TheTechGuide Forum
General Category => Tech Clinic => Topic started by: dirtybagtwb on April 18, 2010, 07:16:18 PM
-
I am having issues with what i beleive is my raid controller,i have a 160g hard drive but only half is useable.I also have H.D.D.smart capabilities enabled any sugestions?i have submited a Hijack log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:11 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7960 bytes
-
Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.
- Close all windows and double click on OTL.exe to run it
- Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
- You may need to use two posts to get it all.
NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
-
here are the logs u requested......i had to upload them let me know if u didnt receive all of them.
OTL logfile created on: 4/18/2010 8:04:38 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Troy\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 37.84 Gb Free Space | 24.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEMESIS
Current User Name: Troy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/04/18 19:39:52 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\My Documents\My Downloads\OTL.exe
PRC - [2010/04/14 17:16:37 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/31 17:16:42 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2005/04/29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/04/29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/04/29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/11/15 02:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/04/18 19:39:52 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\My Documents\My Downloads\OTL.exe
MOD - [2008/12/26 00:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/26 00:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)
SRV - [2010/04/14 17:16:37 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/11 17:26:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/20 12:33:06 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/04/29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/04/29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/04/17 16:57:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/17 16:57:04 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/04/17 00:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100418.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/17 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/17 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/17 00:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100418.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/05 18:55:08 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/20 12:33:07 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/20 12:33:07 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/20 12:33:07 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/20 12:33:07 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/20 12:33:07 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/20 12:33:07 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/01/20 12:33:07 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/01/20 12:33:06 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/20 12:32:56 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/01/20 12:32:56 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/06/17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 08:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/12/26 00:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/02/14 20:03:08 | 000,068,922 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/12/06 10:12:08 | 001,355,456 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2005/05/17 01:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/05 11:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 11:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/04/05 11:22:20 | 000,100,096 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)
DRV - [2005/01/31 18:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/11/17 03:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/14 01:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/10/08 04:01:47 | 000,057,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid) NVIDIA NForce(tm)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/12 18:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/05/14 14:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 14:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 14:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 14:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O1 HOSTS File: ([2004/10/08 04:01:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\") (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\") (Shockwave ActiveX Control)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\") (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab\") (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab\") (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab\") (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\") (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.165.131.12 209.165.131.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/09 15:48:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{510929ec-df41-11dd-8467-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{510929ec-df41-11dd-8467-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{510929ec-df41-11dd-8467-806d6172696f}\Shell\AutoRun\command - "" = E:\ASUSACPI.exe -- File not found
O33 - MountPoints2\{ee738f4c-df94-11dd-a78a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ee738f4c-df94-11dd-a78a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee738f4c-df94-11dd-a78a-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/10 10:09:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: nTrayFw - hkey= - key= - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
MsConfig - StartUpReg: tbiaflyr - hkey= - key= - C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/04/18 17:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\Turbine
[2010/04/17 16:57:24 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symtdi.sys
[2010/04/17 16:57:23 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymEFA.sys
[2010/04/17 16:57:23 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtsp.sys
[2010/04/17 16:57:23 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\BHDrvx86.sys
[2010/04/17 16:57:23 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symfw.sys
[2010/04/17 16:57:23 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symndisv.sys
[2010/04/17 16:57:23 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtspx.sys
[2010/04/17 16:57:23 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symndis.sys
[2010/04/17 16:57:23 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symids.sys
[2010/04/17 16:57:04 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\cchpx86.sys
[2010/04/17 16:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1008000.029
[2010/04/17 12:05:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/17 11:14:33 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/04/17 08:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\My Documents\Adobe
[2010/04/16 22:28:07 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/04/16 22:28:01 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/16 22:28:01 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/16 22:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/16 22:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/04/16 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/16 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/04/16 22:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/11 17:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
[2010/04/11 17:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/11 17:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/07 21:23:58 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/04/01 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ
[2010/04/01 21:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OptiTex
[2010/04/01 21:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\DAZ 3D
[2010/04/01 21:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\My Documents\DAZ 3D
[2010/04/01 21:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ
[2010/04/01 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2010/03/24 13:25:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/01 17:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/04/12 11:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/04/12 11:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/04/12 11:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/01 10:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/09 15:55:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/11/09 15:51:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/11/09 15:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/04/18 19:55:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/18 19:54:23 | 000,198,248 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/18 19:54:20 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/18 19:53:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/18 19:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/18 19:29:39 | 000,137,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/18 17:47:50 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\Troy\default.pls
[2010/04/18 17:46:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/18 17:45:59 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 17:11:37 | 000,016,640 | ---- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/18 16:49:49 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Troy\NTUSER.DAT
[2010/04/18 16:19:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\HijackThis.lnk
[2010/04/18 11:19:08 | 004,324,492 | -H-- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\IconCache.db
[2010/04/18 10:29:34 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Emerald Viewer.lnk
[2010/04/18 10:01:57 | 000,655,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\Cat.DB
[2010/04/18 10:01:15 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton AntiVirus.lnk
[2010/04/17 16:57:24 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/17 16:57:24 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/17 16:57:24 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/17 16:57:24 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/17 16:57:04 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1008000.029\cchpx86.sys
[2010/04/17 16:57:02 | 000,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symnetv.cat
[2010/04/17 16:57:02 | 000,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymNetV.inf
[2010/04/17 16:57:02 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\isolate.ini
[2010/04/17 16:24:56 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/17 16:24:56 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/17 16:24:56 | 000,000,220 | -HS- | M] () -- C:\boot. ini
[2010/04/17 16:08:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Troy\ntuser.ini
[2010/04/14 19:41:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 05:00:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus.job
[2010/04/11 17:25:33 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/04/03 16:06:34 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MorphVOX Pro.lnk
[2010/04/01 21:29:51 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DAZ Studio 3.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/04/18 16:19:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\HijackThis.lnk
[2010/04/18 10:01:48 | 000,655,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\Cat.DB
[2010/04/17 16:57:24 | 000,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymNet.inf
[2010/04/17 16:57:23 | 000,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymNet.cat
[2010/04/17 16:57:23 | 000,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymEFA.cat
[2010/04/17 16:57:23 | 000,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtspx.cat
[2010/04/17 16:57:23 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtsp.cat
[2010/04/17 16:57:23 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\ccHPx86.cat
[2010/04/17 16:57:23 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymEFA.inf
[2010/04/17 16:57:23 | 000,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\ccHPx86.inf
[2010/04/17 16:57:23 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtspx.inf
[2010/04/17 16:57:23 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\srtsp.inf
[2010/04/17 16:57:22 | 000,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\BHDrvx86.CAT
[2010/04/17 16:57:22 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\BHDrvx86.inf
[2010/04/17 16:57:02 | 000,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\symnetv.cat
[2010/04/17 16:57:02 | 000,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\SymNetV.inf
[2010/04/17 16:57:02 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1008000.029\isolate.ini
[2010/04/16 22:28:01 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/16 22:28:01 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/16 22:27:57 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton AntiVirus.lnk
[2010/04/11 17:25:33 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/04/03 16:06:31 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MorphVOX Pro.lnk
[2010/04/01 21:29:51 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DAZ Studio 3.lnk
[2009/12/19 01:43:43 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/09/23 14:21:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/22 16:46:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2009/09/22 16:46:49 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/29 20:30:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2009/07/29 20:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2009/07/29 20:03:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2009/02/03 14:28:48 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\Troy\default.pls
[2009/02/03 14:18:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/14 19:46:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\fusioncache.dat
[2009/01/13 11:13:08 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/01/11 18:30:34 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/11 17:33:14 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 20:24:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/01/10 20:24:57 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/01/10 20:23:37 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2009/01/10 20:23:09 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009/01/10 20:02:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/10 20:02:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/01/10 19:52:20 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/01/10 19:51:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/01/10 19:51:44 | 000,006,427 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/01/10 19:51:41 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/01/10 19:42:08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Troy\ntuser.dat.LOG
[2009/01/10 19:42:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Troy\ntuser.ini
[2009/01/10 19:42:07 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\Troy\NTUSER.DAT
[2008/11/04 12:35:38 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 12:35:37 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 12:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 12:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 12:35:28 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2004/10/15 10:10:04 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/10/08 04:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[color=\"#E56717\"]========== Custom Scans ==========[/color]
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/10/08 04:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/10 21:20:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/10 21:20:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/10/08 04:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/10 21:20:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/10 21:20:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/10/08 04:01:47 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/10/08 04:01:47 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[color=\"#A23BEC\"]< MD5 for: IASTOR.SYS >[/color]
[2004/10/08 04:01:47 | 000,465,280 | ---- | M] (Intel Corporation) MD5=C69AA55D8D357CF0692563AB2D43E81B -- C:\DRIVERS\006_storage\intel\sataraid\iastor.sys
[color=\"#A23BEC\"]< MD5 for: IDECHNDR.SYS >[/color]
[2004/10/08 04:01:47 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\DRIVERS\006_storage\intel\eide\IdeChnDr.sys
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/10/08 04:01:47 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[color=\"#A23BEC\"]< MD5 for: NVATA.SYS >[/color]
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\sata_ide\nvata.sys
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sata_ide\nvata.sys
[2005/05/17 01:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005/05/17 01:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvata.sys
[2005/05/17 01:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvata.sys
[2005/05/17 01:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\nvata.sys
[color=\"#A23BEC\"]< MD5 for: NVATABUS.SYS >[/color]
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\legacy\nvatabus.sys
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\sataraid\nvatabus.sys
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\legacy\nvatabus.sys
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\sataraid\nvatabus.sys
[2004/10/08 04:01:47 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=06F86506555644CBA020CD2CFFE28668 -- C:\DRIVERS\006_storage\nvidia\eide\NvAtaBus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sataraid\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\legacy\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sataraid\nvatabus.sys
[color=\"#A23BEC\"]< MD5 for: NVGTS.SYS >[/color]
[2008/01/17 11:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=1F790624AB1619CAE0C78597BD33615B -- C:\NVIDIA\nForceWin2k\9.64\English\IDE\WinXP\sata_ide\nvgts.sys
[2008/01/17 11:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=1F790624AB1619CAE0C78597BD33615B -- C:\NVIDIA\nForceWin2k\9.64\English\IDE\WinXP\sataraid\nvgts.sys
[2008/08/18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sataraid\nvgts.sys
[2008/08/18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sata_ide\nvgts.sys
[color=\"#A23BEC\"]< MD5 for: NVRD32.SYS >[/color]
[2008/01/17 11:51:24 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=3802044AD8385654C620488DA8C9F0D9 -- C:\NVIDIA\nForceWin2k\9.64\English\IDE\WinXP\sataraid\nvrd32.sys
[2008/08/18 19:54:00 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=BEF704AA9E17D176A46DDF77C6A52194 -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sataraid\nvrd32.sys
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/10/08 04:01:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[color=\"#A23BEC\"]< MD5 for: SYMMPI.SYS >[/color]
[2004/10/08 04:01:47 | 000,041,856 | ---- | M] (LSI Logic) MD5=3ADFFB39782474652F4EA2CF1345B340 -- C:\DRIVERS\006_storage\lsilogic\symmpi\symmpi.sys
[color=\"#A23BEC\"]< MD5 for: VIASRAID.SYS >[/color]
[2004/10/08 04:01:47 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\DRIVERS\006_storage\via\sataraid\viasraid.sys
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2009/01/10 10:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/10 10:15:06 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/10 10:15:06 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[color=\"#A23BEC\"]< >[/color]
[color=\"#A23BEC\"]< >[/color]
< End of report >
OTL Extras logfile created on: 4/18/2010 8:04:38 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Troy\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 37.84 Gb Free Space | 24.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEMESIS
Current User Name: Troy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\GameSpy\Comrade\Comrade.exe" = C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- (IGN Entertainment Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\Emerald Viewer\SLVoice.exe" = C:\Program Files\Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = Emerald Viewer 1.23.5.1632
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(tm) 6 Update 17
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{47499FAF-B116-4b14-B07F-DB2C3087A06C}" = D4200_Help
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{6391F69F-8443-472D-A0D7-1C8C33FE1033}" = Nero 7 Essentials
"{71F8C486-8A1
-
Please print these instructions or save them to a text file on desktop
Some malware installed has changed your Proxy server settings, I want to ensure you know how to set them if you can't get online afterwards
Double click on OTL.exe and Run it- Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe File not found
MsConfig - StartUpReg: tbiaflyr - hkey= - key= - C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe File not found
:Reg
:Files
C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd
:Commands
[EmptyTemp]
[Reboot]
- Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
- Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
NOTE: If you are having trouble connecting to the Internet with Internet Explorer please ensure the following is set
In Internet Explorer. Click on the Tools menu and then select Internet Options.
In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
In addition:
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
-
[quote name=\'guestolo\' post=\'468956\' date=\'Apr 18 2010, 09:00 PM\']Please print these instructions or save them to a text file on desktop
Some malware installed has changed your Proxy server settings, I want to ensure you know how to set them if you can't get online afterwards
Double click on OTL.exe and Run it- Under the [color=\"#0000ff\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
- Then click the [color=\"#ff0000\"]Run Fix[/color] button at the top
- Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
NOTE: If you are having trouble connecting to the Internet with Internet Explorer please ensure the following is set
In Internet Explorer. Click on the Tools menu and then select Internet Options.
In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
In addition:
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/quote]
I couldnt run OTL run fix as u requested the blue screen of death reared its ugly head and unfortunantly it skiped by so fast i couldnt tell u what it said,i did however run the MBAM and here is the log for that i will run Hijack again and post it as soon as its done.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org (http://\"http://www.malwarebytes.org\")
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/19/2010 8:18:45 PM
mbam-log-2010-04-19 (20-18-45).txt
Scan type: Quick scan
Objects scanned: 222208
Time elapsed: 1 hour(s), 33 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Did you try the fix with OTL only once?
If so, please try it again, can you get into safe mode and run it?
Your database version of Malwarebytes Antimalware is very outdated, did you have problems updating?
You must keep me informed
Please try updating Malwarebytes again as instructed
Don't bother running the scan if you can't update
-
[quote name=\'dirtybagtwb\' post=\'468980\' date=\'Apr 19 2010, 08:24 PM\']I couldnt run OTL run fix as u requested the blue screen of death reared its ugly head and unfortunantly it skiped by so fast i couldnt tell u what it said,i did however run the MBAM and here is the log for that i will run Hijack again and post it as soon as its done.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org (http://\"http://www.malwarebytes.org\")
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/19/2010 8:18:45 PM
mbam-log-2010-04-19 (20-18-45).txt
Scan type: Quick scan
Objects scanned: 222208
Time elapsed: 1 hour(s), 33 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)[/quote]
well i tried running OTL one more time with your quote pasted in and the blue screen of death showed up again although this time i was able to write down what it said.
IRQL_NOT_LESS_OR_EQUAL
STOP:0x0000000A(0x0000BA33,0x00000002,0x00000001,0x806E6A8E
not sure if it means anything to u but thought i would include it anyway.
also here is the Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:57 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7715 bytes
-
Malwarebytes AntiMalware was very outdated, did you have problems updating it?
-
[quote name=\'dirtybagtwb\' post=\'468982\' date=\'Apr 19 2010, 08:39 PM\']well i tried running OTL one more time with your quote pasted in and the blue screen of death showed up again although this time i was able to write down what it said.
IRQL_NOT_LESS_OR_EQUAL
STOP:0x0000000A(0x0000BA33,0x00000002,0x00000001,0x806E6A8E
not sure if it means anything to u but thought i would include it anyway.
also here is the Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:57 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7715 bytes[/quote]
I did try the OTL several times with the same result
and my Malware did update
i assumed it was complete.
-
Do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
In Internet Explorer. Click on the Tools menu and then select Internet Options.
In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN if it's checked, under the Proxy Server section and press OK.
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe (http://\"http://oldtimer.geekstogo.com/TFC.exe\")
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
Important! If TFC prompts you to reboot, please do so immediately.
Reopen Malwarebytes AntiMalware and click on the UPDATE tab
Your current version of database is [color=\"#2E8B57\"]Database version: 3930[/color]
I just updated, as of now I'm at [color=\"#2E8B57\"]Database version: 4011[/color]
At minimum, you should be at least to that update
Click the UPDATE tab and check for Updates, recheck for updates till you have them all
Then try running another Quick Scan and post the new log
In addition, Post back with another fresh Hijackthis log
-
[quote name=\'guestolo\' post=\'468985\' date=\'Apr 19 2010, 08:50 PM\']Do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [tbiaflyr] C:\Documents and Settings\Troy\Local Settings\Application Data\twarmcyjd\qbxnrwetssd.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
In Internet Explorer. Click on the Tools menu and then select Internet Options.
In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN if it's checked, under the Proxy Server section and press OK.
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe (http://\"http://oldtimer.geekstogo.com/TFC.exe\")
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
Important! If TFC prompts you to reboot, please do so immediately.
Reopen Malwarebytes AntiMalware and click on the UPDATE tab
Your current version of database is [color=\"#2e8b57\"]Database version: 3930[/color]
I just updated, as of now I'm at [color=\"#2e8b57\"]Database version: 4011[/color]
At minimum, you should be at least to that update
Click the UPDATE tab and check for Updates, recheck for updates till you have them all
Then try running another Quick Scan and post the new log
In addition, Post back with another fresh Hijackthis log[/quote]
ok.. i WAS able to run OTL in safe mode without any trouble getting back online.I updated to the correct version of MALware and will run it again and try to post it first thing in the morning.the quick scan takes almost 2 hours and i have to work in the morning,i do appreciate all your help though. I havent tried your other suggestions yet but im working on them as we type. i did however check to make sure detect proxy WAS unchecked in the LAN tab.
-
[quote name=\'dirtybagtwb\' post=\'468986\' date=\'Apr 19 2010, 09:16 PM\']ok.. i WAS able to run OTL in safe mode without any trouble getting back online.I updated to the correct version of MALware and will run it again and try to post it first thing in the morning.the quick scan takes almost 2 hours and i have to work in the morning,i do appreciate all your help though. I havent tried your other suggestions yet but im working on them as we type. i did however check to make sure detect proxy WAS unchecked in the LAN tab.[/quote]
ok... i ran Hijack this like u asked and couldnt find any of those entries.I did create a log and ill post it here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:02 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7259 bytes
-
[quote name=\'dirtybagtwb\' post=\'468987\' date=\'Apr 19 2010, 09:27 PM\']ok... i ran Hijack this like u asked and couldnt find any of those entries.I did create a log and ill post it here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:02 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7259 bytes[/quote]
i have also ran TFC.exe but i had to run it in safe and it didnt ask me to roboot and no log ,i hope thats ok.
-
[quote name=\'dirtybagtwb\' post=\'468988\' date=\'Apr 19 2010, 09:45 PM\']i have also ran TFC.exe but i had to run it in safe and it didnt ask me to roboot and no log ,i hope thats ok.[/quote]
here are the results of my updated Malware scan.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org (http://\"http://www.malwarebytes.org\")
Database version: 4011
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/20/2010 7:26:51 AM
mbam-log-2010-04-20 (07-26-51).txt
Scan type: Quick scan
Objects scanned: 165289
Time elapsed: 40 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and here is a new Hijack log......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:33 AM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7416 bytes
-
[quote name=\'dirtybagtwb\' post=\'468992\' date=\'Apr 20 2010, 07:28 AM\']here are the results of my updated Malware scan.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org (http://\"http://www.malwarebytes.org\")
Database version: 4011
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/20/2010 7:26:51 AM
mbam-log-2010-04-20 (07-26-51).txt
Scan type: Quick scan
Objects scanned: 165289
Time elapsed: 40 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and here is a new Hijack log......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:33 AM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab (http://\"http://support.asus.com/common/asusTek_sys_ctrl.cab\")
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab (http://\"http://imlive.com/chatsource/ImlCID.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7416 bytes[/quote]
well, things seem to be a bit better i was able to run all the things u asked me to except for the OTL runfix i reran Malware and posted the log this morning but i still have the original problem with half my harddrive unusable.please let me know if u need anything else.
-
Download ComboFix from only this location:
[color=\"#0000FF\"]Link [/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]
--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
-
[quote name=\'guestolo\' post=\'469020\' date=\'Apr 23 2010, 04:18 PM\']Download ComboFix from only this location:
[color=\"#0000ff\"]Link [/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#ff0000\"]Save it ONLY to your Desktop[/color]
--------------------------------------------------------------------
[color=\"#2e8b57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please[/quote]
it seems there were other malware on my PC i ran combofix as u requested here is the log
ComboFix 10-04-21.01 - Troy 04/24/2010 12:19:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1578 [GMT -8:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1409082233-1592454029-725345543-1004
c:\recycler\S-1-5-21-1409082233-1592454029-725345543-500
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-20 02:41 . 2010-04-20 02:42 5918775 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-20 02:41 . 2010-04-20 02:41 -------- d-----w- c:\documents and settings\Troy\Application Data\Malwarebytes
2010-04-20 02:41 . 2010-03-30 08:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 02:41 . 2010-03-30 08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:41 . 2010-04-20 02:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-20 02:26 . 2010-04-20 02:26 -------- d-----w- C:\_OTL
2010-04-19 01:12 . 2010-04-19 01:12 -------- d-----w- c:\documents and settings\Troy\Application Data\Turbine
2010-04-18 00:12 . 2010-04-18 00:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ICS
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-sh--w- c:\documents and settings\Administrator.NEMESIS\PrivacIE
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-sh--w- c:\documents and settings\Administrator.NEMESIS\IETldCache
2010-04-12 01:33 . 2010-04-12 01:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2010-04-12 01:26 . 2010-04-12 01:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 01:26 . 2010-04-12 01:26 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-08 05:23 . 2004-03-30 00:23 90112 ----a-w- c:\windows\unvise32.exe
2010-04-02 05:56 . 2010-04-02 05:56 -------- d-----w- c:\program files\DAZ
2010-04-02 05:51 . 2010-04-02 05:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\OptiTex
2010-04-02 05:29 . 2010-04-02 05:29 -------- d-----w- c:\documents and settings\Troy\Application Data\DAZ 3D
2010-04-02 05:29 . 2010-04-08 05:44 -------- d-----w- c:\program files\Common Files\DAZ
2010-04-02 05:29 . 2010-04-02 05:29 -------- d-----w- c:\program files\DAZ 3D
2010-04-01 01:16 . 2010-04-01 01:16 516480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:09 . 2009-01-11 05:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-04-24 20:08 . 2005-11-15 06:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-23 05:11 . 2009-01-22 02:05 -------- d-----w- c:\program files\Warzone 2100
2010-04-20 02:42 . 2008-12-22 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:06 . 2009-01-11 07:03 -------- d-----w- c:\program files\Rockstar Games
2010-04-19 02:06 . 2005-11-09 23:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 01:11 . 2009-01-11 03:43 16640 ----a-w- c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 01:01 . 2006-12-27 06:13 -------- d-----w- c:\program files\Electronic Arts
2010-04-18 19:27 . 2009-01-11 10:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2010-04-18 18:29 . 2010-02-04 20:59 -------- d-----w- c:\program files\Emerald Viewer
2010-04-15 01:16 . 2009-09-27 18:56 966104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-15 01:16 . 2009-09-27 18:56 1265264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-12 01:32 . 2005-12-27 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-04 00:13 . 2007-08-04 01:24 -------- d-----w- c:\program files\Screaming Bee
2010-04-04 00:07 . 2009-01-25 06:23 -------- d-----w- c:\documents and settings\Troy\Application Data\Screaming Bee
2010-04-04 00:07 . 2009-01-25 06:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Screaming Bee
2010-03-14 21:09 . 2010-03-12 20:08 -------- d-----w- c:\program files\Texture Maker
2010-03-12 20:08 . 2010-03-12 20:08 -------- d-----w- c:\documents and settings\Troy\Application Data\Texture Maker
2010-03-10 06:15 . 2004-10-08 12:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-10-08 12:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 02:16 . 2010-02-25 02:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-25 02:16 . 2010-02-25 02:16 95024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-25 02:16 . 2010-02-25 02:16 598368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-25 02:16 . 2010-02-25 02:16 566608 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-25 02:16 . 2009-09-27 18:56 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-25 02:16 . 2009-09-13 19:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-25 02:16 . 2010-02-25 02:16 1230160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-02-25 02:16 . 2010-02-25 02:16 247120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-02-25 02:16 . 2009-09-27 18:56 6330848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-25 02:16 . 2010-02-25 02:16 17480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-25 02:15 . 2009-09-13 18:55 -------- d-----w- c:\program files\Lavasoft
2010-02-25 02:15 . 2010-02-25 02:14 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-24 13:11 . 2004-10-08 12:01 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-10-08 12:01 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-10-08 12:01 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-10-08 12:01 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-02-25 02:14 2954656 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-09-13 18:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2005-04-30 02:22 266240 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"c:\\Program Files\\Emerald Viewer\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/13/2009 10:56 AM 64288]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [9/27/2006 12:21 AM 34384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1265264]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab (http://\"http://file:///C:/WINDOWS/Java/classes/xmldso.cab\")
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2010-04-24 12:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E39F9F08-89D2-FD0B-D549-B5319A100F78}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapgfmgdidmbfndn"=hex:67,61,6b,63,67,61,63,6c,6a,67,6f,67,6c,6d,00,00
"iadgmknifjodnmkcpj"=hex:63,61,6c,63,69,62,00,01
[HKEY_USERS\S-1-5-21-861567501-1645522239-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,bc,18,ee,c5,51,2b,68,f8,8b,fc,e8,f3,e3,1b,b5,38,f1,9a,f2,9f,
f7,12,e5,63,fa,31,41,41,b4,33,60,b6,31,3a,01,1f,69,71,05,0e,58,c6,33,c2,24,\
"rkeysecu"=hex:3c,ed,ca,d2,8d,d4,cc,ec,22,af,ae,2e,e2,19,ae,b1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-04-24 12:25:41
ComboFix-quarantined-files.txt 2010-04-24 20:25
Pre-Run: 46,368,493,568 bytes free
Post-Run: 46,383,267,840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
- - End Of File - - EAF9127F5F4F2272D44BD641E9F229FE
-
[quote name=\'dirtybagtwb\' post=\'469049\' date=\'Apr 24 2010, 12:30 PM\']it seems there were other malware on my PC i ran combofix as u requested here is the log
ComboFix 10-04-21.01 - Troy 04/24/2010 12:19:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1578 [GMT -8:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1409082233-1592454029-725345543-1004
c:\recycler\S-1-5-21-1409082233-1592454029-725345543-500
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-20 02:41 . 2010-04-20 02:42 5918775 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-20 02:41 . 2010-04-20 02:41 -------- d-----w- c:\documents and settings\Troy\Application Data\Malwarebytes
2010-04-20 02:41 . 2010-03-30 08:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 02:41 . 2010-03-30 08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:41 . 2010-04-20 02:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-20 02:26 . 2010-04-20 02:26 -------- d-----w- C:\_OTL
2010-04-19 01:12 . 2010-04-19 01:12 -------- d-----w- c:\documents and settings\Troy\Application Data\Turbine
2010-04-18 00:12 . 2010-04-18 00:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ICS
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-sh--w- c:\documents and settings\Administrator.NEMESIS\PrivacIE
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-sh--w- c:\documents and settings\Administrator.NEMESIS\IETldCache
2010-04-12 01:33 . 2010-04-12 01:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2010-04-12 01:26 . 2010-04-12 01:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 01:26 . 2010-04-12 01:26 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-08 05:23 . 2004-03-30 00:23 90112 ----a-w- c:\windows\unvise32.exe
2010-04-02 05:56 . 2010-04-02 05:56 -------- d-----w- c:\program files\DAZ
2010-04-02 05:51 . 2010-04-02 05:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\OptiTex
2010-04-02 05:29 . 2010-04-02 05:29 -------- d-----w- c:\documents and settings\Troy\Application Data\DAZ 3D
2010-04-02 05:29 . 2010-04-08 05:44 -------- d-----w- c:\program files\Common Files\DAZ
2010-04-02 05:29 . 2010-04-02 05:29 -------- d-----w- c:\program files\DAZ 3D
2010-04-01 01:16 . 2010-04-01 01:16 516480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:09 . 2009-01-11 05:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-04-24 20:08 . 2005-11-15 06:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-23 05:11 . 2009-01-22 02:05 -------- d-----w- c:\program files\Warzone 2100
2010-04-20 02:42 . 2008-12-22 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:06 . 2009-01-11 07:03 -------- d-----w- c:\program files\Rockstar Games
2010-04-19 02:06 . 2005-11-09 23:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 01:11 . 2009-01-11 03:43 16640 ----a-w- c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 01:01 . 2006-12-27 06:13 -------- d-----w- c:\program files\Electronic Arts
2010-04-18 19:27 . 2009-01-11 10:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2010-04-18 18:29 . 2010-02-04 20:59 -------- d-----w- c:\program files\Emerald Viewer
2010-04-15 01:16 . 2009-09-27 18:56 966104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-15 01:16 . 2009-09-27 18:56 1265264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-12 01:32 . 2005-12-27 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-04 00:13 . 2007-08-04 01:24 -------- d-----w- c:\program files\Screaming Bee
2010-04-04 00:07 . 2009-01-25 06:23 -------- d-----w- c:\documents and settings\Troy\Application Data\Screaming Bee
2010-04-04 00:07 . 2009-01-25 06:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Screaming Bee
2010-03-14 21:09 . 2010-03-12 20:08 -------- d-----w- c:\program files\Texture Maker
2010-03-12 20:08 . 2010-03-12 20:08 -------- d-----w- c:\documents and settings\Troy\Application Data\Texture Maker
2010-03-10 06:15 . 2004-10-08 12:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-10-08 12:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 02:16 . 2010-02-25 02:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-25 02:16 . 2010-02-25 02:16 95024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-25 02:16 . 2010-02-25 02:16 598368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-25 02:16 . 2010-02-25 02:16 566608 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-25 02:16 . 2009-09-27 18:56 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-25 02:16 . 2009-09-13 19:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-25 02:16 . 2010-02-25 02:16 1230160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-02-25 02:16 . 2010-02-25 02:16 247120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-02-25 02:16 . 2009-09-27 18:56 6330848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-25 02:16 . 2010-02-25 02:16 17480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-25 02:15 . 2009-09-13 18:55 -------- d-----w- c:\program files\Lavasoft
2010-02-25 02:15 . 2010-02-25 02:14 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-24 13:11 . 2004-10-08 12:01 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-10-08 12:01 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-10-08 12:01 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-10-08 12:01 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-02-25 02:14 2954656 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-09-13 18:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2005-04-30 02:22 266240 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"c:\\Program Files\\Emerald Viewer\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/13/2009 10:56 AM 64288]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [9/27/2006 12:21 AM 34384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1265264]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab (http://\"http://file:///C:/WINDOWS/Java/classes/xmldso.cab\")
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2010-04-24 12:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E39F9F08-89D2-FD0B-D549-B5319A100F78}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapgfmgdidmbfndn"=hex:67,61,6b,63,67,61,63,6c,6a,67,6f,67,6c,6d,00,00
"iadgmknifjodnmkcpj"=hex:63,61,6c,63,69,62,00,01
[HKEY_USERS\S-1-5-21-861567501-1645522239-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,bc,18,ee,c5,51,2b,68,f8,8b,fc,e8,f3,e3,1b,b5,38,f1,9a,f2,9f,
f7,12,e5,63,fa,31,41,41,b4,33,60,b6,31,3a,01,1f,69,71,05,0e,58,c6,33,c2,24,\
"rkeysecu"=hex:3c,ed,ca,d2,8d,d4,cc,ec,22,af,ae,2e,e2,19,ae,b1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-04-24 12:25:41
ComboFix-quarantined-files.txt 2010-04-24 20:25
Pre-Run: 46,368,493,568 bytes free
Post-Run: 46,383,267,840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
- - End Of File - - EAF9127F5F4F2272D44BD641E9F229FE[/quote]
I know it detected Norton antivirus but i have been having issue`s with Norton lately and completely uninstalled it so unless it is hidden somewhere that i cant find it im not entirely sure what to do about that.
-
Download Security Check by screen317 from here (http://\"http://screen317.spywareinfoforum.org/SecurityCheck.exe\") or here (http://\"http://screen317.changelog.fr/SecurityCheck.exe\").
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-
[quote name=\'guestolo\' post=\'469051\' date=\'Apr 24 2010, 01:39 PM\']Download Security Check by screen317 from here (http://\"http://screen317.spywareinfoforum.org/SecurityCheck.exe\") or here (http://\"http://screen317.changelog.fr/SecurityCheck.exe\").
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
[/quote]
ok...i hope this doesnt screw up the process but my wife works for a local internet provider so i have access to a free virus protection program and installed it after i uninstalled Norton(which i havent been happy with for some time anyway)as with Norton after start-up Symatec frame work couldnt start and the error report would constantly pop up.well after updating the new virus protection the same thing happens a error pops up telling me that a certain part of the protection cant start up..im sure this is because of a still unknown virus so here is the Security check log u asked for.i have also gotten a few blue screens of death in the last few days just thought u should know.
Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[color=\"red\"]Antivirus out of date![/color]
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(tm) 6 Update 17
[color=\"red\"]Out of date Java installed![/color]
Adobe Flash Player 10
Adobe Reader 7.0
[color=\"red\"]Out of date Adobe Reader installed![/color]
````````````````````````````````
Process Check:
objlist.exe by Laurent
[color=\"red\"]Ad-Aware AAWService.exe is disabled![/color]
[color=\"red\"]Ad-Aware AAWTray.exe is disabled![/color]
GCI Security Guard Anti-Virus fsgk32st.exe
GCI Security Guard Anti-Virus FSGK32.EXE
GCI Security Guard Anti-Virus fssm32.exe
GCI Security Guard Anti-Virus fsav32.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
Ok, try the following
=Open Notepad (START>>>RUN>>>type in <b>notepad</b>)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to <b>All Files</b>.
Name the file as <b>fix.reg</b>
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Double click on <b>fix.reg</b> and allow to add/merge to the registry at the prompt
Let's make sure that Norton's is removed
Download and save to destkop the Norton Removal tool from the following link
<a href="http://majorgeeks.com/Norton_Removal_Tool_d4749.html" target="_blank" rel="nofollow">http://majorgeeks.com/Norton_Removal_Tool_d4749.html</a>
Run the tool, type the character code at the prompt
and continue with the uninstaller, when it's done, let it reboot your computer, if it doesn't prompt to reboot, can you reboot manually please
Back in Windows
Keep all browser windows closed
Access your Add and REmove Programs and remove older versions of Sun Java and Adobe Reader as outdated versions are insecure
This includes:
<b>Javaâ„¢ 6 Update 17
Adobe Reader 7.0</b>
Reboot again,
Back in Windows
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
<b><!--coloro:blue--><span style="color:blue"><!--/coloro-->Updating Java:<!--colorc--></span><!--/colorc--></b><ul><li>Download the latest version of <b><a href="http://java.sun.com/javase/downloads/index.jsp" target="_blank" rel="nofollow">Java Runtime Environment (JRE) </a></b>.</li><li>Scroll down to where it says "<i>JDK 6 Update 20 (JDK or JRE)</i>".</li><li>Click the "<b>Download JRE</b>" button to the right.</li><li>In the Window that opens, select <b>Windows</b>,>>Check the "agree" box and click <b>Continue</b>.</li><li>Click on the link to download <i>Windows Offline Installation</i> and save to your desktop.</li><li>Then from your desktop double-click on <b>jre-6u20-windows-i586.exe</b> that you downloaded to install the newest version.</li></ul>
Afterwards
Download and install the latest version of Adobe Reader from the following link
<a href="http://get.adobe.com/reader/" target="_blank" rel="nofollow">http://get.adobe.com/reader/</a>
Please UNTICK the selection for Google toolbar or McAfee Security scan as they are not needed
Come back here, run Security check again and post the new log
In addition:
Download <b>GMER </b>from here:
<a href="http://www.gmer.net/files.php" target="_blank" rel="nofollow">http://www.gmer.net/files.php</a>
Unzip it to the Desktop.
Temporarily disable your AntiVirus software
Open the program - you should see the <b>Rootkit / Malware</b> tab.
Make sure all the boxes on the right of the screen are checked, <b>EXCEPT</b> for ‘Show All’.
<b>Important:</b> Close any open programs/windows!
Click on <b>Scan</b>.
When the scan has run click <b>Copy</b> and paste the results (if any) into this thread.
-
well... now my PC is totaly messed u,the GMER freezes my PC ,i cant D/L the new adobe reader,when i click on the d/l button the window shows up then tells me its closeing the window to save my PC . and the GMER freezes before i can copy the log.
-
Can you run GMER in safe mode, when done, copy the log and save it to a convenient location,
post the log back here
-
Can you run GMER in safe mode, when done, copy the log and save it to a convenient location,
post the log back here
ok... i havent had a chance to run GMER in safemode mainly because i have had a hard time getting back to your site a typical website unavailable window shows up and ultimately doesnt give me access i even tried it on my wife and kids laptops with no luck..this is the first time i have been able to since my last message,something else i received a wierd E-mail from your site it said
dirtybagtwb,
my chick bad by ludacris! has successfully added you to their friends list.
dirtybagtwb,
my chick bad by ludacris! has successfully added you to their friends list.
Manage your friends:
Regards,
The TheTechGuide Forum team.
i couldnt send u the exact website because the forums do not allow it but i think its something u should see ,its almost like it stole my IP address and perhaps a few other things.my frustration level is at a all time high atm so please excuss the rambling.
right after i recieved this E-mail my PC started acting up i didnt give this person permission to add me.i was checking to see if this is truely one of yours or not.Not only that but right about that time a small balloon would pop up from my task bar saying there were 2 different devices using the same IP address.not quite sure what to make of all of if i was hoping u might be able to shed some light on it.ill try again to run the GMER in safe mode and hopefully get back to u asap.
-
Josetann was updating, server was down for some time, not a problem on your end
my chick bad by ludacris! is not part of the Techguide team, he/she is just a spammer
I'm going to remove them
Waiting on the Gmer log
-
ok.. that makes me feel a bit better sorry about the rambling my frustration level was at an all time high about then yesterday,lol.. but i did manage to run the Gmer and here is the log.and the a new security log as well...but the Gmer did freeze my PC again even in safe mode but it seemed to run the scan fine i still havent been able to d/l a new version of Adobe reader.
GMER 1.0.15.15281 - http://www.gmer.net (http://"http://www.gmer.net")
Rootkit scan 2010-04-25 09:32:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Troy\LOCALS~1\Temp\kxldqpow.sys
---- System - GMER 1.0.15 ----
Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
---- Kernel code sections - GMER 1.0.15 ----
PAGENPNP NDIS.SYS!NdisOpenAdapter F7A2A399 5 Bytes JMP F7980394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F7A34821 5 Bytes JMP F79801B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets F7A37810 5 Bytes JMP F7980C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest F7A3797B 5 Bytes JMP F79805AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend F7A3A986 5 Bytes JMP F798158C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets F7A3A9A3 5 Bytes JMP F798165E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData F7A3A9BE 5 Bytes JMP F7980D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets F7A42AF1 5 Bytes JMP F7981376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E39F9F08-89D2-FD0B-D549-B5319A100F78}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E39F9F08-89D2-FD0B-D549-B5319A100F78}@hapgfmgdidmbfndn 0x67 0x61 0x6B 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E39F9F08-89D2-FD0B-D549-B5319A100F78}@iadgmknifjodnmkcpj 0x63 0x61 0x6C 0x63 ...
---- EOF - GMER 1.0.15 ----
and here is a new security log as well
Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10
````````````````````````````````
Process Check:
objlist.exe by Laurent
GCI Security Guard Anti-Virus fsgk32st.exe
GCI Security Guard Anti-Virus FSGK32.EXE
GCI Security Guard Anti-Virus fssm32.exe
GCI Security Guard Anti-Virus fsav32.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
I still cant d/l a new version of Adobe everytime i click on the download now button my IE closes.i also keep getting this pop-up right after i restart my PC
it pops up at least 6 times before it stops ........F-secure Internet sheild daemon has encountered a problem and needs to close.
i just happened to scoll down past the logs i posted and noticed that it still says my java is out of date i will try to uninstall and reinstall it again.
-
here is a new log for the security check looks like i finally got the right Java update
Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10
````````````````````````````````
Process Check:
objlist.exe by Laurent
GCI Security Guard Anti-Virus fsgk32st.exe
GCI Security Guard Anti-Virus FSGK32.EXE
GCI Security Guard Anti-Virus fssm32.exe
GCI Security Guard Anti-Virus fsav32.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
Don't worry about the out of date Sun Java, Security Check hasn't been updated to the latest version of Java yet
Can we try another browser please
Download and save to desktop Firefox installer from the following location
http://www.mozilla.com/en-US/
Double click on the installer to install
After installation, in Firefox go to TOOLS>>OPTIONS
Under the GENERAL tab, put a tick in "Always Ask Me where to Save Files"
Ok out of there
Using Firefox go to the following link
http://get.adobe.com/reader/
Untick the Option McAfee Security Scan and then click on DOWNLOAD
Save the installer to desktop
Double click to Run the installer, let me know if that helps please
-
well looks like i was able to finally download Adobe reader with firefox.any paticular reason i need to download all these programs to my desktop and not to my download folder? just curiousi wasnt sure if u needed a new security log but here it is anyway
Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
GCI Security Guard Anti-Virus fsgk32st.exe
GCI Security Guard Anti-Virus FSGK32.EXE
GCI Security Guard Anti-Virus fssm32.exe
GCI Security Guard Anti-Virus fsav32.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
Keep me informed of how everything is now running
What problems are you still experiencing?
In addition
Go to START>>MyComputer
Right click on Local Disk C: and then select PROPERTIES
Please supply info of USED SPACE and FREE SPACE
-
[quote name='guestolo' date='25 April 2010 - 07:27 PM' timestamp='1272252466' post='469074']
Keep me informed of how everything is now running
What problems are you still experiencing?
In addition
Go to START>>MyComputer
Right click on Local Disk C: and then select PROPERTIES
Please supply info of USED SPACE and FREE SPACE
[/quote]
well...i wish i could say everything was/is fine but i seem to have had a total system crash at this point my PC froze so i hit the reboot button on the front and then it froze in the middle of loading Windows so i hit the reboot button again and it gave me a error message
"Windows could not start because of a computer disk hardware configuration problem.could not read from the selected boot disk.check boot path and disk hardware.please check the windows documentation about disk configuration and your hardware reference manuels for additional info"
and that about sums it up....i was wondering if u wouldnt mind helping me with a complete setup.. i have a ASUS motherbaord and Pheonix award bios,cmos setup and a Silicone image raid bios and was thinking of using a Asus bios this time just wondering what u though.if u think i should refer to local help i completely understand and any help u can offer is always greatly apprecaited. i originally ordered my PC from Cyberpower out of California and have really good luck with it.its mostly a gaming machine so there really isnt to much important stuff on it.
-
Try the following
Go to the following link
http://support.microsoft.com/kb/314477
Take a look at method 2, take note, you already have the Recovery Console installed
If possible, select that option when booting the computer
If not, you will have to use the XP CD to boot to Recovery console
If you have a question about method 2, let me know
-
[quote name='guestolo' date='26 April 2010 - 07:10 AM' timestamp='1272294659' post='469086']
Try the following
Go to the following link
http://support.microsoft.com/kb/314477 (http://"http://support.microsoft.com/kb/314477")
Take a look at method 2, take note, you already have the Recovery Console installed
If possible, select that option when booting the computer
If not, you will have to use the XP CD to boot to Recovery console
If you have a question about method 2, let me know
[/quote]
whew..thank u, im still working on fixing the boot.ini file but my Pc is undating like crazy at the momment.I still have the original problem,my harddrive shows only 44 gb of freespace and 108gb of used space while there is nothing on the darn thing.and the raid bios shows up in the start up.
-
[quote name='dirtybagtwb' date='26 April 2010 - 08:30 PM' timestamp='1272342656' post='469095']
whew..thank u, im still working on fixing the boot.ini file but my Pc is undating like crazy at the momment.I still have the original problem,my harddrive shows only 44 gb of freespace and 108gb of used space while there is nothing on the darn thing.and the raid bios shows up in the start up.
[/quote]
well,im having a bit of trouble figuring out the boot.ini.....when i try to save following the sample in there seems to be nothing in the file.and i havent found any info like in the sample .i just thought of something though when Windows starts up in Dos there seems to be more than one entry in the list that includes the one u helped me create by rebuilding the boot.ini file.but back to the original problem why would i need to edit the boot file i just need to delete the corrupt one? right?
-
Are you trying Method 1 from the link????
I'm sure I asked you try try Method 2
-
[list=1]
- [quote name='guestolo' date='27 April 2010 - 07:04 PM' timestamp='1272423846' post='469104']
Are you trying Method 1 from the link????
I'm sure I asked you try try Method 2
[/quote]
i did use method 2 ..but at the bottom there is a way to delelt the corrpt boot.ini file
After Windows XP has successfully loaded, the Boot.ini can be modified to remove the incorrect entry. For more information about how to edit the Boot.ini file, click the following article number to view the article in the Microsoft Knowledge Base:[/list]289022 (http://"http://support.microsoft.com/kb/289022/") (http://support.microsoft.com/kb/289022/ ) How to edit the Boot.ini file in Windows XP
-
Please do the following, go to START>>RUN
Type the following, or better yet, copy/paste the following in bold
sysdm.cpl
Open the Advanced tab then click on SETTINGS under STARTUP and RECOVERY
Under SYSTEM SETUP, click EDIT
Copy/paste the info of the boot.ini file back here please
-
[quote name='guestolo' date='28 April 2010 - 06:17 PM' timestamp='1272507461' post='469119']
Please do the following, go to START>>RUN
Type the following, or better yet, copy/paste the following in bold
sysdm.cpl
Open the Advanced tab then click on SETTINGS under STARTUP and RECOVERY
Under SYSTEM SETUP, click EDIT
Copy/paste the info of the boot.ini file back here please
[/quote]
there is nothing there ... it`s blank
-
Well, it doesn't make sense that it's blank
Can you do the following
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Go and find the following file:
C:\boot.ini
Open the file and copy/paste back here the contents
-
[quote name='guestolo' date='28 April 2010 - 07:54 PM' timestamp='1272513296' post='469122']
Well, it doesn't make sense that it's blank
Can you do the following
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Go and find the following file:
C:\boot.ini
Open the file and copy/paste back here the contents
[/quote]
it still didnt help..the window is blank.i even went to MSconfig=>boot.ini tab and still nothing the window is empty and i tried to click on the "check all boot paths" and the system configuration utility program froze on me.to tell the truth im almost ready to just reformat the whole drive and see if that helps.
-
I assume the computer is booting properly
What other problems are you still experiencing?
-
[quote name='guestolo' date='02 May 2010 - 06:18 AM' timestamp='1272809930' post='469160']
I assume the computer is booting properly
What other problems are you still experiencing?
[/quote]
hmmm.... well the original problem is still there my raid controller bios shows up asking if i want to access the bios,still only 44gb of my hard drive shows as free space and its 160 gb drive ,at start up it tells me invalid boot.ini file booting from C:\windows\.
-
well the original problem is still there my raid controller bios shows up asking if i want to access the bios,
Is that the Exact way that you are prompted to access the bios, can you post the Exact message
still only 44gb of my hard drive shows as free space and its 160 gb drive
OTL sees the following at one time
[color="#2E8B57"]Drive C: | 153.38 Gb Total Space | 37.84 Gb Free Space | 24.67% Space Free | Partition Type: NTFS[/color]
I don't have a clue of all the files/folders on your computer, do you have any big folders/files using room??
at start up it tells me invalid boot.ini file booting from C:\windows\.
Can you open the C:\boot.ini file
and edit the blank page so it includes EVERYTHING in RED below
[color="#FF0000"][boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[/color]
Try rebooting, see if that takes care of that error
-
[quote name='guestolo' date='02 May 2010 - 05:28 PM' timestamp='1272850120' post='469167']
Is that the Exact way that you are prompted to access the bios, can you post the Exact message
OTL sees the following at one time
[color="#2e8b57"]Drive C: | 153.38 Gb Total Space | 37.84 Gb Free Space | 24.67% Space Free | Partition Type: NTFS[/color]
I don't have a clue of all the files/folders on your computer, do you have any big folders/files using room??
Can you open the C:\boot.ini file
and edit the blank page so it includes EVERYTHING in RED below
[color="#ff0000"][boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[/color]
Try rebooting, see if that takes care of that error
[/quote]
well technicly just the raid bios Dos window prompting me to press f4 if i want access to the raid controller.as for big files nothing to huge and since u helped me with the boot.ini file its for the most part empty but still only showing most of my hard drive is used so the OTl isnt wrong i just dont have access to the whole HD. the exact wording for the raid utility is it has the name and version number of the raid bios ..the tells me "press Ctrl-s or F4 to enter Raid utility"and it seemed to help after i added what u asked me too the boot.ini is gone it loads to the windows recovery console.but i still have the HD problem..capacity-153GB used space-124GB free space-28.8
-
well technicly just the raid bios Dos window prompting me to press f4 if i want access to the raid controller.as for big files nothing to huge and since u helped me with the boot.ini file its for the most part empty but still only showing most of my hard drive is used so the OTl isnt wrong i just dont have access to the whole HD. the exact wording for the raid utility is it has the name and version number of the raid bios ..the tells me "press Ctrl-s or F4 to enter Raid utility"and it seemed to help after i added what u asked me too the boot.ini is gone it loads to the windows recovery console.but i still have the HD problem..capacity-153GB used space-124GB free space-28.8
I'm confused, let's break it down into certain criteria
Is everythng running alright??
What exact error, if any do you get on startup?
You can disable RAID in the BIOS, have you thought of doing that?
Please read the documentation you got with you motherboard
-
[quote name='guestolo' date='05 May 2010 - 07:56 PM' timestamp='1273118181' post='469208']
I'm confused, let's break it down into certain criteria
Is everythng running alright??
What exact error, if any do you get on startup?
You can disable RAID in the BIOS, have you thought of doing that?
Please read the documentation you got with you motherboard
[/quote]
ok.....first,everything SEEMS to be running ok if a bit slow,and its not an error in the blue screen of death sorta way its more instead of my PC loading straight to the Windows screen it stops on the raid bios for a few momments and eventually loads Windows which it didnt do when i had access to my whole HD.I have Riad disabled in my Bios and the Sata raid bios still shows up.i have also tried to understand my documentation but find very little to help describe how i might go about deactiving my sata raid bios .Im not entirely sure why anyone would need a raid configuration except for perhaps speed.the motherboard book doesnt explain in much detail except for the Sata master section thats says it automaticly detects sata ATA devices when my bios is set to auto,unless im reentering the harddrive info into the bios,it then tells me to use a disk utility like FDISK to partition and format.so it should detect the whole Hd if everything is ok?or should i set the bios to the defualt settings and have it detect everything again?
-
Have i exhausted all of your ideas or is there something else i could try to resolve this problem?i have tried togive u as much complete info as i can.