Inactive Blue Screen IRQL_NOT_LESS_OR_EQUAL

jamo1133 · 2011/03/29

[Inactive] Blue Screen IRQL_NOT_LESS_OR_EQUAL

A friend's laptop is getting Blue Screen error and won't start up in normal mode. I can get the computer to start up in safe-mode with networking so I downloaded and ran Malwarebytes, GMER, MBRCheck, and DDS. I hope this was ok to do in safe-mode. You guys helped me clean my daughters laptop so I thought you could help me again

Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16982

3/29/2011 6:22:21 AM
mbam-log-2011-03-29 (06-22-21).txt

Scan type: Quick scan
Objects scanned: 133507
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Roaming\HBLite (Adware.Hotbar) -> Delete on reboot.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.349.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.349.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.32 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.

GMER Log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 05:34:01
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.CDD
Running: 4ivp3000.exe; Driver: C:\Users\Barney\AppData\Local\Temp\uxlyipog.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[940] kernel32.dll!PeekConsoleInputW + 2F 76FD1674 1 Byte [6F]
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!bsearch_s + C8 770C81D4 1 Byte [FB]
.text C:\Windows\system32\svchost.exe[1240] SHLWAPI.dll!StrCmpNICW + CE 7630E0FC 1 Byte [E3]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\WMPNetworkSvc@DisplayName @%Pr?gramFiles%\Windows Media Player\wmpnetwk.exe,-101

---- EOF - GMER 1.0.15 ----

MBRCheck Log;

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1521
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 111):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8071F000 \SystemRoot\system32\CI.dll
0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8022A000 \SystemRoot\system32\drivers\acpi.sys
0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80219000 \SystemRoot\system32\drivers\msisadrv.sys
0x8067F000 \SystemRoot\system32\drivers\pci.sys
0x8020A000 \SystemRoot\system32\drivers\volmgr.sys
0x80207000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80675000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80665000 \SystemRoot\System32\drivers\mountmgr.sys
0x80200000 \SystemRoot\system32\drivers\pciide.sys
0x80657000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8060D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80605000 \SystemRoot\system32\drivers\atapi.sys
0x81BE2000 \SystemRoot\system32\drivers\ataport.SYS
0x81BB1000 \SystemRoot\system32\drivers\fltmgr.sys
0x81BA1000 \SystemRoot\system32\drivers\fileinfo.sys
0x81A9D000 \SystemRoot\system32\drivers\ndis.sys
0x81A72000 \SystemRoot\system32\drivers\msrpc.sys
0x81A39000 \SystemRoot\system32\drivers\NETIO.SYS
0x872F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8728E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81A03000 \SystemRoot\system32\drivers\volsnap.sys
0x87277000 \SystemRoot\System32\drivers\partmgr.sys
0x87268000 \SystemRoot\System32\Drivers\mup.sys
0x87243000 \SystemRoot\System32\drivers\ecache.sys
0x87232000 \SystemRoot\system32\drivers\disk.sys
0x87211000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87208000 \SystemRoot\system32\drivers\crcdisk.sys
0x88003000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87C6F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A6FE000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x88030000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x884C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8803A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x884AB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88499000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88486000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8845B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x880E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88450000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88445000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x885B0000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x885C0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x88437000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A6ED000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A6D9000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A687000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A67E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A653000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A613000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A608000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A9B9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A9AE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A98B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87C60000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A978000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A969000 \SystemRoot\system32\DRIVERS\termdd.sys
0x880E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A93F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A935000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A928000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A8F4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x885F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C1B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88117000 \SystemRoot\System32\Drivers\Null.SYS
0x88110000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C13B000 \SystemRoot\System32\drivers\vga.sys
0x8C11A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C10D000 \SystemRoot\System32\drivers\watchdog.sys
0x88194000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C0E2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C0D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C0CB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C32B000 \SystemRoot\System32\drivers\tcpip.sys
0x8C0B2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C09D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C089000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C042000 \SystemRoot\system32\drivers\afd.sys
0x8C010000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C315000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C002000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C2DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C2D0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C2B9000 \SystemRoot\System32\Drivers\dfsc.sys
0x88019000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8800E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x881B4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8C508000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91A00000 \SystemRoot\System32\win32k.sys
0x8C4EF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CDE0000 \SystemRoot\System32\drivers\dxg.sys
0x8CC00000 \SystemRoot\System32\TSDDD.dll
0x8CC10000 \SystemRoot\System32\framebuf.dll
0x91C0C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91C02000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x930B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x930A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93087000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9304E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9303C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93026000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x931A7000 \??\C:\Users\Barney\AppData\Local\Temp\uxlyipog.sys
0x778F0000 \Windows\System32\ntdll.dll

Processes (total 22):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
476 csrss.exe
512 csrss.exe
520 C:\Windows\System32\wininit.exe
556 C:\Windows\System32\winlogon.exe
596 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\svchost.exe
1884 C:\Windows\explorer.exe
1164 C:\Users\Barney\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Barney at 5:36:56.26 on Wed 03/30/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1450 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Users\Barney\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe "
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-3-30 73728]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-10 135664]
.
=============== Created Last 30 ================
.
2011-03-29 10:58:27 2565432 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{21d63be7-230a-4ed7-81e7-6ab170e3dcb3}\mpengine.dll
2011-03-29 10:51:23 -------- d-sh--w- C:\found.000
2011-03-29 10:46:45 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-03-29 10:46:45 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-03-29 10:46:45 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-03-29 10:34:49 -------- d-----w- c:\windows\LastGood.Tmp
2011-03-29 10:34:46 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-03-29 10:17:30 -------- d-----w- C:\53e919eb73f7d9e465b2c4b5
2011-03-29 10:16:36 -------- d-----w- c:\users\barney\appdata\roaming\Malwarebytes
2011-03-29 10:16:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 10:16:31 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-29 10:16:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 10:16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 09:56:37 -------- d-----w- c:\users\barney\appdata\local\WindowsUpdate
2011-03-29 08:04:11 -------- d-----w- c:\windows\system32\wbem\repository
2011-03-29 08:03:52 -------- d-----w- c:\windows\Registration
.
==================== Find3M ====================
.
.
============= FINISH: 5:37:14.51 ===============

ATTACH.log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/30/2010 2:29:07 PM
System Uptime: 3/30/2011 5:03:01 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GU163
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Microprocessor | 1795/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 99.201 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.154 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP106: 2/8/2011 1:41:53 PM - Windows Update
RP107: 2/9/2011 6:41:22 PM - Scheduled Checkpoint
RP108: 2/10/2011 7:12:24 PM - Scheduled Checkpoint
RP109: 2/11/2011 10:02:15 AM - Windows Update
RP110: 2/13/2011 12:25:15 AM - Scheduled Checkpoint
RP111: 2/14/2011 1:51:10 AM - Scheduled Checkpoint
RP112: 2/15/2011 5:12:43 PM - Windows Update
RP113: 2/17/2011 2:50:15 AM - Scheduled Checkpoint
RP114: 2/19/2011 2:00:31 AM - Windows Update
RP115: 2/19/2011 5:23:16 PM - Scheduled Checkpoint
RP116: 2/22/2011 5:40:14 PM - Windows Update
RP118: 2/24/2011 11:29:55 PM - Windows Defender Checkpoint
RP119: 2/25/2011 5:26:56 AM - Windows Update
RP120: 2/25/2011 2:35:03 PM - Installed QuickTime
RP121: 2/26/2011 3:04:48 AM - Scheduled Checkpoint
RP122: 2/28/2011 3:02:55 AM - Scheduled Checkpoint
RP123: 3/1/2011 12:26:18 PM - Windows Update
RP124: 3/4/2011 4:47:16 PM - Windows Update
RP125: 3/8/2011 5:16:49 AM - Scheduled Checkpoint
RP126: 3/8/2011 10:32:17 AM - Windows Update
RP127: 3/13/2011 4:02:21 AM - Windows Update
RP128: 3/15/2011 3:37:59 PM - Windows Update
RP129: 3/18/2011 1:06:08 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
AIM 7
ATI Catalyst Install Manager
Broadcom 440x 10/100 Integrated Controller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Dell Wireless WLAN Card
Download Updater (AOL LLC)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
RICOH Media Driver ver.2.07.01.04
RICOH R5U8xx Media Driver ver.3.62.02
SigmaTel Audio
Skins
Skype Toolbars
Skypeâ„¢ 5.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live OneCare safety scanner
.
==== Event Viewer Messages From Past Week ========
.
3/29/2011 6:58:27 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Default Loading signature version: 1.0.0.0 Loading engine version: 1.1.1603.0
3/29/2011 6:58:24 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
3/29/2011 6:57:17 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/29/2011 6:57:17 AM, Error: volmgr [46] - Crash dump initialization failed!
3/29/2011 6:39:07 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
3/29/2011 6:38:18 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
3/29/2011 6:26:50 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
3/29/2011 5:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/29/2011 4:04:18 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
3/29/2011 4:04:02 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
3/29/2011 2:58:15 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
3/27/2011 8:01:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/27/2011 8:01:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/27/2011 8:01:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/27/2011 8:00:44 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6603.0
3/27/2011 6:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/27/2011 6:50:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/27/2011 6:50:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/27/2011 6:50:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/27/2011 6:50:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/27/2011 6:49:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/27/2011 6:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/27/2011 6:49:00 PM, Error: EventLog [6008] - The previous system shutdown at 9:07:17 PM on 3/20/2011 was unexpected.
3/27/2011 6:47:57 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
3/27/2011 6:47:57 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
3/27/2011 10:37:08 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.99.1226.0 Loading engine version: 1.1.6502.0
.
==== End Of File ===========================

broni · 2011/03/29

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jamo1133 · 2011/03/30

During the ComboFix run 'access denied' msg was issued a couple of times

Here is the log

ComboFix 11-03-29.03 - Barney 03/30/2011 6:29.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1579 [GMT -4:00]
Running from: c:\users\Barney\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Barney\AppData\Roaming\Local
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 10:33 . 2011-03-30 10:33 -------- d-----w- c:\users\Barney\AppData\Local\temp
2011-03-30 10:33 . 2011-03-30 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 10:58 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21D63BE7-230A-4ED7-81E7-6AB170E3DCB3}\mpengine.dll
2011-03-29 10:51 . 2011-03-29 10:51 -------- d-----w- C:\found.000
2011-03-29 10:46 . 2011-03-29 10:46 -------- d-----w- c:\windows\LastGood
2011-03-29 10:46 . 2009-06-25 20:58 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-03-29 10:46 . 2009-06-25 20:25 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-03-29 10:46 . 2009-06-25 20:10 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-03-29 10:34 . 2007-07-25 16:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-03-29 10:17 . 2011-03-29 10:17 -------- d-----w- C:\53e919eb73f7d9e465b2c4b5
2011-03-29 10:16 . 2011-03-29 10:16 -------- d-----w- c:\users\Barney\AppData\Roaming\Malwarebytes
2011-03-29 10:16 . 2011-03-29 10:16 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 10:16 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 10:16 . 2011-03-29 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 10:16 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 09:56 . 2011-03-29 09:56 -------- d-----w- c:\users\Barney\AppData\Local\WindowsUpdate
2011-03-29 09:54 . 2011-03-29 09:55 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-29 08:04 . 2011-03-30 10:26 -------- d-----w- c:\windows\system32\wbem\repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2010-12-09 1232896]
"WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 2159104]
"Aim "= "c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 135664]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 04:20]
.
2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 06:33
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-03-30 06:35:09
ComboFix-quarantined-files.txt 2011-03-30 10:35
.
Pre-Run: 106,327,797,760 bytes free
Post-Run: 106,270,732,288 bytes free
.
- - End Of File - - ED0B6CA35915E16DFB900223E1BE35A1

broni · 2011/03/30

I don't see much there.

Have you tried to start normally recently?

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

jamo1133 · 2011/03/31

Still crashing - Here is the BSOD log

==================================================
Dump File : Mini033111-02.dmp
Crash Time : 3/31/2011 4:17:11 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0x80000003
Parameter 2 : 0x81c8f75f
Parameter 3 : 0x8cfcf948
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+8f760
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.17021 (vista_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini033111-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 135,064
==================================================

broni · 2011/03/31

Have you tried to start normally recently?
Click to expand...

Also, define "crashing ".
When it happens and what does exactly happen?

jamo1133 · 2011/03/31

I can't start the computer in normal mode - I get the blue screen.

broni · 2011/03/31

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

jamo1133 · 2011/03/31

2011/03/31 20:59:31.0000 0600 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 20:59:31.0296 0600 ================================================================================
2011/03/31 20:59:31.0296 0600 SystemInfo:
2011/03/31 20:59:31.0296 0600
2011/03/31 20:59:31.0296 0600 OS Version: 6.0.6000 ServicePack: 0.0
2011/03/31 20:59:31.0296 0600 Product type: Workstation
2011/03/31 20:59:31.0296 0600 ComputerName: BARNEY-PC
2011/03/31 20:59:31.0296 0600 UserName: Barney
2011/03/31 20:59:31.0296 0600 Windows directory: C:\Windows
2011/03/31 20:59:31.0296 0600 System windows directory: C:\Windows
2011/03/31 20:59:31.0296 0600 Processor architecture: Intel x86
2011/03/31 20:59:31.0296 0600 Number of processors: 2
2011/03/31 20:59:31.0296 0600 Page size: 0x1000
2011/03/31 20:59:31.0296 0600 Boot type: Safe boot with network
2011/03/31 20:59:31.0296 0600 ================================================================================
2011/03/31 20:59:31.0655 0600 Initialize success
2011/03/31 20:59:41.0795 1656 ================================================================================
2011/03/31 20:59:41.0795 1656 Scan started
2011/03/31 20:59:41.0795 1656 Mode: Manual;
2011/03/31 20:59:41.0795 1656 ================================================================================
2011/03/31 20:59:42.0638 1656 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/03/31 20:59:42.0747 1656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/31 20:59:42.0809 1656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/31 20:59:42.0856 1656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/31 20:59:42.0918 1656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/31 20:59:43.0028 1656 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/03/31 20:59:43.0121 1656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/31 20:59:43.0199 1656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/31 20:59:43.0308 1656 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/03/31 20:59:43.0340 1656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/31 20:59:43.0464 1656 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/03/31 20:59:43.0558 1656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/31 20:59:43.0574 1656 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/31 20:59:43.0667 1656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/31 20:59:43.0730 1656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/31 20:59:43.0792 1656 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/31 20:59:43.0870 1656 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/03/31 20:59:44.0057 1656 atikmdag (389a2668e0c0c6698a6b565632c7f43a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/31 20:59:44.0478 1656 BCM43XV (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/31 20:59:44.0572 1656 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/31 20:59:44.0666 1656 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/03/31 20:59:44.0728 1656 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/03/31 20:59:44.0853 1656 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/31 20:59:44.0931 1656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/31 20:59:44.0978 1656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/31 20:59:45.0009 1656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/31 20:59:45.0134 1656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/31 20:59:45.0165 1656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/31 20:59:45.0290 1656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/31 20:59:45.0321 1656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/31 20:59:45.0446 1656 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/31 20:59:45.0477 1656 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/31 20:59:45.0602 1656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/31 20:59:45.0664 1656 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/03/31 20:59:45.0758 1656 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/31 20:59:45.0804 1656 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/03/31 20:59:45.0851 1656 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/31 20:59:46.0054 1656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/31 20:59:46.0101 1656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/31 20:59:46.0210 1656 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/03/31 20:59:46.0288 1656 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/03/31 20:59:46.0397 1656 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/03/31 20:59:46.0475 1656 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/31 20:59:46.0584 1656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/31 20:59:46.0647 1656 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/03/31 20:59:46.0740 1656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/31 20:59:46.0928 1656 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/03/31 20:59:46.0974 1656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/31 20:59:47.0068 1656 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/03/31 20:59:47.0115 1656 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/03/31 20:59:47.0162 1656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/31 20:59:47.0208 1656 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/03/31 20:59:47.0271 1656 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/31 20:59:47.0318 1656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/31 20:59:47.0458 1656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/31 20:59:47.0520 1656 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/31 20:59:47.0583 1656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/31 20:59:47.0645 1656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/31 20:59:47.0708 1656 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/31 20:59:47.0754 1656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/31 20:59:47.0864 1656 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/31 20:59:47.0942 1656 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/31 20:59:48.0035 1656 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/31 20:59:48.0098 1656 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/03/31 20:59:48.0176 1656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/31 20:59:48.0254 1656 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/31 20:59:48.0332 1656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/31 20:59:48.0378 1656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/31 20:59:48.0456 1656 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/03/31 20:59:48.0566 1656 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/31 20:59:48.0612 1656 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/31 20:59:48.0722 1656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/31 20:59:48.0800 1656 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/31 20:59:48.0846 1656 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/03/31 20:59:48.0893 1656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/31 20:59:48.0956 1656 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/31 20:59:49.0002 1656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/31 20:59:49.0049 1656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/31 20:59:49.0112 1656 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/31 20:59:49.0158 1656 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/03/31 20:59:49.0221 1656 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/31 20:59:49.0346 1656 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/31 20:59:49.0392 1656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/31 20:59:49.0470 1656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/31 20:59:49.0502 1656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/31 20:59:49.0580 1656 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/03/31 20:59:49.0673 1656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/31 20:59:49.0736 1656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/31 20:59:49.0814 1656 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/03/31 20:59:49.0892 1656 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/31 20:59:49.0923 1656 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 20:59:50.0048 1656 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/03/31 20:59:50.0079 1656 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/03/31 20:59:50.0157 1656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/31 20:59:50.0235 1656 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/31 20:59:50.0313 1656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/31 20:59:50.0438 1656 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/03/31 20:59:50.0484 1656 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/31 20:59:50.0516 1656 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/31 20:59:50.0578 1656 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/31 20:59:50.0640 1656 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/03/31 20:59:50.0703 1656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/31 20:59:50.0765 1656 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/03/31 20:59:50.0796 1656 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/03/31 20:59:50.0859 1656 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/31 20:59:50.0906 1656 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/31 20:59:50.0937 1656 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/03/31 20:59:50.0999 1656 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/03/31 20:59:51.0186 1656 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/31 20:59:51.0311 1656 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/03/31 20:59:51.0389 1656 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/03/31 20:59:51.0452 1656 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/31 20:59:51.0545 1656 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/03/31 20:59:51.0608 1656 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/31 20:59:51.0654 1656 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/31 20:59:51.0686 1656 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/31 20:59:51.0748 1656 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/03/31 20:59:51.0795 1656 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/31 20:59:51.0842 1656 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/31 20:59:51.0966 1656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/31 20:59:52.0029 1656 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/03/31 20:59:52.0185 1656 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/31 20:59:52.0278 1656 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/03/31 20:59:52.0372 1656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/31 20:59:52.0403 1656 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/03/31 20:59:52.0481 1656 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/03/31 20:59:52.0544 1656 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/03/31 20:59:52.0622 1656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/31 20:59:52.0731 1656 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/31 20:59:52.0809 1656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/31 20:59:52.0824 1656 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/03/31 20:59:52.0902 1656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/31 20:59:52.0980 1656 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/03/31 20:59:53.0074 1656 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/03/31 20:59:53.0152 1656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/31 20:59:53.0214 1656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/31 20:59:53.0417 1656 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/31 20:59:53.0448 1656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/31 20:59:53.0526 1656 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/31 20:59:53.0636 1656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/31 20:59:53.0682 1656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/31 20:59:53.0760 1656 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/31 20:59:53.0807 1656 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/31 20:59:53.0854 1656 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/31 20:59:53.0916 1656 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/31 20:59:54.0041 1656 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/31 20:59:54.0072 1656 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/31 20:59:54.0213 1656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/31 20:59:54.0260 1656 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/31 20:59:54.0353 1656 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/03/31 20:59:54.0447 1656 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/31 20:59:54.0509 1656 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/31 20:59:54.0556 1656 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/31 20:59:54.0650 1656 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/31 20:59:54.0681 1656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/31 20:59:54.0868 1656 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/31 20:59:54.0930 1656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/31 20:59:54.0993 1656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/31 20:59:55.0040 1656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/31 20:59:55.0086 1656 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/03/31 20:59:55.0180 1656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/31 20:59:55.0211 1656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/31 20:59:55.0258 1656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/31 20:59:55.0289 1656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/31 20:59:55.0352 1656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/31 20:59:55.0414 1656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/31 20:59:55.0445 1656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/31 20:59:55.0508 1656 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/03/31 20:59:55.0695 1656 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/03/31 20:59:55.0788 1656 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/03/31 20:59:55.0820 1656 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/31 20:59:55.0913 1656 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/31 20:59:55.0991 1656 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
2011/03/31 20:59:56.0069 1656 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/31 20:59:56.0116 1656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/31 20:59:56.0163 1656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/31 20:59:56.0210 1656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/31 20:59:56.0303 1656 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/31 20:59:56.0428 1656 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/03/31 20:59:56.0522 1656 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/31 20:59:56.0631 1656 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/31 20:59:56.0678 1656 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/03/31 20:59:56.0724 1656 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/31 20:59:56.0802 1656 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/31 20:59:56.0849 1656 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/31 20:59:56.0974 1656 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/31 20:59:57.0036 1656 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/31 20:59:57.0052 1656 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/31 20:59:57.0083 1656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/31 20:59:57.0146 1656 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/31 20:59:57.0224 1656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/31 20:59:57.0364 1656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/31 20:59:57.0426 1656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/31 20:59:57.0473 1656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/31 20:59:57.0536 1656 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/31 20:59:57.0614 1656 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/31 20:59:57.0676 1656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/31 20:59:57.0707 1656 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/31 20:59:57.0754 1656 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/31 20:59:57.0816 1656 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/31 20:59:57.0848 1656 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/31 20:59:57.0894 1656 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/31 20:59:57.0926 1656 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/31 20:59:57.0988 1656 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/31 20:59:58.0019 1656 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/03/31 20:59:58.0066 1656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/31 20:59:58.0128 1656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/31 20:59:58.0206 1656 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/03/31 20:59:58.0238 1656 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/03/31 20:59:58.0284 1656 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/03/31 20:59:58.0362 1656 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/03/31 20:59:58.0409 1656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/31 20:59:58.0518 1656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/31 20:59:58.0596 1656 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 20:59:58.0612 1656 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 20:59:58.0752 1656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/31 20:59:58.0799 1656 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/31 20:59:59.0002 1656 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/31 20:59:59.0205 1656 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/31 20:59:59.0298 1656 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/31 20:59:59.0470 1656 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/31 20:59:59.0532 1656 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/31 20:59:59.0642 1656 ================================================================================
2011/03/31 20:59:59.0642 1656 Scan finished
2011/03/31 20:59:59.0642 1656 ================================================================================

broni · 2011/03/31

Nothing there.

While in safe mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Attempt to restart in normal mode.

jamo1133 · 2011/03/31

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.
Click to expand...

I don't want to guess so I'll ask - Synaptics Pointing Device Driver is probably the mouse but I don't see anything that looks like a keyboard. What should I look for?

broni · 2011/03/31

I don't think, you'll see anything related to a keyboard.

jamo1133 · 2011/04/02

I disabled all (except pointer device) in startup/services in msconfig and restarted. I am still getting the blue screen. After numerious attempts to start the computer, I was finally able to get it started in safe mode, the computer seemed to act differently each time, or freezing up at different points. I was able to write down the following msgs

ACDI: Reclaim memory not found!
Done!
fallback 1
find --set-root / bootmgr

Warning: unrecognized partition table for drive 80
Please rebuild it us MS Compatible FDISK tool

Error 17: File Not Found
booting 'windows NT/2000/XP'

fallback 2
find --set-root / ntldr

Warning: unrecognized partition table for drive 80
Please rebuild it us MS Compatible FDISK tool

Error 17: File Not Found
booting 'Enter Command Line'

Boot failed! Press any key to enter command line

End of message

Nothing happened after hitting any key so I held the power button to shut the computer off. After a few minutes turned it back on. I then got the "Windows Error Recovery Screen (windows failed to start). A recent hardware or software change might be the cause)" giving me 2 options Launch repair (recommended) or start normal. I tried starting normal and the computer froze up (black screens with "microsoft corporation at bottom of screen), tried again doing the repair and got the blue screen.

Sorry if this is not clear, I tried writing down everything as it happened.

broni · 2011/04/02

You did very well

I don't think, we're dealing here with any infection anymore.
Something else is going on here.
One extra question...
Any particular reason, why no Service Pack is installed on your Vista?

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools ":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec ")
and then press Enter.
Type in:
bootrec /fixboot (<-- there is a "space" after "bootrec ")

Once completed then type Exit, press Enter and restart computer.
See, if it'll start in normal mode.

jamo1133 · 2011/04/02

I'll give this a try. As far as why there is no Service Pack is installed on your Vista, I really don't know. It's my friends computer and as far as I can tell there isn't any virus/malware/spyware protection either!

broni · 2011/04/02

Ok.....

jamo1133 · 2011/04/03

I was able to create a recovery CD but no luck with the rest. The computer did boot from the CD, loaded the files, and then I got another blue screen. This is very frustrating and since this isn't my computer I don't want to spend any more time on it, and I don't want to waste any more of your time. I really appreciate your help!!!

broni · 2011/04/03

It looks to me like some hardware issue.
I guess a visit to a pro shop will be due.

Log in or Sign up

Inactive Blue Screen IRQL_NOT_LESS_OR_EQUAL

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Blue Screen IRQL_NOT_LESS_OR_EQUAL

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches