Solved Rootkit trouble

Dari · 2010/10/30

[Resolved] Rootkit trouble

Hey.

So I seem to have picked up a rootkit, and it's been causing me a wonderful variety of problems: Google redirecting, chrome not working, blue screens with the 8E error, and probably more.
I have run MBAM, ESET online scanner and combofix, but MBAM has only managed to finish a quick scan once without blue screening, and ESET only managed to get to about 15% each time. Combofix did finish running, but didn't do much, other than informing me that I had a rootkit. I haven't run any rootkit detection programs yet, and am in the process of installing microsoft's debug programs so I can read all the mini dumps that've been created.

Thanks - here are DDS and Attach.

Oh, and I forgot to say, I haven't run memtest-86+ yet, but I'm fairly sure that it is the rootkit causing the blue screens.

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Anon Proxy Server\bin\Apache.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Anon Proxy Server\bin\Apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kia\Desktop\procexp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kia\My Documents\Downloads\dotNetFx40_Full_setup.exe
K:\06a316d973f57b52b70e0dd8f0d470\Setup.exe
C:\Documents and Settings\Kia\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 206.251.255.61:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRun1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRun1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRun1.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: BigSeekPro Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\bigseekpro toolbar\tbcore3.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [ProxyFirewall] c:\program files\proxyfirewall\ProxyFirewall.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe "
mRun: [VirtualDrive] "c:\program files\farstone\virtualdrive\VDTask.exe" /AutoRestore
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [anon_proxy_server] "c:\program files\anon proxy server\htdocs\anon_proxy_server\pserver.exe" -run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kia\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\kia\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\kia\desktop\HiJackThis.exe
StartupFolder: c:\docume~1\kia\startm~1\programs\startup\shortc~2.lnk - c:\documents and settings\kia\desktop\procexp.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\flashkeeper\GetFlash.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\flashkeeper\GetFlash.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mymaths.co.uk\www
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kia\applic~1\mozilla\firefox\profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 15:58:30.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 19/04/2006 23:18:07
System Uptime: 30/10/2010 15:40:47 (0 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 4.491 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is CDROM ()
K: is FIXED (FAT32) - 112 GiB total, 54.738 GiB free.
W: is CDROM ()
X: is CDROM ()
Y: is CDROM ()
Z: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP587: 28/09/2010 17:27:03 - Software Distribution Service 3.0
RP588: 29/09/2010 03:00:34 - Software Distribution Service 3.0
RP589: 29/09/2010 17:27:04 - Software Distribution Service 3.0
RP590: 30/09/2010 17:26:26 - Software Distribution Service 3.0
RP591: 01/10/2010 17:27:48 - Software Distribution Service 3.0
RP592: 02/10/2010 17:26:57 - Software Distribution Service 3.0
RP593: 03/10/2010 01:47:54 - Software Distribution Service 3.0
RP594: 03/10/2010 17:27:05 - Software Distribution Service 3.0
RP595: 04/10/2010 17:27:01 - Software Distribution Service 3.0
RP596: 05/10/2010 17:27:08 - Software Distribution Service 3.0
RP597: 06/10/2010 17:26:56 - Software Distribution Service 3.0
RP598: 07/10/2010 17:27:03 - Software Distribution Service 3.0
RP599: 08/10/2010 03:00:24 - Software Distribution Service 3.0
RP600: 08/10/2010 17:27:16 - Software Distribution Service 3.0
RP601: 09/10/2010 10:46:45 - Installed iTunes
RP602: 10/10/2010 02:29:30 - Software Distribution Service 3.0
RP603: 10/10/2010 11:00:41 - Software Distribution Service 3.0
RP604: 11/10/2010 11:00:23 - Software Distribution Service 3.0
RP605: 11/10/2010 23:41:35 - Installed iTeleport Connect
RP606: 12/10/2010 10:56:08 - Software Distribution Service 3.0
RP607: 13/10/2010 10:53:19 - Software Distribution Service 3.0
RP608: 14/10/2010 10:53:04 - Software Distribution Service 3.0
RP609: 15/10/2010 03:00:41 - Software Distribution Service 3.0
RP610: 15/10/2010 10:57:23 - Software Distribution Service 3.0
RP611: 16/10/2010 16:15:48 - Software Distribution Service 3.0
RP612: 17/10/2010 01:51:24 - Software Distribution Service 3.0
RP613: 17/10/2010 16:15:36 - Software Distribution Service 3.0
RP614: 18/10/2010 16:15:33 - Software Distribution Service 3.0
RP615: 19/10/2010 16:15:40 - Software Distribution Service 3.0
RP616: 20/10/2010 16:15:42 - Software Distribution Service 3.0
RP617: 21/10/2010 16:15:48 - Software Distribution Service 3.0
RP618: 22/10/2010 16:15:20 - Software Distribution Service 3.0
RP619: 23/10/2010 20:04:07 - System Checkpoint
RP620: 24/10/2010 02:03:29 - Software Distribution Service 3.0
RP621: 25/10/2010 02:21:20 - System Checkpoint
RP622: 25/10/2010 19:22:21 - Software Distribution Service 3.0
RP623: 28/10/2010 00:22:50 - Restore Operation
RP624: 30/10/2010 02:37:15 - System Checkpoint

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

==== End Of File ===========================

broni · 2010/10/30

Welcome aboard

I don't see any AV program running.
Please, download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
Update, run full scan. Report on any findings.

Never run Combofix on your own.

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Dari · 2010/10/30

Can't run an MBAM scan or install AVG/Avast. Computer crashes before any can finish. Should I still continue and get a Gmer and MBRCheck log?

broni · 2010/10/30

I didn't mention AVG. You don't want to use AVG.

Go ahead with two other scans.

Dari · 2010/10/31

I ran GMER first in safe mode, but it froze for ~3 hours when I tried to save the log, so I managed to run it out of safe mode.

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-31 01:06:34
Windows 5.1.2600 Service Pack 3
Running: tpnf5isn.exe; Driver: C:\PROGRA~1\Java\JDK16~1.0_1\bin\pwtdapog.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x0A 0x33 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x9D 0x92 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x39 0x3C 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0xDB 0xB5 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x4B 0xF4 0x7B 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xDD 0xF6 0x65 0xB1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32@ C:\WINDOWS\system32\geeda.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32@ThreadingModel Both

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x03e0009c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8B483000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AA000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9EF8000 fvxscsi.sys
0xB9EE0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EC0000 fltmgr.sys
0xB9EAE000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E97000 KSecDD.sys
0xB9E0A000 Ntfs.sys
0xB9DDD000 NDIS.sys
0xB9DC3000 Mup.sys
0xBA338000 avgrkx86.sys
0xBA238000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8F04000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8EF0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8EC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8EA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8E7C000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA248000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA258000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E59000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA410000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA268000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA6B0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA278000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D6E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E42000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA298000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E31000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA420000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA430000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB8E01000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8DE4000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA5EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8D86000 \SystemRoot\system32\DRIVERS\update.sys
0xB94B6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB94B2000 \SystemRoot\system32\DRIVERS\fcdabus.sys
0xB94AE000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xB94AA000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8BA6000 \SystemRoot\system32\drivers\sthda.sys
0xA8B82000 \SystemRoot\system32\drivers\portcls.sys
0xBA2F8000 \SystemRoot\system32\drivers\drmk.sys
0xB9D7E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5AC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA4F40000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5AE000 \SystemRoot\System32\Drivers\Beep.SYS
0xA7C74000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA7C6C000 \SystemRoot\System32\drivers\vga.sys
0xBA5B0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA7C64000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA54C8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8D6A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA3855000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA37FC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA37D4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8D66000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA37B2000 \SystemRoot\System32\drivers\afd.sys
0xA5355000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5335000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA3791000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xA54C0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9D0C3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9E736000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9D098000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D028000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DFEF000 \SystemRoot\System32\Drivers\Fips.SYS
0x9DFBF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7889000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9DACE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA7885000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D010000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA786D000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D412000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9D8B5000 \SystemRoot\System32\drivers\dxgthk.sys
0xA38B2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA38AE000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9D891000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA348000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x9D88D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9CF93000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9DA4E000 \??\C:\WINDOWS\system32\Drivers\hcmon.sys
0x9CE8A000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0x9C949000 \SystemRoot\System32\Drivers\HTTP.sys
0x9C8E2000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0x9C7EB000 \SystemRoot\system32\DRIVERS\srv.sys
0x9C6A1000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0x9D41A000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0x9C9CA000 \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
0x9C919000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0x9C024000 \SystemRoot\system32\drivers\wdmaud.sys
0x9C1B9000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C0CD000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0x9BF72000 \SystemRoot\system32\DRIVERS\usb8023.sys
0xBA388000 \SystemRoot\system32\DRIVERS\RNDISMP.SYS
0xA7C84000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x9BF13000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBA724000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9B8EF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9B8D8000 \??\C:\PROGRA~1\Java\JDK16~1.0_1\bin\pwtdapog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
832 C:\WINDOWS\system32\smss.exe
1032 C:\WINDOWS\system32\csrss.exe
1056 C:\WINDOWS\system32\winlogon.exe
1104 C:\WINDOWS\system32\services.exe
1116 C:\WINDOWS\system32\lsass.exe
1300 C:\WINDOWS\system32\svchost.exe
1356 C:\WINDOWS\system32\svchost.exe
1704 C:\WINDOWS\system32\svchost.exe
1940 C:\WINDOWS\system32\svchost.exe
472 C:\WINDOWS\system32\svchost.exe
776 C:\WINDOWS\system32\spoolsv.exe
1480 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\msdtc.exe
1604 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
1808 C:\Program Files\Anon Proxy Server\bin\Apache.exe
1832 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
1852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1872 C:\Program Files\Anon Proxy Server\bin\Apache.exe
1892 C:\Program Files\Bonjour\mDNSResponder.exe
2312 C:\WINDOWS\ehome\ehrecvr.exe
2852 C:\WINDOWS\ehome\ehSched.exe
3600 C:\Program Files\Java\jre6\bin\jqs.exe
3688 C:\WINDOWS\system32\HPZipm12.exe
3716 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3948 C:\WINDOWS\system32\PnkBstrA.exe
3308 C:\WINDOWS\system32\svchost.exe
3380 C:\WINDOWS\system32\svchost.exe
3976 C:\Program Files\TightVNC\tvnserver.exe
4036 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
2308 C:\WINDOWS\system32\vmnat.exe
2368 C:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
2612 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
2652 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
2792 C:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
3020 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
2720 C:\WINDOWS\system32\vmnetdhcp.exe
3040 C:\WINDOWS\system32\mqsvc.exe
3732 C:\WINDOWS\system32\mqtgsvc.exe
4136 C:\WINDOWS\system32\dllhost.exe
4596 C:\WINDOWS\system32\alg.exe
4372 C:\WINDOWS\system32\wscntfy.exe
5644 C:\WINDOWS\explorer.exe
3536 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
1336 C:\Documents and Settings\Kia\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

broni · 2010/10/31

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Dari · 2010/10/31

2010/10/31 19:58:47.0750 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 19:58:47.0750 ================================================================================
2010/10/31 19:58:47.0750 SystemInfo:
2010/10/31 19:58:47.0750
2010/10/31 19:58:47.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/31 19:58:47.0750 Product type: Workstation
2010/10/31 19:58:47.0750 ComputerName: DARIUS
2010/10/31 19:58:47.0750 UserName: Kia
2010/10/31 19:58:47.0750 Windows directory: C:\WINDOWS
2010/10/31 19:58:47.0750 System windows directory: C:\WINDOWS
2010/10/31 19:58:47.0750 Processor architecture: Intel x86
2010/10/31 19:58:47.0750 Number of processors: 2
2010/10/31 19:58:47.0750 Page size: 0x1000
2010/10/31 19:58:47.0750 Boot type: Normal boot
2010/10/31 19:58:47.0750 ================================================================================
2010/10/31 19:58:49.0359 Initialize success
2010/10/31 19:58:53.0234 ================================================================================
2010/10/31 19:58:53.0234 Scan started
2010/10/31 19:58:53.0234 Mode: Manual;
2010/10/31 19:58:53.0234 ================================================================================
2010/10/31 19:58:54.0359 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/31 19:58:54.0437 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/31 19:58:54.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/31 19:58:54.0578 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/31 19:58:54.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/31 19:58:55.0015 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/31 19:58:55.0078 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/31 19:58:55.0140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/31 19:58:55.0171 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/31 19:58:55.0203 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/31 19:58:55.0500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/31 19:58:55.0546 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/31 19:58:55.0593 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/31 19:58:55.0656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/31 19:58:55.0671 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/31 19:58:55.0703 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/31 19:58:55.0781 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/31 19:58:55.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/31 19:58:55.0843 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/31 19:58:55.0984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/31 19:58:56.0062 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/31 19:58:56.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/31 19:58:56.0187 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/31 19:58:56.0265 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/10/31 19:58:56.0343 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/10/31 19:58:56.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/31 19:58:56.0515 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/31 19:58:56.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/31 19:58:56.0890 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/31 19:58:57.0000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/31 19:58:57.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/31 19:58:57.0031 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/31 19:58:57.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/31 19:58:57.0171 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/31 19:58:57.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/31 19:58:57.0375 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/10/31 19:58:57.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/31 19:58:57.0437 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/31 19:58:57.0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/31 19:58:57.0562 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/31 19:58:57.0671 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/31 19:58:57.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/31 19:58:57.0750 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/31 19:58:57.0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/31 19:58:57.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/31 19:58:57.0968 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/31 19:58:58.0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/31 19:58:58.0203 fcdabus (8afd80fa4d00075cbffd77f12411a381) C:\WINDOWS\system32\DRIVERS\fcdabus.sys
2010/10/31 19:58:58.0234 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/31 19:58:58.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/31 19:58:58.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/31 19:58:58.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/31 19:58:58.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/31 19:58:58.0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/31 19:58:58.0515 FVXSCSI (ef1db93645ffea9f657d632d830e6040) C:\WINDOWS\system32\DRIVERS\fvxscsi.sys
2010/10/31 19:58:58.0578 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/31 19:58:58.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/31 19:58:59.0031 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/10/31 19:58:59.0343 hcmon (a7a9a3700bc6cf244d6fe79e62752c23) C:\WINDOWS\system32\Drivers\hcmon.sys
2010/10/31 19:58:59.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/31 19:58:59.0453 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/31 19:58:59.0515 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/31 19:58:59.0609 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/31 19:58:59.0687 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/31 19:58:59.0750 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/31 19:58:59.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/31 19:58:59.0875 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/31 19:58:59.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/31 19:58:59.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/31 19:59:00.0140 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/31 19:59:00.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/31 19:59:00.0421 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/31 19:59:00.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/31 19:59:00.0578 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/31 19:59:00.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/31 19:59:00.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/31 19:59:01.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/31 19:59:01.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/31 19:59:01.0093 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/31 19:59:01.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/31 19:59:01.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/31 19:59:01.0218 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/31 19:59:01.0250 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/31 19:59:01.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/31 19:59:01.0406 KProcWatch (9b82ac6f7b178628b46fcbb89f09aa87) C:\WINDOWS\system32\drivers\KProcWatch.sys
2010/10/31 19:59:01.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/31 19:59:01.0578 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/10/31 19:59:01.0656 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/10/31 19:59:01.0718 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/31 19:59:01.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/31 19:59:01.0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/31 19:59:01.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/31 19:59:01.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/31 19:59:01.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/31 19:59:02.0000 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2010/10/31 19:59:02.0046 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/31 19:59:02.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/31 19:59:02.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/31 19:59:02.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/31 19:59:02.0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/31 19:59:02.0406 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/31 19:59:02.0437 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/31 19:59:02.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/31 19:59:02.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/31 19:59:02.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/31 19:59:02.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/31 19:59:02.0671 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/31 19:59:02.0703 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/31 19:59:02.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/31 19:59:02.0812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/31 19:59:03.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/31 19:59:03.0265 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/31 19:59:03.0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/31 19:59:03.0359 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/31 19:59:03.0453 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/31 19:59:03.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/31 19:59:03.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/31 19:59:03.0609 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/31 19:59:03.0718 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/31 19:59:03.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/31 19:59:03.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/31 19:59:04.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/31 19:59:04.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/31 19:59:04.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/31 19:59:04.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/31 19:59:04.0218 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/31 19:59:04.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/31 19:59:04.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/31 19:59:04.0453 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/31 19:59:04.0562 phc700 (c0f3e9b56a8622afa551f293e76879f7) C:\WINDOWS\system32\DRIVERS\phc700.sys
2010/10/31 19:59:04.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/31 19:59:04.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/31 19:59:04.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/31 19:59:04.0734 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/31 19:59:04.0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/31 19:59:04.0875 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/31 19:59:05.0156 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/31 19:59:05.0250 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/31 19:59:05.0281 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/31 19:59:05.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/31 19:59:05.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/31 19:59:05.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/31 19:59:05.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/31 19:59:05.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/31 19:59:05.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/31 19:59:05.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/31 19:59:05.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/31 19:59:05.0625 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/31 19:59:05.0718 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2010/10/31 19:59:05.0890 sasdifsv (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/31 19:59:05.0968 sasenum (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/10/31 19:59:06.0000 saskutil (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/10/31 19:59:06.0078 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/10/31 19:59:06.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/31 19:59:06.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/31 19:59:06.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/31 19:59:06.0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/31 19:59:06.0437 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/31 19:59:06.0515 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/31 19:59:06.0609 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/31 19:59:06.0671 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/31 19:59:06.0734 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/31 19:59:06.0843 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/31 19:59:06.0906 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/31 19:59:07.0000 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/31 19:59:07.0109 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
2010/10/31 19:59:07.0187 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
2010/10/31 19:59:07.0437 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
2010/10/31 19:59:07.0609 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/31 19:59:07.0687 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/31 19:59:07.0718 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/31 19:59:07.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/31 19:59:07.0859 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/31 19:59:07.0906 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/31 19:59:07.0953 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/31 19:59:07.0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/31 19:59:08.0015 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/31 19:59:08.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/31 19:59:08.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/31 19:59:08.0203 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/31 19:59:08.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/31 19:59:08.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/31 19:59:08.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/31 19:59:08.0453 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/31 19:59:08.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/31 19:59:08.0656 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/31 19:59:08.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/31 19:59:08.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/31 19:59:08.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/31 19:59:08.0921 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/31 19:59:08.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/31 19:59:09.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/31 19:59:09.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/31 19:59:09.0125 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/31 19:59:09.0140 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/10/31 19:59:09.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/31 19:59:09.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/31 19:59:09.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/31 19:59:09.0328 vmkbd (dd45769ea8197c1b07da1abaa6997e4f) C:\WINDOWS\system32\drivers\VMkbd.sys
2010/10/31 19:59:09.0390 VMnetAdapter (f68c99f41c3cf6e1c3c542fadd2e20cf) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2010/10/31 19:59:09.0406 VMnetBridge (121fbda3a14f0744a8c213d3e9f14d63) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
2010/10/31 19:59:09.0453 VMnetuserif (7ba770b04984fd8b1be541d6df94d620) C:\WINDOWS\system32\drivers\vmnetuserif.sys
2010/10/31 19:59:09.0718 vmusb (cd379a617fce2910a71a2dcca4f6b126) C:\WINDOWS\system32\Drivers\vmusb.sys
2010/10/31 19:59:09.0968 vmx86 (d3d8bc682d3a965288c7978b0e856d28) C:\WINDOWS\system32\Drivers\vmx86.sys
2010/10/31 19:59:10.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/31 19:59:10.0218 vstor2 (9e4ff401725fe6a26d8fe492bf0ea2b1) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
2010/10/31 19:59:10.0328 vstor2-ws60 (256318cdef640ad2062754871bc96bfc) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2010/10/31 19:59:10.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/31 19:59:10.0484 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/31 19:59:10.0531 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/31 19:59:10.0625 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/31 19:59:10.0703 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/31 19:59:10.0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/31 19:59:11.0234 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/31 19:59:11.0234 ================================================================================
2010/10/31 19:59:11.0234 Scan finished
2010/10/31 19:59:11.0234 ================================================================================
2010/10/31 19:59:11.0265 Detected object count: 1
2010/10/31 19:59:20.0984 \HardDisk0\MBR - will be cured after reboot
2010/10/31 19:59:20.0984 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/31 19:59:26.0296 Deinitialize success

broni · 2010/10/31

Good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Dari · 2010/10/31

ComboFix 10-10-31.01 - Kia 31/10/2010 22:16:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2521 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kia\Application Data\Ihgudy
c:\documents and settings\Kia\Application Data\Ihgudy\udceu.exe

c:\windows\system32\drivers\155fddc6.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-30 20:22 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 20:22 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\program files\Alwil Software
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-30 17:15 . 2010-10-30 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-30 17:14 . 2010-10-30 17:14 -------- d-----w- c:\program files\AVG
2010-10-30 17:08 . 2010-10-30 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 15:21 . 2010-10-30 15:26 -------- d-----w- c:\program files\Support Tools
2010-10-29 21:51 . 2010-10-29 21:51 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-10-29 21:49 . 2010-10-29 21:50 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-10-29 21:48 . 2010-10-29 21:48 -------- d-----w- c:\program files\Application Verifier
2010-10-29 20:37 . 2010-10-29 20:37 -------- d-----w- c:\program files\ESET
2010-10-28 14:43 . 2010-10-28 14:43 389120 ----a-w- c:\windows\system32\CF18196.exe
2010-10-28 11:29 . 2010-10-28 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 11:29 . 2010-10-28 11:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 09:57 . 2010-10-28 09:57 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Conduit
2010-10-28 09:56 . 2010-10-28 10:08 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Runescape
2010-10-28 04:57 . 2010-10-28 04:57 -------- d-----w- c:\program files\CleanUp!
2010-10-28 04:39 . 2010-10-28 04:39 -------- d-sh--w- c:\documents and settings\Pareesa\IETldCache
2010-10-28 04:18 . 2010-10-28 04:23 -------- d-----w- c:\documents and settings\Karena\Application Data\Apple Computer
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Adobe
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Application Data\Epson
2010-10-27 23:39 . 2010-10-27 23:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runescape
2010-10-26 16:33 . 2010-10-26 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson
2010-10-26 15:46 . 2010-10-26 15:46 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-10-26 14:47 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Conduit
2010-10-26 14:46 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Runescape
2010-10-26 14:45 . 2010-10-26 14:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-10-26 14:45 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-10-26 14:45 . 2010-10-26 14:45 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\Pkeyexamecus.bin
2010-10-26 07:00 . 2010-10-27 22:56 0 ----a-w- c:\windows\Pkeyexamecus.bin
2010-10-26 07:00 . 2010-10-27 23:23 -------- d-----w- c:\documents and settings\Kia\Local Settings\Application Data\{A8E5562A-795B-405E-8374-00CC98BDE371}
2010-10-26 06:45 . 2010-10-26 06:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-10-21 22:15 . 2010-10-27 23:29 -------- d-s---w- c:\documents and settings\Dari
2010-10-11 22:41 . 2010-10-11 22:41 -------- d-----w- c:\program files\iTeleport
2010-10-09 09:48 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-09 09:48 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-09 09:47 . 2010-10-09 09:47 -------- d-----w- c:\program files\iPod
2010-10-09 09:47 . 2010-10-09 09:48 -------- d-----w- c:\program files\iTunes
2010-10-09 09:47 . 2010-10-09 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-09 09:41 . 2010-10-09 09:41 -------- d-----w- c:\program files\Apple Software Update
2010-10-09 09:36 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-10-09 09:36 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-10-09 09:28 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-09 09:28 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-09 09:28 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-09 09:28 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2010-06-03 23:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-17 13:17 . 2005-08-16 03:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-06-30 12:44 . 2008-05-08 20:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2010-10-29 20:27 3908192 ----a-w- c:\program files\Runescape\tbRun1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8864317-E18B-4292-99D9-E6E65AB905D3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyFirewall "= "c:\program files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 431104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to HiJackThis.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to HiJackThis.lnk
backup=c:\windows\pss\Shortcut to HiJackThis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to procexp.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to procexp.lnk
backup=c:\windows\pss\Shortcut to procexp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anon_proxy_server]
2008-01-28 04:01 94208 ----a-w- c:\program files\Anon Proxy Server\htdocs\anon_proxy_server\pserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-04 19:01 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-01-12 09:54 669520 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 17:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 12:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-09 21:40 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2007-02-07 22:43 254007 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-08-08 15:35 55856 ----a-w- c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-08-08 15:36 72240 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\ijji\\Warrior Epic\\WEShell_TGI_ijji.exe "=
"c:\\Program Files\\TightVNC\\tvnserver.exe "=
"c:\\Program Files\\TightVNC\\vncviewer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"157:TCP "= 157:TCP:WarriorEpic
"157:UDP "= 157:UDP:WarriorEpic
"163:TCP "= 163:TCP:WarriorEpic
"163:UDP "= 163:UDP:WarriorEpic
"231:TCP "= 231:TCP:WarriorEpic
"231:UDP "= 231:UDP:WarriorEpic
"990:TCP "= 990:TCP:WarriorEpic
"990:UDP "= 990:UDP:WarriorEpic
"911:TCP "= 911:TCP:WarriorEpic
"911:UDP "= 911:UDP:WarriorEpic
"494:TCP "= 494:TCP:WarriorEpic
"494:UDP "= 494:UDP:WarriorEpic
"292:TCP "= 292:TCP:WarriorEpic
"292:UDP "= 292:UDP:WarriorEpic
"844:TCP "= 844:TCP:WarriorEpic
"844:UDP "= 844:UDP:WarriorEpic
"365:TCP "= 365:TCP:WarriorEpic
"365:UDP "= 365:UDP:WarriorEpic
"947:TCP "= 947:TCP:WarriorEpic
"947:UDP "= 947:UDP:WarriorEpic

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 26064]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05 55024]
R2 anon_proxy_config;anon_proxy_config;c:\program files\Anon Proxy Server\bin\Apache.exe [09/01/2007 12:17 20539]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [08/07/2010 13:28 815704]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [08/01/2010 11:18 41025]
S0 rtvb;rtvb;c:\windows\system32\drivers\rypna.sys --> c:\windows\system32\drivers\rypna.sys [?]
S1 155fddc6;155fddc6;c:\windows\system32\drivers\155fddc6.sys [06/01/2009 17:55 0]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 249424]
S1 oonpbvxo;oonpbvxo;\??\c:\windows\system32\drivers\oonpbvxo.sys --> c:\windows\system32\drivers\oonpbvxo.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate1c98bcf3de9e680;Google Update Service (gupdate1c98bcf3de9e680);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 22:30 133104]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5; "c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe" -s "c:\program files\SmartFoxServerBASIC_1.5.5\Server\conf\wrapper.conf" --> c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [?]
S2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [17/10/2006 22:22 204800]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys --> c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 ESISTEMA53;ESISTEMA53;\??\c:\program files\RuanEngine\sistema32.sys --> c:\program files\RuanEngine\sistema32.sys [?]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3.5\FMSMaster.exe [03/04/2010 06:31 2428928]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3.5\FMSAdmin.exe [03/04/2010 06:31 2596864]
S3 FMSHttpd;FMSHttpd;c:\program files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [03/04/2010 06:31 24635]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [21/08/2009 07:45 8576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/09/2008 04:36 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [30/06/2007 21:13 541696]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06 7408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [02/09/2009 03:07 85504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 17:30 721904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-DARIUS-Kia.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-20 02:44]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-28 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]

2010-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:17]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 206.251.255.61:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\FlashKeeper\GetFlash.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\FlashKeeper\GetFlash.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mymaths.co.uk\www
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q=
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{0B2B741A-121C-771A-6770-DE29AF5309C6} - c:\documents and settings\Kia\Application Data\Ihgudy\udceu.exe
MSConfigStartUp-{0B2B741A-121C-771A-6770-DE29AF5309C6} - c:\documents and settings\Kia\Application Data\Ihgudy\udceu.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProxyFirewall = c:\program files\ProxyFirewall\ProxyFirewall.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\system32\\geeda.dll "
"ThreadingModel "= "Both "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-10-31 22:46:32
ComboFix-quarantined-files.txt 2010-10-31 22:46
ComboFix2.txt 2010-10-28 17:20
ComboFix3.txt 2009-02-06 13:20
ComboFix4.txt 2009-02-05 16:23

Pre-Run: 3,967,909,888 bytes free
Post-Run: 4,428,648,448 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 269029A09885EAC1E888E6CA9F8F8688

broni · 2010/10/31

Download and run AVG Remover: http://www.avg.com/us-en/download-tools (if it'll let you).

Then...

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\155fddc6.sys
c:\windows\system32\CF18196.exe
c:\documents and settings\Guest\Local Settings\Application Data\Pkeyexamecus.bin
c:\windows\Pkeyexamecus.bin
c:\windows\system32\drivers\rypna.sys
c:\windows\system32\drivers\oonpbvxo.sys
c:\windows\system32\PavSRK.sys
c:\windows\system32\PavTPK.sys
c:\program files\RuanEngine\sistema32.sys


DDS::
uInternet Settings,ProxyServer = 206.251.255.61:3128


Driver::
155fddc6
rtvb
oonpbvxo
PavSRK.sys
PavTPK.sys
ESISTEMA53


Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
 "DisallowCpl "= -
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Dari · 2010/11/01

AVG uninstalled successfully (I think), but combofix doesn't finish scanning - it blue screens with 8E. 8E always seems to pop up a while into scans, is this the virus trying to protect itself? Also I didn't have a blue screen running combofix last time, but I've run it 2-3 times with the text file now, and it blue screens every time. I'll check to see if it made a new log anyway. Nope no log, though there is something called combofix in C:\, it says that it shows the hardware connected to the computer, I think.

broni · 2010/11/01

That's most likely the infection interfering.

Try to run My script fro Safe Mode.

If still a problem, run these two tools first.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Dari · 2010/11/02

Ran successfully on Safe Mode.

ComboFix 10-10-31.04 - Kia 02/11/2010 16:54:48.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2701 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kia\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Guest\Local Settings\Application Data\Pkeyexamecus.bin "
"c:\program files\RuanEngine\sistema32.sys "
"c:\windows\Pkeyexamecus.bin "
"c:\windows\system32\CF18196.exe "
"c:\windows\system32\drivers\155fddc6.sys "
"c:\windows\system32\drivers\oonpbvxo.sys "
"c:\windows\system32\drivers\rypna.sys "
"c:\windows\system32\PavSRK.sys "
"c:\windows\system32\PavTPK.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Local Settings\Application Data\Pkeyexamecus.bin
c:\windows\Pkeyexamecus.bin
c:\windows\system32\CF18196.exe
c:\windows\system32\drivers\155fddc6.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESISTEMA53
-------\Legacy_PAVSRK.SYS
-------\Legacy_PAVTPK.SYS
-------\Service_155fddc6
-------\Service_ESISTEMA53
-------\Service_oonpbvxo
-------\Service_PavSRK.sys
-------\Service_PavTPK.sys
-------\Service_rtvb

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-01 03:44 . 2010-11-01 03:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-31 20:08 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-31 20:08 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-31 20:08 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-31 20:08 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-30 20:22 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 20:22 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\program files\Alwil Software
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-30 17:15 . 2010-10-30 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-30 17:08 . 2010-10-30 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 15:21 . 2010-10-30 15:26 -------- d-----w- c:\program files\Support Tools
2010-10-29 21:51 . 2010-10-29 21:51 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-10-29 21:49 . 2010-10-29 21:50 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-10-29 21:48 . 2010-10-29 21:48 -------- d-----w- c:\program files\Application Verifier
2010-10-29 20:37 . 2010-10-29 20:37 -------- d-----w- c:\program files\ESET
2010-10-28 11:29 . 2010-10-28 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 11:29 . 2010-10-28 11:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 09:57 . 2010-10-28 09:57 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Conduit
2010-10-28 09:56 . 2010-10-28 10:08 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Runescape
2010-10-28 04:57 . 2010-10-28 04:57 -------- d-----w- c:\program files\CleanUp!
2010-10-28 04:39 . 2010-10-28 04:39 -------- d-sh--w- c:\documents and settings\Pareesa\IETldCache
2010-10-28 04:18 . 2010-10-28 04:23 -------- d-----w- c:\documents and settings\Karena\Application Data\Apple Computer
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Adobe
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Application Data\Epson
2010-10-28 04:12 . 2010-11-01 16:28 90112 ----a-w- c:\windows\DUMP4a47.tmp
2010-10-27 23:39 . 2010-10-27 23:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runescape
2010-10-26 16:33 . 2010-10-26 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson
2010-10-26 15:46 . 2010-10-26 15:46 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-10-26 14:47 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Conduit
2010-10-26 14:46 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Runescape
2010-10-26 14:45 . 2010-10-26 14:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-10-26 14:45 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-10-26 07:00 . 2010-10-27 23:23 -------- d-----w- c:\documents and settings\Kia\Local Settings\Application Data\{A8E5562A-795B-405E-8374-00CC98BDE371}
2010-10-26 06:45 . 2010-10-26 06:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-10-21 22:15 . 2010-10-27 23:29 -------- d-s---w- c:\documents and settings\Dari
2010-10-11 22:41 . 2010-10-11 22:41 -------- d-----w- c:\program files\iTeleport
2010-10-09 09:48 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-09 09:48 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-09 09:47 . 2010-10-09 09:47 -------- d-----w- c:\program files\iPod
2010-10-09 09:47 . 2010-10-09 09:48 -------- d-----w- c:\program files\iTunes
2010-10-09 09:47 . 2010-10-09 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-09 09:41 . 2010-10-09 09:41 -------- d-----w- c:\program files\Apple Software Update
2010-10-09 09:36 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-10-09 09:36 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-10-09 09:28 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-09 09:28 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-09 09:28 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-09 09:28 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2010-06-03 23:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 12:23 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 03:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 03:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 03:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2005-08-16 03:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 03:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 03:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 03:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-12 16:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-24 13:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 03:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 03:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 03:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-06-30 12:44 . 2008-05-08 20:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2010-10-29 20:27 3908192 ----a-w- c:\program files\Runescape\tbRun1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8864317-E18B-4292-99D9-E6E65AB905D3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyFirewall "= "c:\program files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 431104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to HiJackThis.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to HiJackThis.lnk
backup=c:\windows\pss\Shortcut to HiJackThis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to procexp.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to procexp.lnk
backup=c:\windows\pss\Shortcut to procexp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anon_proxy_server]
2008-01-28 04:01 94208 ----a-w- c:\program files\Anon Proxy Server\htdocs\anon_proxy_server\pserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-04 19:01 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-01-12 09:54 669520 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 17:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 12:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-09 21:40 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2007-02-07 22:43 254007 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-08-08 15:35 55856 ----a-w- c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-08-08 15:36 72240 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0B2B741A-121C-771A-6770-DE29AF5309C6}]
c:\documents and settings\Kia\Application Data\Ihgudy\udceu.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\ijji\\Warrior Epic\\WEShell_TGI_ijji.exe "=
"c:\\Program Files\\TightVNC\\tvnserver.exe "=
"c:\\Program Files\\TightVNC\\vncviewer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"157:TCP "= 157:TCP:WarriorEpic
"157:UDP "= 157:UDP:WarriorEpic
"163:TCP "= 163:TCP:WarriorEpic
"163:UDP "= 163:UDP:WarriorEpic
"231:TCP "= 231:TCP:WarriorEpic
"231:UDP "= 231:UDP:WarriorEpic
"990:TCP "= 990:TCP:WarriorEpic
"990:UDP "= 990:UDP:WarriorEpic
"911:TCP "= 911:TCP:WarriorEpic
"911:UDP "= 911:UDP:WarriorEpic
"494:TCP "= 494:TCP:WarriorEpic
"494:UDP "= 494:UDP:WarriorEpic
"292:TCP "= 292:TCP:WarriorEpic
"292:UDP "= 292:UDP:WarriorEpic
"844:TCP "= 844:TCP:WarriorEpic
"844:UDP "= 844:UDP:WarriorEpic
"365:TCP "= 365:TCP:WarriorEpic
"365:UDP "= 365:UDP:WarriorEpic
"947:TCP "= 947:TCP:WarriorEpic
"947:UDP "= 947:UDP:WarriorEpic

S1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06 8944]
S1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05 55024]
S2 anon_proxy_config;anon_proxy_config;c:\program files\Anon Proxy Server\bin\Apache.exe [09/01/2007 12:17 20539]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate1c98bcf3de9e680;Google Update Service (gupdate1c98bcf3de9e680);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 22:30 133104]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5; "c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe" -s "c:\program files\SmartFoxServerBASIC_1.5.5\Server\conf\wrapper.conf" --> c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [?]
S2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [17/10/2006 22:22 204800]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [08/07/2010 13:28 815704]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [08/01/2010 11:18 41025]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys --> c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3.5\FMSMaster.exe [03/04/2010 06:31 2428928]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3.5\FMSAdmin.exe [03/04/2010 06:31 2596864]
S3 FMSHttpd;FMSHttpd;c:\program files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [03/04/2010 06:31 24635]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [21/08/2009 07:45 8576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/09/2008 04:36 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [30/06/2007 21:13 541696]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06 7408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [02/09/2009 03:07 85504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 17:30 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-DARIUS-Kia.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-20 02:44]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-28 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]

2010-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:17]

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\FlashKeeper\GetFlash.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\FlashKeeper\GetFlash.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mymaths.co.uk\www
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q=
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 17:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProxyFirewall = c:\program files\ProxyFirewall\ProxyFirewall.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\system32\\geeda.dll "
"ThreadingModel "= "Both "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-11-02 17:43:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-02 17:43
ComboFix2.txt 2010-10-31 22:46
ComboFix3.txt 2010-10-28 17:20
ComboFix4.txt 2009-02-06 13:20
ComboFix5.txt 2010-11-01 17:39

Pre-Run: 7,097,147,392 bytes free
Post-Run: 7,070,707,712 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 59381E636F0E40687B2D56A4A6BA9D2B

broni · 2010/11/02

Good
Restart in normal mode and see, if you can update MBAM.
If so, run "Quick scan ".

See, if you can install Avast now.
If so, run full scan.
Report on any findings.

Dari · 2010/11/03

I've tried to start it up normally about 10 times now, and it blue screens every time before I even get to user selection, I've seen 8E, 7E, and I think 35 as errors so far. I cannot start up into safe mode, as when loading up the BIOS every time it sticks at the end, then the screen changes and tells me that there has been a "Keyboard failure" (even if I don't have the keyboard plugged in), so I cannot use the keyboard.

It has finally started up without blue screening (could a virus blue screen my computer before it has even started up properly? Should I run memtest-86?). MBAM did update, but then blue screened with 8E about a minute into the scan, should I try again, or install Avast and scan with that?

broni · 2010/11/03

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Dari · 2010/11/03

==================================================
Dump File : Mini110310-01.dmp
Crash Time : 03/11/2010 4:39:12 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x800ef762
Parameter 3 : 0xa707ec44
Parameter 4 : 0x00000000
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110310-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-06.dmp
Crash Time : 01/11/2010 11:14:12 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xa6a493fc
Parameter 3 : 0xa6a490f8
Parameter 4 : 0x805738c7
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+dff0
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-05.dmp
Crash Time : 01/11/2010 7:03:17 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x80579254
Parameter 3 : 0xa6886cb8
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a2254
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-04.dmp
Crash Time : 01/11/2010 5:59:26 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xa76ebc3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-03.dmp
Crash Time : 01/11/2010 4:31:21 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xba2b7c3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-02.dmp
Crash Time : 01/11/2010 3:34:14 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xffffff80
Parameter 2 : 0x00000001
Parameter 3 : 0x80578f06
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a1f06
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110110-01.dmp
Crash Time : 01/11/2010 1:26:35 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xffffff80
Parameter 2 : 0x00000001
Parameter 3 : 0x80578f06
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a1f06
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110110-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103110-02.dmp
Crash Time : 31/10/2010 11:53:05 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057b557
Parameter 3 : 0xa7b73a90
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a4557
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103110-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103110-01.dmp
Crash Time : 31/10/2010 9:41:35 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xa5fbe63c
Parameter 3 : 0xa5fbe338
Parameter 4 : 0xb9e2d974
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+23974
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103110-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-06.dmp
Crash Time : 30/10/2010 8:24:05 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057b0e4
Parameter 3 : 0xa817ca10
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a40e4
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-05.dmp
Crash Time : 30/10/2010 8:11:59 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xb9abbc3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-04.dmp
Crash Time : 30/10/2010 6:26:22 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0x9b0eac3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-03.dmp
Crash Time : 30/10/2010 5:17:44 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057b557
Parameter 3 : 0x9c091ae4
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a4557
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-02.dmp
Crash Time : 30/10/2010 2:41:09 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0x9b4ad718
Parameter 3 : 0x9b4ad414
Parameter 4 : 0xb9e2e167
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+24167
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini103010-01.dmp
Crash Time : 30/10/2010 2:15:22 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0x9c907460
Parameter 3 : 0x9c90715c
Parameter 4 : 0x805738c7
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+dff0
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103010-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102910-03.dmp
Crash Time : 29/10/2010 10:08:17 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0x9b428c3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102910-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102910-02.dmp
Crash Time : 29/10/2010 9:15:13 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xa50dfc3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102910-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102910-01.dmp
Crash Time : 29/10/2010 8:18:08 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x800ef762
Parameter 3 : 0x9da90c44
Parameter 4 : 0x00000000
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102910-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102810-04.dmp
Crash Time : 28/10/2010 11:04:39 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xffffff80
Parameter 2 : 0x00000001
Parameter 3 : 0x80578f06
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a1f06
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102810-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102810-03.dmp
Crash Time : 28/10/2010 9:49:41 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057926c
Parameter 3 : 0xa7a12c98
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a226c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102810-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102810-02.dmp
Crash Time : 28/10/2010 4:47:10 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057b557
Parameter 3 : 0x9fc9cc54
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a4557
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102810-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102810-01.dmp
Crash Time : 28/10/2010 4:37:55 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xa0733c3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102810-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102710-01.dmp
Crash Time : 27/10/2010 10:48:18 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0x9e4abc3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102710-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102610-03.dmp
Crash Time : 26/10/2010 10:24:22 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xa0ba5c3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102610-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102610-02.dmp
Crash Time : 26/10/2010 8:42:12 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8057b557
Parameter 3 : 0xa45d1c54
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a4557
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102610-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102610-01.dmp
Crash Time : 26/10/2010 4:23:08 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0x805792dd
Parameter 3 : 0xa3a96c3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a22dd
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102610-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

Just a few lines to mark out the mini dumps you'll probably need from those you won't (all the others are pretty old)

==================================================
Dump File : Mini031610-01.dmp
Crash Time : 16/03/2010 7:55:20 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xffffffe7
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x89c120bc
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a3b
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini031610-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini031210-01.dmp
Crash Time : 12/03/2010 10:21:25 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x8fd6e50f
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x89e322e7
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a3b
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini031210-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini012510-01.dmp
Crash Time : 25/01/2010 7:31:46 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00760065
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x00760065
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a3b
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini012510-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102409-01.dmp
Crash Time : 24/10/2009 3:58:56 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xa93caa38
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a38
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102409-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102309-02.dmp
Crash Time : 23/10/2009 10:16:39 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000004
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8af5f3cc
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a3b
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102309-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini102309-01.dmp
Crash Time : 23/10/2009 12:44:15 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0xe2ab9ffe
Parameter 3 : 0x80551238
Parameter 4 : 0x00000000
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+1a3b
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102309-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini082109-01.dmp
Crash Time : 21/08/2009 7:46:30 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa3f4862a
Parameter 3 : 0xa62ceb84
Parameter 4 : 0x00000000
Caused By Driver : KProcWatch.sys
Caused By Address : KProcWatch.sys+62a
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini081309-01.dmp
Crash Time : 13/08/2009 2:46:41 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0xa79627b4
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+158ce
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081309-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini121108-01.dmp
Crash Time : 11/12/2008 8:02:11 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00760065
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x00760065
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121108-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini120308-01.dmp
Crash Time : 03/12/2008 6:07:43 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x86badbc0
Parameter 3 : 0x86badd34
Parameter 4 : 0x805d13b6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini120308-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini100808-01.dmp
Crash Time : 08/10/2008 1:54:59 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa6a6f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100808-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini092708-01.dmp
Crash Time : 27/09/2008 8:18:07 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00760065
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x00760065
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092708-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini091608-01.dmp
Crash Time : 16/09/2008 4:30:24 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0646b856
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x86ba3c57
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091608-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini090708-01.dmp
Crash Time : 07/09/2008 5:49:02 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000002
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8532fd64
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090708-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini090508-01.dmp
Crash Time : 05/09/2008 9:40:48 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa6a6f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090508-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071808-01.dmp
Crash Time : 18/07/2008 9:04:15 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000002
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x859f3a24
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071808-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071708-01.dmp
Crash Time : 17/07/2008 8:51:24 AM
Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code : 0x000000ea
Parameter 1 : 0x85aec020
Parameter 2 : 0x86d935d0
Parameter 3 : 0x86051308
Parameter 4 : 0x00000001
Caused By Driver : ialmdev5.DLL
Caused By Address : ialmdev5.DLL+2ada6
File Description : Component GHAL Driver
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071708-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini041708-01.dmp
Crash Time : 17/04/2008 9:04:31 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x000218e8
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041708-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini031608-01.dmp
Crash Time : 16/03/2008 4:12:20 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0000f378
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini031608-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

Dari · 2010/11/03

=================================================
Dump File : Mini022608-01.dmp
Crash Time : 26/02/2008 4:46:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x880a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022608-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini020508-01.dmp
Crash Time : 05/02/2008 3:51:30 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0003a4f1
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020508-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini020208-01.dmp
Crash Time : 02/02/2008 1:39:10 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0003d5ad
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020208-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini011408-01.dmp
Crash Time : 14/01/2008 7:06:08 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xa08a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011408-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini010308-01.dmp
Crash Time : 03/01/2008 10:26:03 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x97ca6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini010308-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini123107-01.dmp
Crash Time : 31/12/2007 2:34:53 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00041785
Parameter 2 : 0xc0e00000
Parameter 3 : 0x0003f13c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini123107-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini122707-01.dmp
Crash Time : 27/12/2007 10:56:09 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0000eb81
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122707-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini122307-01.dmp
Crash Time : 23/12/2007 5:37:53 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa6a6f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini121007-01.dmp
Crash Time : 10/12/2007 5:00:38 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00760065
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x00760065
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f24
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini112407-01.dmp
Crash Time : 24/11/2007 12:38:51 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0000d89f
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini112407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini111807-01.dmp
Crash Time : 18/11/2007 3:24:09 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x00025db1
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111807-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini111007-01.dmp
Crash Time : 10/11/2007 7:40:17 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xa94a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000003
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini110807-01.dmp
Crash Time : 08/11/2007 4:10:05 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0001aa82
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110807-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini100707-01.dmp
Crash Time : 07/10/2007 6:01:51 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0000eae9
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100707-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini100207-01.dmp
Crash Time : 02/10/2007 3:01:15 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x00035e60
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100207-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini093007-01.dmp
Crash Time : 30/09/2007 12:09:54 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0002735c
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini093007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini092907-01.dmp
Crash Time : 29/09/2007 10:02:43 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa6a6f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092907-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini091707-01.dmp
Crash Time : 17/09/2007 5:53:47 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xd8ac0246
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0xf734d345
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+2345
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091707-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini080507-01.dmp
Crash Time : 05/08/2007 11:30:55 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0002474f
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080507-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini072407-01.dmp
Crash Time : 24/07/2007 2:08:33 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x00021f38
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini072307-01.dmp
Crash Time : 23/07/2007 10:41:08 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x00031869
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini072007-01.dmp
Crash Time : 20/07/2007 3:24:54 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x0004128b
Parameter 2 : 0x00bbf201
Parameter 3 : 0x0ccb8844
Parameter 4 : 0xc0883000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071807-01.dmp
Crash Time : 18/07/2007 7:02:27 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x01b00000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071807-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071707-02.dmp
Crash Time : 17/07/2007 4:33:17 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xc70a600c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x80510d95
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+39d95
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071707-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071707-01.dmp
Crash Time : 17/07/2007 3:36:14 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x928a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071707-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071607-01.dmp
Crash Time : 16/07/2007 8:12:26 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x03100000
Parameter 3 : 0x00000001
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071607-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini071507-01.dmp
Crash Time : 15/07/2007 7:45:25 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x0000084d
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071507-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini070607-01.dmp
Crash Time : 06/07/2007 3:33:48 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xbaca600c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x80510d95
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+39d95
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini070607-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini070307-01.dmp
Crash Time : 03/07/2007 4:01:53 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xc1ca600c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x80510d95
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+39d95
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini070307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini063007-01.dmp
Crash Time : 30/06/2007 10:06:48 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x03100000
Parameter 3 : 0x00000005
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini063007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062907-01.dmp
Crash Time : 29/06/2007 4:55:43 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xa08a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062907-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062807-02.dmp
Crash Time : 28/06/2007 7:38:33 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x8f0a6008
Parameter 2 : 0x00000000
Parameter 3 : 0x80504d6a
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2dd6a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062807-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062807-01.dmp
Crash Time : 28/06/2007 4:46:30 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x00016049
Parameter 3 : 0x00000003
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062807-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062607-01.dmp
Crash Time : 26/06/2007 4:55:57 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x03000000
Parameter 3 : 0x00000005
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062607-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062407-02.dmp
Crash Time : 24/06/2007 5:01:53 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000099
Parameter 2 : 0x01c00000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f13
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062407-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062407-01.dmp
Crash Time : 24/06/2007 11:35:06 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x8a76d50c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x80510e77
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+39e77
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini061607-01.dmp
Crash Time : 16/06/2007 12:49:11 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+63f2a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061607-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini061407-01.dmp
Crash Time : 14/06/2007 6:18:50 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+63f2a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini061307-01.dmp
Crash Time : 13/06/2007 5:12:20 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0xf7856d70
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+134f2a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini060307-01.dmp
Crash Time : 03/06/2007 2:59:40 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf11838d
Parameter 3 : 0xa817ea5c
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+a138d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini060307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini060207-01.dmp
Crash Time : 02/06/2007 12:39:29 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa91979cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini060207-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini052507-01.dmp
Crash Time : 25/05/2007 8:43:12 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa90e29cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini052507-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini042207-01.dmp
Crash Time : 21/04/2007 11:07:41 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa90979cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042207-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini042107-01.dmp
Crash Time : 21/04/2007 4:35:19 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf11838d
Parameter 3 : 0xa8f3fa5c
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+a138d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042107-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini041007-01.dmp
Crash Time : 10/04/2007 4:43:26 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa8d9a9cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041007-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini032407-01.dmp
Crash Time : 24/03/2007 10:36:20 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa85a29cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini032407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini022407-01.dmp
Crash Time : 24/02/2007 5:51:37 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa8e8f9cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini020607-01.dmp
Crash Time : 06/02/2007 7:17:06 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xaa1fd9cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020607-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini020307-01.dmp
Crash Time : 03/02/2007 7:06:43 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa92b49cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020307-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini012707-01.dmp
Crash Time : 27/01/2007 5:18:24 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa937a9cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini012707-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini011107-01.dmp
Crash Time : 11/01/2007 8:53:08 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa673f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011107-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini122006-01.dmp
Crash Time : 20/12/2006 5:18:43 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa9ad59cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122006-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini120406-01.dmp
Crash Time : 04/12/2006 5:19:48 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa9fc59cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini120406-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini120206-01.dmp
Crash Time : 02/12/2006 1:28:34 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf0be08d
Parameter 3 : 0xa9d4d9cc
Parameter 4 : 0x00000000
Caused By Driver : ialmdd5.DLL
Caused By Address : ialmdd5.DLL+4708d
File Description : DirectDraw(R) Driver for Intel(R) Graphics Technology
Product Name : Intel Graphics Accelerator Drivers for Windows NT(R)
Company : Intel Corporation
File Version : 6.14.10.4410
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini120206-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini042206-01.dmp
Crash Time : 22/04/2006 2:02:18 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xaa6a6f21
Caused By Driver : portcls.sys
Caused By Address : portcls.sys+f21
File Description : Port Class (Class Driver for Port/Miniport Devices)
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042206-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

broni · 2010/11/03

Please, install Avast and run full scan.
Report on any findings.

Dari · 2010/11/03

Avast seemed to have installed (even though I didn't see the setup, it'd blue screened in the 20 or so minutes I left it to install), but when I opened it after having started up the computer again, a few seconds later it crashed (Avast, not the computer), so I'm not sure if the installation was completed properly. When I tried to open the install file again it blue screened. Shall I keep trying?

Avast opened this time, but all features are disabled, it told me I had to register, but when I tried to it told me that there was a file missing, so I don't know what to do. Can I install it in safe mode?

I think that my registry access may have been affected as there was an error when I reran the setup, after it had tried to uninstall Avast, I read the log, and the main problem seemed to be that it couldn't remove a file from the registry with the error for access denied. I checked my permissions and gave "Everyone" full control. Trying again.

Still getting the uninstall failing. Still says in the error log access denied, tried deleting the files manually, got access died (fairly sure the file wasn't in use or write protected). I give up for now, I'll wait for instructions.

Log in or Sign up

Solved Rootkit trouble

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Rootkit trouble

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Share This Page

Useful Searches