify" = Spotify

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Total Annihilation" = Total Annihilation

"VISPROR" = Microsoft Office Visio Professional 2007 Trial

"VLC media player" = VLC media player 1.0.5

"WinRAR archiver" = WinRAR archiver

"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 04/12/2011 15:54:27 | Computer Name = jd | Source = Windows Search Service | ID = 3083

Description =

Error - 04/12/2011 18:01:47 | Computer Name = jd | Source = Application Error | ID = 1000

Description = Faulting application AUDIODG.EXE, version 6.0.6001.18000, time stamp

0x47919284, faulting module RtkAPO.dll, version 11.0.6000.69, time stamp 0x486c73e5,

exception code 0xc0000005, fault offset 0x00185df5, process id 0x4dc, application

start time 0x01ccb11a50b5cb9a.

Error - 04/12/2011 18:22:29 | Computer Name = jd | Source = WinMgmt | ID = 10

Description =

Error - 05/12/2011 15:36:31 | Computer Name = jd | Source = WinMgmt | ID = 10

Description =

Error - 05/12/2011 17:50:06 | Computer Name = jd | Source = Windows Search Service | ID = 3083

Description =

Error - 07/12/2011 17:22:58 | Computer Name = jd | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 09/12/2011 07:21:45 | Computer Name = jd | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 11/12/2011 08:56:14 | Computer Name = jd | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 11/12/2011 10:47:37 | Computer Name = jd | Source = Windows Search Service | ID = 3083

Description =

Error - 11/12/2011 11:11:36 | Computer Name = jd | Source = Windows Search Service | ID = 3083

Description =

[ System Events ]

Error - 08/01/2012 08:07:45 | Computer Name = jd | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:06:26 on 08/01/2012 was unexpected.

Error - 08/01/2012 08:07:52 | Computer Name = jd | Source = Microsoft-Windows-Eventlog | ID = 22

Description =

Error - 08/01/2012 08:08:37 | Computer Name = jd | Source = DCOM | ID = 10005

Description =

Error - 08/01/2012 08:08:44 | Computer Name = jd | Source = DCOM | ID = 10005

Description =

Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7001

Description =

Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7003

Description =

Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7003

Description =

Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7001

Description =

Error - 08/01/2012 08:08:58 | Computer Name = jd | Source = Service Control Manager | ID = 7026

Description =

Error - 08/01/2012 08:09:06 | Computer Name = jd | Source = DCOM | ID = 10005

Description =

< End of report >

Broni · Jan 8, 2012

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

jcd106 · Jan 8, 2012

UnHide worked, all my files are visible again and start menu is repopulated.

The BSOD log is pretty long so I'll put it in the next reply. Very cool program that.

jcd106 · Jan 8, 2012

==================================================

Dump File : Mini010812-03.dmp

Crash Time : 08/01/2012 13:07:11

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8e16a936

Parameter 3 : 0x8a9c9990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010812-03.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010812-01.dmp

Crash Time : 08/01/2012 12:07:41

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8e167936

Parameter 3 : 0x8a923990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010812-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010712-02.dmp

Crash Time : 07/01/2012 11:10:10

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8e36a936

Parameter 3 : 0x8c149990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010712-02.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010712-01.dmp

Crash Time : 07/01/2012 00:32:14

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8df69936

Parameter 3 : 0x8c34f990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010712-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010612-07.dmp

Crash Time : 06/01/2012 23:01:26

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8dd66936

Parameter 3 : 0x95423990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010612-07.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010612-06.dmp

Crash Time : 06/01/2012 21:48:44

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8e161936

Parameter 3 : 0x8c29d990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010612-06.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010612-04.dmp

Crash Time : 06/01/2012 19:38:57

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8e162936

Parameter 3 : 0x8e8e2990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010612-04.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini010612-01.dmp

Crash Time : 06/01/2012 12:58:45

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8cf6a936

Parameter 3 : 0x8c371990

Parameter 4 : 0x00000000

Caused By Driver : atikmdag.sys

Caused By Address : atikmdag.sys+15d936

File Description : ATI Radeon Kernel Mode Driver

Product Name : ATI Radeon Family

Company : ATI Technologies Inc.

File Version : 7.01.01.523

Processor : 32-bit

Crash Address : atikmdag.sys+15d936

Stack Address 1 : atikmdag.sys+35eac

Stack Address 2 : atikmdag.sys+24674

Stack Address 3 : atikmdag.sys+247c6

Computer Name :

Full Path : C:\Windows\Minidump\Mini010612-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini123011-01.dmp

Crash Time : 30/12/2011 21:59:40

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x00000050

Parameter 1 : 0x8f1aff0e

Parameter 2 : 0x00000000

Parameter 3 : 0x86d20640

Parameter 4 : 0x00000002

Caused By Driver : sptd.sys

Caused By Address : sptd.sys+0

File Description : SCSI Pass Through Direct Host

Product Name : SCSI Pass Through Direct

Company : Duplex Secure Ltd.

File Version : 1.62.0.0 built by: WinDDK

Processor : 32-bit

Crash Address : ntkrnlpa.exe+a5195

Stack Address 1 : ntkrnlpa.exe+5abf4

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\Mini123011-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 133,488

==================================================

==================================================

Dump File : Mini121311-01.dmp

Crash Time : 13/12/2011 23:43:02

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x8212e218

Parameter 3 : 0xa2b0472c

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+b78ba

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+ed218

Stack Address 1 : ntkrnlpa.exe+ee6e0

Stack Address 2 : win32k.sys+bae0e

Stack Address 3 : win32k.sys+d4934

Computer Name :

Full Path : C:\Windows\Minidump\Mini121311-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini120511-01.dmp

Crash Time : 05/12/2011 19:35:58

Bug Check String : BAD_POOL_CALLER

Bug Check Code : 0x000000c2

Parameter 1 : 0x00000007

Parameter 2 : 0x0000110b

Parameter 3 : 0x00820022

Parameter 4 : 0xfe4253f8

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+d763f

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : ntkrnlpa.exe+ee00c

Stack Address 2 : win32k.sys+7089

Stack Address 3 : win32k.sys+6a04

Computer Name :

Full Path : C:\Windows\Minidump\Mini120511-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini120211-01.dmp

Crash Time : 02/12/2011 17:46:47

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x00000050

Parameter 1 : 0xfe600000

Parameter 2 : 0x00000000

Parameter 3 : 0x94ee6f74

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+6b4f

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+a5195

Stack Address 1 : ntkrnlpa.exe+5abf4

Stack Address 2 : win32k.sys+6f74

Stack Address 3 : win32k.sys+69b0

Computer Name :

Full Path : C:\Windows\Minidump\Mini120211-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini113011-01.dmp

Crash Time : 30/11/2011 18:50:21

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x00000050

Parameter 1 : 0xfe423004

Parameter 2 : 0x00000000

Parameter 3 : 0x94c56f24

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+6b4f

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+a5195

Stack Address 1 : ntkrnlpa.exe+5abf4

Stack Address 2 : win32k.sys+6f24

Stack Address 3 : win32k.sys+69b0

Computer Name :

Full Path : C:\Windows\Minidump\Mini113011-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini112411-01.dmp

Crash Time : 24/11/2011 22:41:50

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0xff097a9a

Parameter 3 : 0x9f8bacf0

Parameter 4 : 0x00000000

Caused By Driver :

Caused By Address :

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address :

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\Mini112411-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini111211-01.dmp

Crash Time : 12/11/2011 17:06:58

Bug Check String : PFN_LIST_CORRUPT

Bug Check Code : 0x0000004e

Parameter 1 : 0x00000099

Parameter 2 : 0x000ffff7

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd1e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : ntkrnlpa.exe+a398b

Stack Address 2 : ntkrnlpa.exe+1b3d21

Stack Address 3 : ntkrnlpa.exe+1b3dbe

Computer Name :

Full Path : C:\Windows\Minidump\Mini111211-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini101611-01.dmp

Crash Time : 16/10/2011 21:19:08

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x81578448

Parameter 3 : 0x96101c8c

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+c8448

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : win32k.sys+c8448

Stack Address 1 : win32k.sys+c9c15

Stack Address 2 : win32k.sys+c9bcb

Stack Address 3 : ntkrnlpa.exe+57a9a

Computer Name :

Full Path : C:\Windows\Minidump\Mini101611-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini100911-01.dmp

Crash Time : 09/10/2011 12:59:34

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x00000050

Parameter 1 : 0xfe46504c

Parameter 2 : 0x00000000

Parameter 3 : 0x952c6f74

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+6b4f

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+a5195

Stack Address 1 : ntkrnlpa.exe+5abf4

Stack Address 2 : win32k.sys+6f74

Stack Address 3 : win32k.sys+69b0

Computer Name :

Full Path : C:\Windows\Minidump\Mini100911-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini082911-01.dmp

Crash Time : 29/08/2011 18:58:17

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x00000050

Parameter 1 : 0xfe600000

Parameter 2 : 0x00000000

Parameter 3 : 0x81806f74

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+936e3

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+a5195

Stack Address 1 : ntkrnlpa.exe+5abf4

Stack Address 2 : win32k.sys+6f74

Stack Address 3 : win32k.sys+69b0

Computer Name :

Full Path : C:\Windows\Minidump\Mini082911-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini081811-01.dmp

Crash Time : 18/08/2011 22:00:03

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x955acff5

Parameter 3 : 0x9ba3bc54

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+ccff5

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : win32k.sys+ccff5

Stack Address 1 : win32k.sys+cd139

Stack Address 2 : ntkrnlpa.exe+57a9a

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\Mini081811-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini071711-01.dmp

Crash Time : 17/07/2011 10:05:56

Bug Check String : PFN_LIST_CORRUPT

Bug Check Code : 0x0000004e

Parameter 1 : 0x00000099

Parameter 2 : 0x0003c34a

Parameter 3 : 0x00000002

Parameter 4 : 0x00055619

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd1e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : ntkrnlpa.exe+a398b

Stack Address 2 : ntkrnlpa.exe+9d9ba

Stack Address 3 : ntkrnlpa.exe+efba4

Computer Name :

Full Path : C:\Windows\Minidump\Mini071711-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini061311-01.dmp

Crash Time : 13/06/2011 07:17:40

Bug Check String : IRQL_NOT_LESS_OR_EQUAL

Bug Check Code : 0x0000000a

Parameter 1 : 0x0a1400a0

Parameter 2 : 0x00000002

Parameter 3 : 0x00000000

Parameter 4 : 0x820d403d

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+5adc4

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+5adc4

Stack Address 1 : ntkrnlpa.exe+8803d

Stack Address 2 : ntkrnlpa.exe+88bf7

Stack Address 3 : ntkrnlpa.exe+87495

Computer Name :

Full Path : C:\Windows\Minidump\Mini061311-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini060811-01.dmp

Crash Time : 08/06/2011 07:03:03

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x948d3801

Parameter 3 : 0x9eff5c14

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+d3801

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : win32k.sys+d3801

Stack Address 1 : win32k.sys+d409f

Stack Address 2 : win32k.sys+d49c1

Stack Address 3 : win32k.sys+d4b0b

Computer Name :

Full Path : C:\Windows\Minidump\Mini060811-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini060711-01.dmp

Crash Time : 07/06/2011 20:09:47

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0x953b8e33

Parameter 3 : 0xa03c5c98

Parameter 4 : 0x00000000

Caused By Driver : win32k.sys

Caused By Address : win32k.sys+c8e33

File Description : Multi-User Win32 Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : win32k.sys+c8e33

Stack Address 1 : win32k.sys+cd15f

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\Mini060711-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini060611-01.dmp

Crash Time : 06/06/2011 07:42:40

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x85564020

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini060611-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini071510-01.dmp

Crash Time : 15/07/2010 12:08:28

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0xae872020

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini071510-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini062810-01.dmp

Crash Time : 28/06/2010 12:43:39

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x837b76b0

Parameter 3 : 0x853d5030

Parameter 4 : 0x85008c48

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd1e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : ntkrnlpa.exe+33b8c

Stack Address 2 : ntkrnlpa.exe+336dc

Stack Address 3 : ntkrnlpa.exe+b6d20

Computer Name :

Full Path : C:\Windows\Minidump\Mini062810-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini062510-01.dmp

Crash Time : 25/06/2010 06:56:26

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0xa32cdd78

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini062510-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini062410-01.dmp

Crash Time : 24/06/2010 15:37:30

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x83b9db70

Parameter 3 : 0x853fe380

Parameter 4 : 0x85072268

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd1e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd1e3

Stack Address 1 : ntkrnlpa.exe+33b8c

Stack Address 2 : ntkrnlpa.exe+336dc

Stack Address 3 : ntkrnlpa.exe+b6d20

Computer Name :

Full Path : C:\Windows\Minidump\Mini062410-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini061010-01.dmp

Crash Time : 10/06/2010 14:57:39

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x833656b0

Parameter 3 : 0x84fcc030

Parameter 4 : 0x849c23e8

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd0e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : ntkrnlpa.exe+33b5c

Stack Address 2 : ntkrnlpa.exe+336ac

Stack Address 3 : ntkrnlpa.exe+b6c40

Computer Name :

Full Path : C:\Windows\Minidump\Mini061010-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini060310-01.dmp

Crash Time : 03/06/2010 08:40:58

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0xa7906020

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini060310-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini052610-01.dmp

Crash Time : 26/05/2010 14:48:32

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x833adb70

Parameter 3 : 0x84fd6030

Parameter 4 : 0x8514c560

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd0e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : ntkrnlpa.exe+33b5c

Stack Address 2 : ntkrnlpa.exe+336ac

Stack Address 3 : ntkrnlpa.exe+b6c40

Computer Name :

Full Path : C:\Windows\Minidump\Mini052610-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini033110-01.dmp

Crash Time : 31/03/2010 16:34:52

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x8c91da80

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini033110-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini031010-01.dmp

Crash Time : 10/03/2010 10:14:28

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x84d83a30

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini031010-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini021410-01.dmp

Crash Time : 14/02/2010 10:58:18

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x85522020

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini021410-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini021310-01.dmp

Crash Time : 13/02/2010 16:31:29

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x848b7020

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini021310-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini020510-01.dmp

Crash Time : 05/02/2010 18:11:13

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x85a51738

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini020510-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini020110-01.dmp

Crash Time : 01/02/2010 17:41:18

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x850cf3c0

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini020110-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini012610-01.dmp

Crash Time : 26/01/2010 17:23:12

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x833b56b0

Parameter 3 : 0x84fc6030

Parameter 4 : 0x8bf2a760

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd0e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : ntkrnlpa.exe+33b5c

Stack Address 2 : ntkrnlpa.exe+336ac

Stack Address 3 : ntkrnlpa.exe+b6c40

Computer Name :

Full Path : C:\Windows\Minidump\Mini012610-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini012510-01.dmp

Crash Time : 25/01/2010 21:31:48

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x84d40580

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini012510-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini121109-01.dmp

Crash Time : 11/12/2009 09:58:54

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x833aed78

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini121109-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini120809-01.dmp

Crash Time : 08/12/2009 21:56:03

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x833656b0

Parameter 3 : 0x84fd4030

Parameter 4 : 0x84053578

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd0e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : ntkrnlpa.exe+33b5c

Stack Address 2 : ntkrnlpa.exe+336ac

Stack Address 3 : ntkrnlpa.exe+b6c40

Computer Name :

Full Path : C:\Windows\Minidump\Mini120809-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,352

==================================================

==================================================

Dump File : Mini102609-01.dmp

Crash Time : 26/10/2009 12:35:58

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x831add78

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini102609-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,304

==================================================

==================================================

Dump File : Mini082609-01.dmp

Crash Time : 26/08/2009 03:13:26

Bug Check String : DRIVER_POWER_STATE_FAILURE

Bug Check Code : 0x0000009f

Parameter 1 : 0x00000003

Parameter 2 : 0x83fa0b70

Parameter 3 : 0x84d4f030

Parameter 4 : 0x859d9e28

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+cd0e3

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : ntkrnlpa.exe+33b5c

Stack Address 2 : ntkrnlpa.exe+336ac

Stack Address 3 : ntkrnlpa.exe+b6c40

Computer Name :

Full Path : C:\Windows\Minidump\Mini082609-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,304

==================================================

==================================================

Dump File : Mini082309-01.dmp

Crash Time : 23/08/2009 19:05:02

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x855a74c0

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini082309-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,304

==================================================

==================================================

Dump File : Mini081909-01.dmp

Crash Time : 19/08/2009 17:04:12

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x843fd460

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini081909-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,304

==================================================

==================================================

Dump File : Mini081809-01.dmp

Crash Time : 18/08/2009 21:48:48

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x100000ea

Parameter 1 : 0x85825bd8

Parameter 2 : 0x00000000

Parameter 3 : 0x00000000

Parameter 4 : 0x00000000

Caused By Driver : dxgkrnl.sys

Caused By Address : dxgkrnl.sys+15b60

File Description : DirectX Graphics Kernel

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cd0e3

Stack Address 1 : dxgkrnl.sys+15b60

Stack Address 2 : dxgkrnl.sys+d6cf

Stack Address 3 : atikmdag.sys+349e2

Computer Name :

Full Path : C:\Windows\Minidump\Mini081809-01.dmp

Processors Count : 1

Major Version : 15

Minor Version : 6001

Dump File Size : 138,304

==================================================

jcd106 · Jan 8, 2012

Ok, the BSOD from atikmdag.sy appears to be a pretty common issue with the catalyst control centre drivers. As a temporary check on that I renamed it to atikmdag.sy.old and tried booting to normal mode and it's booted fine (display settings are pretty borked but I guess that's down to the driver). What are the chances the BSOD was a completely unrelated issue and not caused by system-check? It's been running a few minutes now without system check or anti-malware 2012 popping or the mass of error messages. There is one message about the recycle bin being corrupted for C:\ and do I want to empty it.

Any suggestions for next steps antivirus wise? I'll look into the catalyst control centre issue to see how I can get round that.

Cheers

Broni · Jan 8, 2012

Good investigating job

Your computer was definitely infected.
The infection could have corrupted CCC files, or it was independent issue.
CCC doesn't need to run as a startup, so you can disable it altogether.

Now, when in normal mode, update MBAM, run "Quick scan" and post new log.
Then post fresh OTL log.

P.S. I'm not sure which setting is causing this but all your logs paste with double space, which requires a lot of scrolling. Can you fix it?

jcd106 · Jan 8, 2012

According to msconfig CCC is disabled at start up - not sure what's going on there.

I've tried update MBAM a couple of times but the internet connection on my laptop drops out everytime (including using a wired connection). It claims that I only have local access even though I'm currently using the same connection on the internet fine. After a while the update times out. Confused by that one. When it times out from this attempt I'll run the quick scan without updating.

As for logs I'm not sure but I'll try and fix it. Might be geany doing some strange formatting before I copy and paste.

Broni · Jan 8, 2012

According to msconfig CCC is disabled at start up - not sure what's going on there.

You may want to reinstall your video driver later.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Inactive [A] Vista System Check and Anti-malware 2012 removal

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Similar threads