Blue screen of death.... sort of

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Re: Blue screen of death.... sort of

Post by chainz on Sun Oct 18, 2009 12:41 pm

It will not allow me to run this now. it says I dont have appropriate permissions.

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Belahzur on Sun Oct 18, 2009 3:00 pm

Can you run Combofix as normal without a script?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Tue Oct 20, 2009 1:18 am

Yes. I think so. It opens up alright.

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Tue Oct 20, 2009 1:44 am

Please re-run ComboFix and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Tue Oct 20, 2009 11:18 am

ComboFix 09-10-19.01 - Aarons 10/20/2009 6:02.4.1 - NTFSx86
Running from: c:\documents and settings\Aarons\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-20 03:59 . 2009-10-20 04:16 -------- d-----w- C:\Combo-Fix
2009-10-17 12:40 . 2009-10-17 12:40 -------- d-----w- c:\windows\ERUNT
2009-10-17 12:17 . 2009-10-17 13:51 -------- d-----w- C:\SDFix
2009-10-14 00:37 . 2009-10-14 00:37 574 ----a-w- C:\cleanup.bat
2009-10-14 00:37 . 2009-10-14 00:37 135168 ----a-w- C:\zip.exe
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\7-Zip
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-10-07 12:42 . 2009-10-15 19:05 -------- d-----w- c:\documents and settings\Aarons\Application Data\MSA
2009-09-24 11:10 . 2009-09-24 11:10 -------- d-----w- c:\documents and settings\Aarons\Local Settings\Application Data\PCHealth
2009-09-23 19:35 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 11:33 . 2009-02-22 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 08:09 . 2008-09-09 11:29 -------- d-----w- c:\documents and settings\Aarons\Application Data\uTorrent
2009-10-12 23:06 . 2004-07-18 01:07 -------- d-----w- c:\program files\AutoCAD R14
2009-10-03 20:19 . 2009-03-25 18:06 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-10-03 20:19 . 2004-04-03 03:27 18619 ----a-w- c:\windows\mozver.dat
2009-10-03 20:19 . 2009-05-15 22:43 118784 ----a-w- c:\windows\GREUninstall.exe
2009-09-12 23:11 . 2004-04-05 04:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-12 20:35 . 2004-04-05 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:33 . 2002-08-29 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-02-22 01:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-02-22 01:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2003-09-19 17:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 18:47 . 2004-04-02 21:26 84984 ----a-w- c:\documents and settings\Aarons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:36 . 2004-02-06 23:05 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-08-29 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 00:34 . 2009-08-23 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-23 00:33 . 2009-08-23 00:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-08-23 00:33 . 2009-08-23 00:33 -------- d-----w- c:\program files\Uniblue
2009-08-23 00:33 . 2009-08-23 00:33 -------- d-----w- c:\documents and settings\Aarons\Application Data\Uniblue
2009-08-22 21:28 . 2009-08-21 17:17 -------- d-----w- c:\program files\Reg Tool
2009-08-21 17:18 . 2009-08-21 17:18 -------- d-----w- c:\documents and settings\Aarons\Application Data\Reg Tool
2009-08-21 16:56 . 2004-04-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-20 10:40 . 2009-08-20 10:40 15137 ----a-w- c:\windows\bitusagono.pif
2009-08-20 10:40 . 2009-08-20 10:40 17479 ----a-w- c:\windows\system32\caxexoku.dat
2009-08-20 10:40 . 2009-08-20 10:40 18919 ----a-w- c:\windows\fajipo.bin
2009-08-20 10:40 . 2009-08-20 10:40 10474 ----a-w- c:\windows\system32\eluzeca.dll
2009-08-20 10:40 . 2009-08-20 10:40 10034 ----a-w- c:\windows\system32\zaqikanyzu.sys
2009-08-20 10:40 . 2009-08-20 10:40 18568 ----a-w- c:\documents and settings\Aarons\Application Data\temotulobi.exe
2009-08-05 09:11 . 2002-12-12 06:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 1980-01-01 06:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 1980-01-01 06:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2004-04-15 00:12 . 2004-04-15 00:09 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-04-15 00:09 . 2004-04-15 00:09 6262872 ----a-w- c:\program files\psa2se_us.exe
2004-04-13 21:20 . 2004-04-13 21:20 3643251 ----a-w- c:\program files\001.mov
2004-04-12 00:52 . 2004-04-12 00:52 683132 ----a-w- c:\program files\flashplayer7installer.exe
2004-04-10 00:28 . 2004-04-10 00:22 12276904 ----a-w- c:\program files\QuickTimeFullInstaller.exe
2004-04-09 03:47 . 2004-04-09 03:47 4217352 ----a-w- c:\program files\DivX511.exe
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\browser.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ817287$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys


[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lsass.exe

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\SYSTEM32\bits\qmgr.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\termsrv.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\ntmssvc.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-05-06 764776]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SDFix"="c:\sdfix\RunThis.bat" [2008-11-06 964661]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck smrgdf c:\documents and settings\Aarons\Application Data\iolo

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]

.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-01-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-20 06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-20 6:16
ComboFix-quarantined-files.txt 2009-10-20 11:16
ComboFix2.txt 2009-10-20 04:16
ComboFix3.txt 2009-10-16 04:34

Pre-Run: 7,459,606,528 bytes free
Post-Run: 7,430,643,712 bytes free

- - End Of File - - 84BA243E84DDEEC94F10AFB82C6AA96F

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Tue Oct 20, 2009 11:25 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    beep.sys
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


NEXT


Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    killall::
    File::
    c:\windows\bitusagono.pif
    c:\windows\system32\caxexoku.dat
    c:\windows\fajipo.bin
    c:\windows\system32\eluzeca.dll
    c:\windows\system32\zaqikanyzu.sys
    c:\documents and settings\Aarons\Application Data\temotulobi.exe

    FCopy::
    c:\windows\ServicePackFiles\i386\eventlog.dll | C:\windows\System32\eventlog.dll

    DDS::
    Trusted Zone: turbotax.com
    Trusted Zone: musicmatch.com\online
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please make sure the SystemLook and ComboFix logs are posted in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Thu Oct 22, 2009 10:59 am

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 05:47 on 22/10/2009 by Aarons (Administrator - Elevation successful)

========== filefind ==========

Searching for "comres.dll"
C:\I386\COMRES.DLL --a--- 792064 bytes [21:31 02/04/2004] [11:00 29/08/2002] 1F51839ECCF908FD86558198909262E4
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [16:39 15/09/2008] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [07:56 04/08/2004] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comres.dll --a--- 792064 bytes [22:11 07/10/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SYSTEM32\comres.dll --a--- 792064 bytes [11:00 29/08/2002] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\I386\crypt32.dll --a--- 544256 bytes [21:31 02/04/2004] [22:18 20/03/2003] AC263A16E9D3709C105978206E8F5AFD
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [16:39 15/09/2008] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 597504 bytes [07:56 04/08/2004] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\crypt32.dll --a--- 599040 bytes [22:11 07/10/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SYSTEM32\crypt32.dll --a--- 597504 bytes [22:18 20/03/2003] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\I386\RUNDLL32.EXE --a--- 31744 bytes [21:38 02/04/2004] [11:00 29/08/2002] 0FB22DD37C17F80AD71316049F725170
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe --a--- 33280 bytes [16:18 25/10/2004] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [16:38 15/09/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [07:56 04/08/2004] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rundll32.exe --a--- 33280 bytes [22:13 07/10/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SYSTEM32\rundll32.exe --a--- 33280 bytes [11:00 29/08/2002] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "beep.sys"
C:\I386\BEEP.SYS --a--- 4224 bytes [21:33 02/04/2004] [11:00 29/08/2002] DA1F27D85E0D1525F6621372E7B685E9
C:\SDFix\apps\Replace\w2k\beep.sys --a--- 4080 bytes [12:17 17/10/2009] [20:27 07/08/2008] DF012C2853281CE2BF536E8DE871C8C1
C:\SDFix\apps\Replace\xp\beep.sys --a--- 4224 bytes [12:17 17/10/2009] [20:27 07/08/2008] DA1F27D85E0D1525F6621372E7B685E9

Searching for "atapi.sys"
C:\I386\atapi.sys --a--- 87296 bytes [21:33 02/04/2004] [15:29 23/04/2003] E52B3B3F78C9AE85806CE49DCDD80C18
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [16:37 15/09/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 95360 bytes [05:59 04/08/2004] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys --a--- 96512 bytes [22:10 07/10/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys --a--- 95360 bytes [07:27 29/08/2002] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Thu Oct 22, 2009 11:26 am

ComboFix 09-10-19.01 - Aarons 10/22/2009 6:08.5.1 - NTFSx86
Running from: c:\documents and settings\Aarons\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-20 11:00 . 2009-10-20 11:16 -------- d-----w- C:\Combo-Fix26218C
2009-10-20 03:59 . 2009-10-22 11:04 -------- d-----w- C:\Combo-Fix
2009-10-17 12:40 . 2009-10-17 12:40 -------- d-----w- c:\windows\ERUNT
2009-10-17 12:17 . 2009-10-17 13:51 -------- d-----w- C:\SDFix
2009-10-14 00:37 . 2009-10-14 00:37 574 ----a-w- C:\cleanup.bat
2009-10-14 00:37 . 2009-10-14 00:37 135168 ----a-w- C:\zip.exe
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\7-Zip
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-10-07 12:42 . 2009-10-15 19:05 -------- d-----w- c:\documents and settings\Aarons\Application Data\MSA
2009-09-24 11:10 . 2009-09-24 11:10 -------- d-----w- c:\documents and settings\Aarons\Local Settings\Application Data\PCHealth
2009-09-23 19:35 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 11:33 . 2009-02-22 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 08:09 . 2008-09-09 11:29 -------- d-----w- c:\documents and settings\Aarons\Application Data\uTorrent
2009-10-12 23:06 . 2004-07-18 01:07 -------- d-----w- c:\program files\AutoCAD R14
2009-10-03 20:19 . 2009-03-25 18:06 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-10-03 20:19 . 2004-04-03 03:27 18619 ----a-w- c:\windows\mozver.dat
2009-10-03 20:19 . 2009-05-15 22:43 118784 ----a-w- c:\windows\GREUninstall.exe
2009-09-12 23:11 . 2004-04-05 04:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-12 20:35 . 2004-04-05 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:33 . 2002-08-29 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-02-22 01:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-02-22 01:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2003-09-19 17:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 18:47 . 2004-04-02 21:26 84984 ----a-w- c:\documents and settings\Aarons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:36 . 2004-02-06 23:05 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-08-29 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 10:40 . 2009-08-20 10:40 15137 ----a-w- c:\windows\bitusagono.pif
2009-08-20 10:40 . 2009-08-20 10:40 17479 ----a-w- c:\windows\system32\caxexoku.dat
2009-08-20 10:40 . 2009-08-20 10:40 18919 ----a-w- c:\windows\fajipo.bin
2009-08-20 10:40 . 2009-08-20 10:40 10474 ----a-w- c:\windows\system32\eluzeca.dll
2009-08-20 10:40 . 2009-08-20 10:40 10034 ----a-w- c:\windows\system32\zaqikanyzu.sys
2009-08-20 10:40 . 2009-08-20 10:40 18568 ----a-w- c:\documents and settings\Aarons\Application Data\temotulobi.exe
2009-08-05 09:11 . 2002-12-12 06:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 1980-01-01 06:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 1980-01-01 06:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2004-04-15 00:12 . 2004-04-15 00:09 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-04-15 00:09 . 2004-04-15 00:09 6262872 ----a-w- c:\program files\psa2se_us.exe
2004-04-13 21:20 . 2004-04-13 21:20 3643251 ----a-w- c:\program files\001.mov
2004-04-12 00:52 . 2004-04-12 00:52 683132 ----a-w- c:\program files\flashplayer7installer.exe
2004-04-10 00:28 . 2004-04-10 00:22 12276904 ----a-w- c:\program files\QuickTimeFullInstaller.exe
2004-04-09 03:47 . 2004-04-09 03:47 4217352 ----a-w- c:\program files\DivX511.exe
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\browser.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ817287$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys


[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lsass.exe

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\SYSTEM32\bits\qmgr.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Thu Oct 22, 2009 11:26 am

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\termsrv.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\ntmssvc.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-05-06 764776]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SDFix"="c:\sdfix\RunThis.bat" [2008-11-06 964661]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck smrgdf c:\documents and settings\Aarons\Application Data\iolo

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Thu Oct 22, 2009 11:27 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]

.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-01-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-22 06:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-22 6:23
ComboFix-quarantined-files.txt 2009-10-22 11:22
ComboFix2.txt 2009-10-20 11:16
ComboFix3.txt 2009-10-20 04:16
ComboFix4.txt 2009-10-16 04:34

Pre-Run: 7,306,825,728 bytes free
Post-Run: 7,271,182,336 bytes free

- - End Of File - - 609492816866FED14A23CB50C3EF6BB2

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Fri Oct 23, 2009 4:04 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    killall::
    File::
    c:\windows\bitusagono.pif
    c:\windows\system32\caxexoku.dat
    c:\windows\fajipo.bin
    c:\windows\system32\eluzeca.dll
    c:\windows\system32\zaqikanyzu.sys
    c:\documents and settings\Aarons\Application Data\temotulobi.exe

    FCopy::
    c:\windows\ServicePackFiles\i386\eventlog.dll | C:\windows\System32\eventlog.dll

    DDS::
    Trusted Zone: turbotax.com
    Trusted Zone: musicmatch.com\online
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Sun Oct 25, 2009 2:04 pm

killall::
File::
c:\windows\bitusagono.pif
c:\windows\system32\caxexoku.dat
c:\windows\fajipo.bin
c:\windows\system32\eluzeca.dll
c:\windows\system32\zaqikanyzu.sys
c:\documents and settings\Aarons\Application Data\temotulobi.exe

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | C:\windows\System32\eventlog.dll

DDS::
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Belahzur on Mon Oct 26, 2009 12:05 am

Can you post the full resulting Combofix log of the CFScript.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Mon Oct 26, 2009 1:51 am

My apologies. I mispelled cfscript when i saved it to the program so all it generated was what i put in. here we go.

ComboFix 09-10-24.01 - Aarons 10/25/2009 20:20.9.1 - NTFSx86
Running from: c:\documents and settings\Aarons\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Aarons\Desktop\CFScript.txt.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

FILE ::
"c:\documents and settings\Aarons\Application Data\temotulobi.exe"
"c:\windows\bitusagono.pif"
"c:\windows\fajipo.bin"
"c:\windows\system32\caxexoku.dat"
"c:\windows\system32\eluzeca.dll"
"c:\windows\system32\zaqikanyzu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\system32\eventlog.dll
c:\sdfix\apps\Replace\xp\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 01:20 . 2008-08-07 20:27 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-10-26 01:15 . 2009-10-26 01:15 -------- d-----w- C:\Combo-Fix10245C
2009-10-26 01:09 . 2009-10-26 01:09 -------- d-----w- C:\Combo-Fix1446C
2009-10-26 01:06 . 2009-10-26 01:07 -------- d-----w- C:\Combo-Fix21217C
2009-10-25 14:03 . 2009-10-25 14:03 -------- d-----w- C:\Combo-Fix31183C
2009-10-25 13:41 . 2009-10-25 13:55 -------- d-----w- C:\Combo-Fix19657C
2009-10-24 16:41 . 2004-08-04 07:56 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-10-24 15:46 . 2009-10-24 16:02 -------- d-----w- C:\Combo-Fix5832C
2009-10-22 11:07 . 2009-10-22 11:23 -------- d-----w- C:\Combo-Fix7059C
2009-10-20 11:00 . 2009-10-20 11:16 -------- d-----w- C:\Combo-Fix26218C
2009-10-20 03:59 . 2009-10-26 01:11 -------- d-----w- C:\Combo-Fix
2009-10-17 12:40 . 2009-10-17 12:40 -------- d-----w- c:\windows\ERUNT
2009-10-17 12:17 . 2009-10-17 13:51 -------- d-----w- C:\SDFix
2009-10-14 00:37 . 2009-10-14 00:37 574 ----a-w- C:\cleanup.bat
2009-10-14 00:37 . 2009-10-14 00:37 135168 ----a-w- C:\zip.exe
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\7-Zip
2009-10-13 00:27 . 2009-10-13 00:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-10-07 12:42 . 2009-10-15 19:05 -------- d-----w- c:\documents and settings\Aarons\Application Data\MSA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 11:33 . 2009-02-22 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 08:09 . 2008-09-09 11:29 -------- d-----w- c:\documents and settings\Aarons\Application Data\uTorrent
2009-10-12 23:06 . 2004-07-18 01:07 -------- d-----w- c:\program files\AutoCAD R14
2009-10-03 20:19 . 2009-03-25 18:06 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-10-03 20:19 . 2004-04-03 03:27 18619 ----a-w- c:\windows\mozver.dat
2009-10-03 20:19 . 2009-05-15 22:43 118784 ----a-w- c:\windows\GREUninstall.exe
2009-09-12 23:11 . 2004-04-05 04:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-12 20:35 . 2004-04-05 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:33 . 2002-08-29 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-02-22 01:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-02-22 01:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2003-09-19 17:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 18:47 . 2004-04-02 21:26 84984 ----a-w- c:\documents and settings\Aarons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:36 . 2004-02-06 23:05 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-08-29 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:11 . 2002-12-12 06:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 1980-01-01 06:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 1980-01-01 06:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2004-04-15 00:12 . 2004-04-15 00:09 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-04-15 00:09 . 2004-04-15 00:09 6262872 ----a-w- c:\program files\psa2se_us.exe
2004-04-13 21:20 . 2004-04-13 21:20 3643251 ----a-w- c:\program files\001.mov
2004-04-12 00:52 . 2004-04-12 00:52 683132 ----a-w- c:\program files\flashplayer7installer.exe
2004-04-10 00:28 . 2004-04-10 00:22 12276904 ----a-w- c:\program files\QuickTimeFullInstaller.exe
2004-04-09 03:47 . 2004-04-09 03:47 4217352 ----a-w- c:\program files\DivX511.exe
.

------- Sigcheck -------

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys

[-] 2008-08-07 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lsass.exe

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\SYSTEM32\bits\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ817287$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Mon Oct 26, 2009 1:51 am

.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ctfmon.exe

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Mon Oct 26, 2009 1:52 am

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\termsrv.dll

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\ntmssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-05 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-05-06 764776]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SDFix"="c:\sdfix\RunThis.bat" [2008-11-06 964661]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck smrgdf c:\documents and settings\Aarons\Application Data\iolo

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]

.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-01-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-25 20:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-26 20:35
ComboFix-quarantined-files.txt 2009-10-26 01:35
ComboFix2.txt 2009-10-24 16:02
ComboFix3.txt 2009-10-22 11:23
ComboFix4.txt 2009-10-20 11:16
ComboFix5.txt 2009-10-24 16:40

Pre-Run: 6,992,965,632 bytes free
Post-Run: 7,019,700,224 bytes free

- - End Of File - - 906B3427A0D020A19AB69CFBDB4EBC11

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Belahzur on Mon Oct 26, 2009 6:15 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Tue Oct 27, 2009 1:56 am

7-Zip 4.57
Ad-aware 6 Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AIM Toolbar
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
Apple Software Update
a-squared Free 3.1
Audit Support Center 1.0
AutoCAD R14.0
Broadcom Management Programs
CCleaner (remove only)
Coin Collector Pro
ComcastSUPPORT
Conexant SmartHSFi V.9x 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (remove only)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Solution Center
DellSupport
DivX Codec
DivX Converter
DivX Player
DivX Web Player
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 3320 series (Remove only)
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iolo technologies' System Mechanic 7
J2SE Development Kit 5.0
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 6
LimeWire 5.1.2
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 SR-1 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Minute Timer (remove only)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
OpenOffice.org Installer 1.0
QuickTime
Rhapsody Player Engine
Roxio VideoWave Movie Creator
SeaMonkey (1.1.18)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.2
Total Access Memo 2000
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
WexTech AnswerWorks
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WordPerfect Office 11
Yahoo! Browser Services
Yahoo! Mail
Yahoo! Messenger
Yahoo! Toolbar

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Belahzur on Tue Oct 27, 2009 7:52 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Development Kit 5.0
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 6
    LimeWire 5.1.2
    Uniblue DriverScanner 2009
    Uniblue DriverScanner 2009

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Tue Oct 27, 2009 11:39 pm

I hate to be ignorant but I cant see the start menu nor the the control panel. When I try to access either of them by typing their name in the task manager it simply says file not found. Is their another way i can access them?

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Belahzur on Wed Oct 28, 2009 1:37 am

So no Start menu pops up when you hit the Start key? will it open if you hit the Windows flag key on the keyboard?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Thu Oct 29, 2009 6:35 pm

No I Get nothing. Im at a loss.

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Sat Oct 31, 2009 1:25 am

I actually responded to this question Wednesday morning. I have no idea why it did not post until yesterday. I understand you guys are very busy. Waiting anxiously for further instructions. Thanks!

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Sat Oct 31, 2009 2:16 am

We may need to reset the permission on explorer.exe, looks like the malware has locked it.

Please download [You must be registered and logged in to see this link.] file.

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to File > New Task in Task Manager. Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Sat Oct 31, 2009 11:11 am

I am unable to unzip the file.

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Sat Oct 31, 2009 6:51 pm

I had this problem with another application. Can you direct me to an unzipped version?

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Sat Oct 31, 2009 8:52 pm

Try this: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by chainz on Sat Oct 31, 2009 11:01 pm

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - [You must be registered and logged in to see this link.]


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe: Access is denied.



Failed to open \\?\c:\\Program Files\iolo\System Mechanic 7\SysMech7.exe: Access is denied.


..

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Reg Tool\Reg Tool.exe: Access is denied.


...

...
Failed to open \\?\c:\\Program Files\Uniblue\DriverScanner\DriverScanner.exe: Access is denied.




...

...

.
Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2133\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.



Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2134\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.



Failed to open \\?\c:\\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2135\snapshot\_registry_machine_system.LOG: The file or directory is corrupted and unreadable.


..

...

...

..
Failed to open \\?\c:\\WINDOWS\explorer.exe: Access is denied.


.

...

...

...

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\SYSTEM32\MRT.exe: Access is denied.


...

...
Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET118.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET11F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET12A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET14F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET171.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET175.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET179.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3B.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3C.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3D.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET3F.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET40.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET41.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET42.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET43.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET44.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET45.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET4E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET50.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET56.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET5E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET67.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET77.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET80.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SET9E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETAA.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETAD.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETB9.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETBA.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETDB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETED.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETF5.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\SETFF.tmp: Access is denied.





Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe: Access is denied.

chainz
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2009-10-04
OS OS : xp
Points Points : 26595
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blue screen of death.... sort of

Post by Dr Jay on Sun Nov 01, 2009 12:41 am

Please try this:

  1. Download Win32kDiag from any of the following locations and open it from its location.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Sun Nov 01, 2009 10:38 am

    Running from: C:\Documents and Settings\Aarons\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Aarons\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Cannot access: C:\WINDOWS\explorer.exe

    [1] 2007-06-13 06:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)

    [2] 2004-08-04 02:56:49 1032192 C:\WINDOWS\explorer(2).exe (Microsoft Corporation)

    [2] 2004-08-04 02:56:49 1032192 C:\WINDOWS\explorer(3).exe (Microsoft Corporation)

    [2] 2007-06-13 05:23:07 1033216 C:\WINDOWS\explorer(4).exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\explorer.exe ()

    [1] 2004-08-04 02:56:49 1032192 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

    [1] 2008-04-13 19:12:19 1033728 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe (Microsoft Corporation)

    [1] 2007-06-13 05:23:07 1033216 C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe (Microsoft Corporation)



    Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

    [1] 2009-08-28 16:38:20 24689600 C:\WINDOWS\SYSTEM32\MRT.exe ()

    [2] 2009-07-29 19:49:14 24281536 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638429.exe (Microsoft Corporation)



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET118.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET118.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET11F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET11F.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET12A.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET12A.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET14F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET14F.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET171.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET171.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET175.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET175.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET179.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET179.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET1CB.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET1E7.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3A.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3A.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3B.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3B.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3C.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3C.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3D.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3D.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3E5.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET3F.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET3F.tmp ()

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Sun Nov 01, 2009 10:39 am

    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET40.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET40.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET41.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET41.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET42.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET42.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET43.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET43.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET44.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET44.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET45.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET45.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET4E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET4E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET50.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET50.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET56.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET56.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET5E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET5E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET67.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET67.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET77.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET77.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET80.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET80.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SET9E.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SET9E.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETAA.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETAA.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETAD.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETAD.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETB9.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETB9.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETBA.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETBA.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETDB.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETDB.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETED.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETED.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETF5.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETF5.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\SETFF.tmp

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\SETFF.tmp ()



    Cannot access: C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe

    [1] 2009-02-06 04:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2004-08-04 02:56:57 218112 C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe (Microsoft Corporation)

    [1] 2004-08-04 02:56:57 218112 C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 04:41:05 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:10:02 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 05:15:13 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe (Microsoft Corporation)

    [1] 2008-04-13 19:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\DLLCACHE\wmiprvse.exe (Microsoft Corporation)

    [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe ()

    [2] 2004-08-04 02:56:57 218112 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2147\A0638152.exe (Microsoft Corporation)

    [1] 2002-08-29 06:00:00 203776 C:\i386\WMIPRVSE.EXE (Microsoft Corporation)





    Finished!

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Sun Nov 01, 2009 6:27 pm

    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that are highly damaged to remove viruses.
    • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
    • Just double-click on the rescue system package to burn it to a CD/DVD.
    • Then please use that CD/DVD with Avira Rescue System to boot your computer.
    You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


    Press the number 2 on your keyboard to boot into AntiVir Rescue System.

    Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


    Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


    Then please start the scan.

    The Avira AntiVir Rescue System wil now

    • repair a damaged system,
    • rescue data,
    • scan the system for virus infections.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Tue Nov 03, 2009 9:51 am

    Once i boot from the cd , the application loads but does not give me any options for running a scan or anything. I thought maybe i did something wrondg so i burned a new cd and tried again and i get the same thing.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Wed Nov 04, 2009 12:53 am

    Can you boot in to Safe Mode (no Rescue, just normal boot), at least? Do you see a Desktop and different objects?

    Your system is highly damaged, and certain objects are locked, so removing this beast will be rough. If we can work in Safe Mode with Networking, I can assist in resetting a lot of those locked items (shown in the Win32KDiag log above).

    (To reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).)

    Reply back here if you are there successfully. Or if you had any issues in getting in to Safe Mode.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Wed Nov 04, 2009 2:07 am

    Safe mode with networking is a no go. As soon as it is time for password the system just locks up. I believe i can boot in regular safe mode.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Wed Nov 04, 2009 6:33 am

    Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
    • Save it to your desktop.
    • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder.Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked:

      • System Memory
      • Startup Objects
      • Disk Boot Sectors.
      • My Computer.
      • Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
    Then choose OK again then you are back to the main screen.

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
    Note: This tool will self uninstall when you close it so please save the log before closing it.

    If some of the options are not available, use as many as possible, and do the scan.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Fri Nov 06, 2009 3:03 am

    Im sorry I did not follow directions fully. My scan is in two parts because I forgot about the heuristic analyzer part and had to re-do it.

    Scan
    ----
    Scanned: 596346
    Detected: 71
    Untreated: 0
    Start time: 11/4/2009 7:26:14 AM
    Duration: 12:44:16
    Finish time: 11/4/2009 8:10:30 PM


    Detected
    --------
    Status Object
    ------ ------
    will be deleted when the computer is restarted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\start.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.BAT.Agent.tf File: C:\HzG.bat
    deleted: Trojan program Trojan.Win32.Buzus.cknw File: C:\Documents and Settings\Aarons\Application Data\Sun\Java\Deployment\cache\6.0\57\9d50e39-7ff9e4a0
    deleted: Trojan program Trojan.Win32.Buzus.cknw File: C:\Documents and Settings\Aarons\Local Settings\temp\0.2865700287181637.exe
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\mozilla.org\SeaMonkey\temp.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\new.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\protector.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: C:\Program Files\SafetyCenter\tst.exe/big.dll
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\Program Files\SafetyCenter\uninstall.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638432.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2159\A0638433.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2160\A0638474.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2160\A0638475.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0638515.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0638516.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0639515.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2161\A0639516.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2162\A0639566.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2162\A0639567.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2163\A0639611.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2163\A0639612.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639656.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639657.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639669.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2164\A0639670.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2165\A0639711.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2165\A0639712.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2166\A0639754.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2166\A0639755.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0639799.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2167\A0639800.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2168\A0639838.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2168\A0639839.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2169\A0640080.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2169\A0640081.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2170\A0640124.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2170\A0640125.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2171\A0640163.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2171\A0640164.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2172\A0640203.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2172\A0640204.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0640243.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0640244.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0641243.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2173\A0641244.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2174\A0641286.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2174\A0641287.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2175\A0641335.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2175\A0641336.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2176\A0641375.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2176\A0641376.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2177\A0641416.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2177\A0641417.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641468.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641469.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641481.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641482.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641491.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2178\A0641492.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2179\A0641535.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2179\A0641536.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641572.exe
    deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fhv File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641573.exe
    deleted: Trojan program Backdoor.Win32.Agent.akmn File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2180\A0641737.dll
    deleted: Trojan program Trojan.BAT.Agent.tf File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644035.bat
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644036.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644037.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644038.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644039.exe/big.dll
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644040.exe//PE_Patch.UPX//UPX
    deleted: Trojan program Trojan.Win32.FraudPack.yja File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp2200\a0644039.exe


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/4/2009 7:27:48 AM Running module: smss.exe\smss.exe ok scanned


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Recommended
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search No
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Fri Nov 06, 2009 3:04 am

    Scan
    ----
    Scanned: 574767
    Detected: 1
    Untreated: 0
    Start time: 11/4/2009 8:36:17 PM
    Duration: 1 days 00:37:10
    Finish time: 11/5/2009 9:13:27 PM


    Detected
    --------
    Status Object
    ------ ------
    deleted: Trojan program Trojan.Win32.Cosmu.cmc File: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2200\A0644042.exe//PE_Patch.UPX//UPX


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/4/2009 8:37:14 PM Running module: smss.exe\smss.exe ok scanned
    11/4/2009 8:37:22 PM File: C:\WINDOWS\System32\smss.exe ok scanned
    11/4/2009 8:37:22 PM Running module: smss.exe\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\csrss.exe ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\csrss.exe ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM File: C:\WINDOWS\system32\ntdll.dll ok scanned
    11/4/2009 8:37:24 PM Running module: csrss.exe\CSRSRV.dll ok scanned
    11/4/2009 8:37:25 PM File: C:\WINDOWS\system32\CSRSRV.dll ok scanned
    11/4/2009 8:37:25 PM Running module: csrss.exe\basesrv.dll ok scanned
    11/4/2009 8:37:25 PM File: C:\WINDOWS\system32\basesrv.dll ok scanned
    11/4/2009 8:37:25 PM Running module: csrss.exe\winsrv.dll ok scanned
    11/4/2009 8:37:27 PM File: C:\WINDOWS\system32\winsrv.dll ok scanned
    11/4/2009 8:37:27 PM Running module: csrss.exe\GDI32.dll ok scanned
    11/4/2009 8:37:28 PM File: C:\WINDOWS\system32\GDI32.dll ok scanned
    11/4/2009 8:37:28 PM Running module: csrss.exe\KERNEL32.dll ok scanned
    11/4/2009 8:37:30 PM File: C:\WINDOWS\system32\KERNEL32.dll ok scanned
    11/4/2009 8:37:30 PM Running module: csrss.exe\USER32.dll ok scanned
    11/4/2009 8:37:33 PM File: C:\WINDOWS\system32\USER32.dll ok scanned
    11/4/2009 8:37:33 PM Running module: csrss.exe\sxs.dll ok scanned
    11/4/2009 8:37:34 PM File: C:\WINDOWS\system32\sxs.dll ok scanned
    11/4/2009 8:37:34 PM Running module: csrss.exe\ADVAPI32.dll ok scanned


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Custom
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search Yes
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Fri Nov 06, 2009 2:01 pm

    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done


    ==
    Hopefully this will be the final check, please do the following:
    Download [You must be registered and logged in to see this link.]

    • Load SuperAntiSpyware and click the Check for updates button.
    • Once the update is finished click the Scan your computer button.
    • Check Perform Complete Scan and then next.
    • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
    • Make sure that they all have a check next to them and press next.
    • Click finish and you will be taken back to the main interface.
    • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
    • Copy and paste the log onto the forum.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Sat Nov 07, 2009 2:24 am

    I am unable to access my start menu because of the blue scree. Can I get to it from task manager somehow? I don't want to go any further with your instructions until I know I'm not going mess things up further. I know you guys have put alot of time into helping me with this, and i hate to sabotage it now!

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Sat Nov 07, 2009 7:38 pm

    Download WhoCrashed [You must be registered and logged in to see this link.]
    This program checks for any drivers which may have been causing your computer to crash....

    Click on the file you just downloaded and run it.
    Put a tick in Accept then click on Next
    Put a tick in the Don't create a start menu folder then click Next
    Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
    Click Analyze
    It will want to download the Debugger and install it Say Yes

    WhoCrashed will create report but you have to scroll down to see it
    Copy and paste it into your next reply


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Sat Nov 07, 2009 9:11 pm

    --------------------------------------------------------------------------------
    Analysis
    --------------------------------------------------------------------------------

    Crash dump directory: C:\WINDOWS\Minidump

    Crash dumps are enabled on your computer.


    No valid crash dumps have been found on your computer


    --------------------------------------------------------------------------------
    Conclusion
    --------------------------------------------------------------------------------

    Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Sat Nov 07, 2009 9:14 pm

    Run chkdsk:

    1. Right-click the Start button and select Explore (alternatively, hit WINDOWS key E on your keyboard).
    2. Using Windows Explorer, navigate to your C:\ drive, then right-click the drive and select Properties
    3. In the Properties window that pops up, click the Tools tab and then, under "Error-checking", click on the button that says Check Now...
    4. In the Check disk options window that pops up, place a checkmark in both boxes:

      • Automatically fix file system errors
      • Scan for and attempt recovery of bad sectors

  • Now click on Start in that window.
      A new window will pop up saying, "Windows can't check the disk while it's in use".

  • Click Yes to schedule the disk check.
  • Now shut down (do NOT restart!) your computer, and then turn your computer back on with its power button.
      When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.

  • Let chkdsk run through its five stages. When the utility finishes, Windows will boot to the Desktop.
    NOTE: Running chkdsk may take some time to complete. Please be patient and do NOT use the computer, press any keys, or try to stop the chkdsk scan once it has started!


  • ==

    Locate the chkdsk log and post it here:

    1. Click on Start, then click Run...
    2. Copy and paste the following text into the "Open:" box: eventvwr.msc /s
      NOTE there is a space between "eventvwr.msc" and "/s"!
    3. Click OK (or hit Enter).
        This will bring up the Event Viewer window.

  • In the left panel, click on Application
  • The chkdsk log should be the first entry, with a source of Winlogon
    NOTE: If it is not the first log, click on View, and then on Newest First: that should place the chkdsk log at the top of the list.
  • Click on the entry once.
  • Right-click on the entry and choose Properties
  • In the window that pops up, click on to copy the log.
  • Paste the log in a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Sun Nov 08, 2009 12:18 am

    I cannot find the log once i click the button to save it.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Sun Nov 08, 2009 11:15 pm

    OK. Did CHKDSK run completely?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Mon Nov 09, 2009 11:28 am

    Yes it ran completely.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Tue Nov 10, 2009 12:46 am

    Restore Permissions for explorer.exe

    Please download [You must be registered and logged in to see this link.] by sUBs

    1. Drag and drop explorer.exe onto Inherit
    2. This shall restore permissions to the application
    3. The application should now run normally
    Please indicate in your next post if this was successful.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Wed Nov 11, 2009 1:25 am

    It appears to be working fine. Still blue screen though.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by Dr Jay on Wed Nov 11, 2009 8:09 pm

    Please read the following: [url="http://www.cpusolutions.com/mm8004744CPU/HTML/Guides/memtest86.htm"]set up Memtest[/url], then download Memtest86+ from [url="http://www.memtest.org/#downiso"]here[/url].


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13714
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302072
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Blue screen of death.... sort of

    Post by chainz on Thu Nov 12, 2009 11:14 am

    Once i download the memtest i am unable to unzip the file.

    chainz
    Intermediate
    Intermediate

    Posts Posts : 83
    Joined Joined : 2009-10-04
    OS OS : xp
    Points Points : 26595
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Page 1 of 3 1, 2, 3  Next

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum