Internet Security 2010, BSOD

View previous topic View next topic Go down

Internet Security 2010, BSOD

Post by harrygiovanni on Fri Jan 29, 2010 11:14 pm

Well, here I am again. I don't understand, I keep everything fully updated. Oh well, a little bit of background....I can only run Windows in debugging mode, otherwise I get the blue screen of death before Windows loads. I ran Malware Bytes (and reinstalled it and ran it again), AVG, and Superanti-Spyware and have removed numerous trojans from my comp but I still get the BSOD when I try to run Windows in either normal or safe mode. Anyway, here's the hijack this log, thanks in advance

Here is the Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:17 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AIM7\aim.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Downloads\winlogon.scr
C:\Program Files\Last.fm\LastFM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 5439 bytes

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Sat Jan 30, 2010 5:57 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Sat Jan 30, 2010 10:54 pm

Here's the log. I should also mention clicking on google results takes me to irrelevant spam/search pages.

Malwarebytes' Anti-Malware 1.44
Database version: 3585
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/29/2010 7:30:29 PM
mbam-log-2010-01-29 (19-30-29).txt

Scan type: Quick Scan
Objects scanned: 122652
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Sun Jan 31, 2010 2:02 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Sun Jan 31, 2010 2:24 am

OTL logfile created on: 1/30/2010 9:19:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Harry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 134.40 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Harry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
PRC - [2009/12/14 00:55:36 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/12/12 09:22:00 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 09:22:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/16 20:52:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/16 03:11:52 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/16 03:11:51 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/16 03:11:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/16 03:11:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/08/21 20:57:14 | 000,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/04/15 03:20:38 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 00:55:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/11/16 20:52:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/16 03:11:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/16 03:11:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/08/21 20:57:14 | 000,487,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/08/21 20:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/09/03 18:21:26 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/04/04 13:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/08/01 09:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/16 03:12:06 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/16 03:12:06 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/16 03:12:05 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/19 21:24:55 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/04/08 14:37:12 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/27 16:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/02/20 21:05:38 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/11 02:23:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/21 21:07:39 | 002,417,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/07 10:52:48 | 000,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/07/16 03:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/06/09 12:16:44 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2004/04/29 17:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/07/16 15:42:18 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/10/01 13:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071303000006
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p="
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:23:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 20:12:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 20:12:35 | 000,000,000 | ---D | M]

[2009/09/05 09:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Extensions
[2009/09/05 09:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/14 03:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions
[2009/03/20 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions\moveplayer@movenetworks.com
[2010/01/29 03:34:27 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\searchplugins\amazondotcom.xml
[2009/03/31 23:49:39 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\searchplugins\ebay.xml
[2010/01/29 03:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/09/17 14:07:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/11/16 17:29:53 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Harry\My Documents\My Pictures\samhain.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harry\My Documents\My Pictures\samhain.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 23:55:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/30 21:14:09 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
[2010/01/17 03:37:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/17 03:37:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/17 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 02:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\Lifetime - 1995 - hello bastards
[2010/01/14 02:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\Lifetime - 1993 - background
[2010/01/12 05:19:49 | 000,000,000 | ---D | C] -- C:\quake
[2010/01/12 02:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/01/12 02:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/10 21:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\Application Data\Skype
[2010/01/10 21:08:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/01/02 02:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\World Demise
[2009/11/16 03:08:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/05/06 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/05/06 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/01/21 04:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/09/21 15:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2005/04/06 00:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/04/05 14:26:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Harry\My Documents\*.tmp files -> C:\Documents and Settings\Harry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
[2010/01/30 21:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\zoeahybq.job
[2010/01/30 20:48:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 20:47:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 20:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 20:45:27 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Harry\NTUSER.DAT
[2010/01/30 20:45:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Harry\ntuser.ini
[2010/01/30 20:29:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004UA.job
[2010/01/30 17:28:28 | 054,897,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/30 10:29:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004Core.job
[2010/01/29 04:33:35 | 000,021,931 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000602.jpg
[2010/01/29 04:33:34 | 000,022,843 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000603.jpg
[2010/01/29 04:30:07 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Google Chrome.lnk
[2010/01/29 04:14:55 | 000,021,124 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000597.jpg
[2010/01/29 04:08:26 | 000,025,416 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\oaaaa.JPG
[2010/01/29 04:06:58 | 000,025,417 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\nigga.jpg
[2010/01/28 18:13:51 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 14:18:11 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\Harry Skoyles - Resume.doc
[2010/01/19 01:23:18 | 002,711,204 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\06 Bloody Red Eyes.mp3
[2010/01/18 17:39:53 | 005,616,864 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\07 - Legion.mp3
[2010/01/18 17:38:49 | 001,983,773 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Carry On - 02 Waiting On Forever (A Life Less Plagued).mp3
[2010/01/17 03:37:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 22:03:52 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 04:38:26 | 000,091,204 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327276_26ea9fe423.jpg
[2010/01/16 04:38:21 | 000,093,538 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327248_f60992cfba.jpg
[2010/01/16 04:38:12 | 000,092,893 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327190_ffb337fe2b.jpg
[2010/01/16 04:38:06 | 000,066,429 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327176_059ed33a1d.jpg
[2010/01/16 04:37:29 | 000,093,371 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326988_19bf348923.jpg
[2010/01/16 04:37:12 | 000,117,373 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4277580119_faacfc1996.jpg
[2010/01/16 04:37:02 | 000,120,348 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326896_5748999573.jpg
[2010/01/16 04:36:41 | 000,085,938 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326828_f52738b04b.jpg
[2010/01/16 04:36:17 | 000,098,429 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4277579949_2a1a9de8f8.jpg
[2010/01/16 03:52:25 | 000,001,031 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/16 03:52:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/16 03:52:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/16 02:46:28 | 000,121,856 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/15 19:59:53 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/15 19:58:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 18:57:18 | 000,138,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/14 18:56:56 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/14 18:56:56 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/01/14 02:20:23 | 000,075,425 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Photo on 2010-01-14 at 02.18 #3.jpg
[2010/01/13 22:48:46 | 002,866,342 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\049.JPG
[2010/01/13 22:48:39 | 003,143,860 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\041.JPG
[2010/01/13 22:30:28 | 000,017,356 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\fuck.JPG
[2010/01/13 21:20:52 | 000,064,158 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\18459_660426073801_11003178_38645203_1228959_n.jpg
[2010/01/12 02:51:29 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/10 22:05:13 | 000,060,318 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\1124090429.jpg
[2010/01/10 19:13:38 | 000,046,887 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0129.JPG
[2010/01/10 19:13:34 | 000,038,535 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0109.JPG
[2010/01/10 19:13:31 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0156.JPG
[2010/01/10 19:13:27 | 000,041,153 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0151.JPG
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/02 01:24:19 | 000,921,654 | ---- | M] () -- C:\Snap.bmp
[2010/01/02 01:24:18 | 000,460,800 | ---- | M] () -- C:\WINDOWS\snap.dat
[2010/01/02 00:59:25 | 000,051,961 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0095.JPG
[2010/01/02 00:54:56 | 000,033,751 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_13.jpg
[2010/01/02 00:53:38 | 000,029,484 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_9.jpg
[2010/01/02 00:53:07 | 000,032,766 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_7.jpg
[2010/01/02 00:46:40 | 000,028,280 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_1.jpg
[2010/01/02 00:46:29 | 000,032,847 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Harry\My Documents\*.tmp files -> C:\Documents and Settings\Harry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 19:23:13 | 009,056,986 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\02 Like Knives.mp3
[2010/01/29 04:34:26 | 000,021,931 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000602.jpg
[2010/01/29 04:34:19 | 000,022,843 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000603.jpg
[2010/01/29 04:16:06 | 000,021,124 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000597.jpg
[2010/01/29 04:08:26 | 000,025,416 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\oaaaa.JPG
[2010/01/29 04:06:58 | 000,025,417 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\nigga.jpg
[2010/01/19 01:21:08 | 002,711,204 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\06 Bloody Red Eyes.mp3
[2010/01/18 17:38:11 | 005,616,864 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\07 - Legion.mp3
[2010/01/18 17:37:33 | 001,983,773 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Carry On - 02 Waiting On Forever (A Life Less Plagued).mp3
[2010/01/17 03:37:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 04:38:25 | 000,091,204 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327276_26ea9fe423.jpg
[2010/01/16 04:38:20 | 000,093,538 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327248_f60992cfba.jpg
[2010/01/16 04:38:11 | 000,092,893 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327190_ffb337fe2b.jpg
[2010/01/16 04:38:05 | 000,066,429 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327176_059ed33a1d.jpg
[2010/01/16 04:37:29 | 000,093,371 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326988_19bf348923.jpg
[2010/01/16 04:37:12 | 000,117,373 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4277580119_faacfc1996.jpg
[2010/01/16 04:37:02 | 000,120,348 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326896_5748999573.jpg
[2010/01/16 04:36:41 | 000,085,938 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326828_f52738b04b.jpg
[2010/01/16 04:36:17 | 000,098,429 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4277579949_2a1a9de8f8.jpg
[2010/01/16 02:46:27 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/15 19:59:53 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/14 02:20:28 | 000,075,425 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Photo on 2010-01-14 at 02.18 #3.jpg
[2010/01/13 22:48:46 | 002,866,342 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\049.JPG
[2010/01/13 22:48:39 | 003,143,860 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\041.JPG
[2010/01/13 22:30:28 | 000,017,356 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\fuck.JPG
[2010/01/13 21:20:52 | 000,064,158 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\18459_660426073801_11003178_38645203_1228959_n.jpg
[2010/01/12 02:51:29 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/10 22:05:13 | 000,060,318 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\1124090429.jpg
[2010/01/10 19:13:37 | 000,046,887 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0129.JPG
[2010/01/10 19:13:34 | 000,038,535 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0109.JPG
[2010/01/10 19:13:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0156.JPG
[2010/01/10 19:13:27 | 000,041,153 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0151.JPG
[2010/01/02 00:59:24 | 000,051,961 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0095.JPG
[2010/01/02 00:56:23 | 000,033,751 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_13.jpg
[2010/01/02 00:55:40 | 000,029,484 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_9.jpg
[2010/01/02 00:55:22 | 000,032,766 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_7.jpg
[2010/01/02 00:49:56 | 000,028,280 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_1.jpg
[2010/01/02 00:49:32 | 000,032,847 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101.jpg
[2009/03/31 17:35:59 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2009/03/31 17:35:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2009/03/31 17:35:59 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2008/04/08 10:55:24 | 000,000,177 | ---- | C] () -- C:\WINDOWS\track.INI
[2008/02/20 21:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/20 21:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/02/20 21:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/20 21:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/05 21:22:28 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/05 21:22:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Harry\Application Data\PnkBstrK.sys
[2008/02/04 21:57:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/05/29 01:21:55 | 000,000,634 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/03/26 06:21:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/12/14 19:01:40 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\SearchResults.wpl
[2006/10/22 16:04:13 | 000,017,921 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/07/02 21:21:03 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2006/02/13 03:43:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2006/01/31 00:13:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\fusioncache.dat
[2005/12/05 20:21:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/21 15:21:05 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/10/28 11:47:26 | 000,000,704 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/26 22:57:44 | 000,000,555 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2005/10/09 00:25:52 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/25 03:00:49 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/08/18 02:05:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2005/07/09 00:22:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2005/07/06 02:15:39 | 000,000,628 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/23 02:08:01 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/19 22:15:18 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/11 16:47:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/05 17:59:25 | 000,000,285 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/05 14:26:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/04/05 14:26:21 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/04/05 14:26:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/04/05 14:26:20 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/04/05 14:26:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/04/05 14:26:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
< End of report >

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Sun Jan 31, 2010 2:24 am

OTL Extras logfile created on: 1/30/2010 9:19:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Harry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 134.40 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Harry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" = C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Disabled:MSN Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- (Last.fm)
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Documents and Settings\Harry\My Documents\TM2.EXE" = C:\Documents and Settings\Harry\My Documents\TM2.EXE:*:Enabled:Twisted Metal 2 -- (Sony Computer Entertainment America Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\SIERRA\SODA\offroad.exe" = C:\SIERRA\SODA\offroad.exe:*:Enabled:offroad -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 mp3 to wav converter_is1" = #1 mp3 to wav converter 1.5.07
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center
"{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{936FC286-71F9-11D8-B9BF-00E018FAA1E4}" = USB PC Camera
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Carmageddon 2 Carpocalypse Now" = Carmageddon 2 Carpocalypse Now
"CaseLinrV55" = CaseLinr 5.5
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"Dell AIO Printer A920" = Dell AIO Printer A920
"DukesterX 1.5_is1" = DukesterX 1.5.1
"EOS Utility" = Canon Utilities EOS Utility
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JFDuke3D" = JFDuke3D 20051009
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoStitch" = Canon Utilities PhotoStitch
"Postal Classic & Uncut" = Postal Classic & Uncut
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek" = SoulSeek Client 156c
"Steam App 10" = Counter-Strike
"UnityWebPlayer" = Unity Web Player
"VDMSound" = VDMSound
"vwfvrvuzxd" = RON Tool Netupbanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 4:43:38 AM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2009 7:29:25 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 8:29:24 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 9:29:24 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 10:29:25 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 11:29:23 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 12:29:24 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 1:29:25 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 2:29:24 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 1/11/2010 3:27:56 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application winrott_full_v1.25.exe, version 1.2.2.0, faulting
module winrott_full_v1.25.exe, version 1.2.2.0, fault address 0x000e8538.

[ System Events ]
Error - 1/29/2010 7:13:07 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/29/2010 10:57:20 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 4:05:35 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 6:59:20 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/30/2010 9:48:52 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sptd

Error - 1/30/2010 10:00:34 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}


< End of report >

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Sun Jan 31, 2010 8:03 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/01/30 21:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\zoeahybq.job
    [2010/01/16 02:46:28 | 000,121,856 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/15 19:59:53 | 000,000,001 | ---- | M] () -- C:\s


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Sun Jan 31, 2010 11:37 pm

That seems to have taken care of the spam redirection from clicking Google results. BSOD in normal/safe mode still though, in case that's something you need to know.

========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\tasks\zoeahybq.job moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\s moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 01312010_183705

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Mon Feb 01, 2010 12:37 am

Does the BSOD give you any information?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Mon Feb 01, 2010 12:54 am

I transcribed the message:

If this screen appears again, follow these steps.

Disable or uninstall any anti-virus, disk degragmenting or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run chkdsk /F to check for hard disk corruption, and then restart your computer.

Technical info

*** STOP: 0x00000024 (0x001902FE, 0xF7C9B3D4, 0xF7C9B0D0, Ox86681805)

I had not run a chkdsk because for a while I was struggling to even do simple tasks while the virus was at its worst. If this is unfixable, no worries, since I can appear to do everything I need to do in debugging mode, and a new computer isn't far in the future.

edit: it looks like I'm still being redirected to spam sites from Google results, but only when I use Chrome (I was using firefox earlier). I'm gonna try to reinstall.

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Wed Feb 03, 2010 1:08 am

bump

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Wed Feb 03, 2010 1:11 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Wed Feb 03, 2010 2:32 am

no more BSOD on startup, and google search results are no longer redirecting!

ComboFix 10-02-02.02 - Harry 02/02/2010 21:05:57.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.610 [GMT -5]
Running from: c:\documents and settings\Harry\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\120.SCR
C:\230.SCR
C:\410.SCR
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\desktop
c:\windows\desktop\pldecal.wad
c:\windows\hip
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-01 09:29 . 2010-02-01 09:29 -------- d-----w- c:\program files\AGD Interactive
2010-01-31 23:37 . 2010-01-31 23:37 -------- d-----w- C:\_OTL
2010-01-17 08:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 08:37 . 2010-01-17 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 08:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 00:57 . 2010-01-16 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-14 10:17 . 2010-01-14 10:17 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2010-01-12 10:19 . 2010-01-12 10:31 -------- d-----w- C:\quake
2010-01-12 07:58 . 2010-01-12 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-01-12 07:51 . 2010-01-12 07:51 -------- d-----w- c:\program files\Common Files\Skype
2010-01-11 02:09 . 2010-01-18 06:11 -------- d-----w- c:\documents and settings\Harry\Application Data\Skype
2010-01-11 02:08 . 2010-01-12 07:51 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 07:00 . 2008-05-01 08:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 23:41 . 2006-11-29 00:20 -------- d-----w- c:\program files\DOSBox-0.65
2010-02-01 09:39 . 2008-12-09 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 09:23 . 2009-06-10 23:30 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-18 06:11 . 2008-11-07 09:58 -------- d-----w- c:\documents and settings\Harry\Application Data\skypePM
2010-01-17 03:14 . 2007-10-01 02:22 -------- d-----w- c:\documents and settings\Harry\Application Data\ZoomBrowser EX
2010-01-17 03:02 . 2007-07-14 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-01-16 08:00 . 2009-03-27 13:50 -------- d-----w- c:\program files\Steam
2010-01-14 23:57 . 2008-02-06 02:22 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 23:56 . 2008-02-06 02:20 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-12 08:00 . 2006-08-03 04:36 -------- d-----w- c:\program files\Last.fm
2010-01-12 07:51 . 2008-11-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-02 06:24 . 2005-07-13 06:32 460800 ----a-w- c:\windows\snap.dat
2009-12-14 05:55 . 2008-02-06 02:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-14 05:26 . 2009-12-14 05:26 -------- d-----w- c:\documents and settings\Harry\Application Data\id Software
2009-12-14 05:26 . 2009-12-14 05:26 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-14 05:26 . 2009-12-14 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-11-17 01:52 . 2008-12-10 01:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 08:12 . 2009-11-16 08:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 08:12 . 2009-11-16 08:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-16 08:12 . 2009-11-16 08:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-16 08:12 . 2009-11-16 08:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-16 08:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk
backup=c:\windows\pss\SnapDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Harry^Start Menu^Programs^Startup^Deewoo.lnk]
path=c:\documents and settings\Harry\Start Menu\Programs\Startup\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Harry^Start Menu^Programs^Startup^DW_Start.lnk]
path=c:\documents and settings\Harry\Start Menu\Programs\Startup\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-18 16:40 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2003-08-01 15:31 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2009-12-31 14:37 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 14:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2006-04-02 05:12 144896 ----a-w- c:\program files\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-11 14:19 133104 ----atw- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-03 23:21 274432 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 16:51 60928 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 00:15 290816 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-09-16 13:55 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
2002-12-16 20:51 36864 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-29 23:20 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-17 01:52 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-28 21:43 1830128 ------w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 22:28 155648 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Harry\\My Documents\\TM2.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Documents and Settings\\Harry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Harry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2009 3:12 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2009 3:12 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/16/2009 3:11 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/16/2009 3:11 AM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
S0 ufsb;ufsb;c:\windows\system32\drivers\mlvecajq.sys --> c:\windows\system32\drivers\mlvecajq.sys [?]
S3 XIRLINK;Dsc Pro Digital Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/27/2009 4:04 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004Core.job
- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 14:19]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004UA.job
- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 14:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
FF - ProfilePath - c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Harry\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
AddRemove-CaseLinrV55 - c:\program files\CaseLinr\DeIsL1.isu
AddRemove-Dell AIO Printer A920 - c:\windows\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE
AddRemove-HijackThis - c:\documents and settings\Harry\My Documents\My Music\iTunes\iTunes Music\HijackThis.exe
AddRemove-vwfvrvuzxd - c:\windows\system32\vwfvrvuzxd.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-02 21:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-02 21:31:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 02:30

Pre-Run: 143,349,297,152 bytes free
Post-Run: 144,210,538,496 bytes free

- - End Of File - - 0FA0574F0E36079A3F6D1E0308A0FE60

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Wed Feb 03, 2010 7:49 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    ufsb



  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Wed Feb 03, 2010 8:35 pm

========== SERVICES/DRIVERS ==========
Service ufsb stopped successfully!
Service ufsb deleted successfully!

OTM by OldTimer - Version 3.1.7.1 log created on 02032010_153502

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Wed Feb 03, 2010 9:26 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Wed Feb 03, 2010 9:48 pm

It's running great. No BSOD, spam sites, etc. Anything else I should do, like a MBAM scan?

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by Belahzur on Thu Feb 04, 2010 12:35 am

Yes, do one more MBAM scan before we put the lid on this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010, BSOD

Post by harrygiovanni on Thu Feb 04, 2010 12:49 am

No malicious items detected. Thanks for all your help Belahzur (again)

harrygiovanni
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2008-12-09
OS OS : Windows 7
Points Points : 29613
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum