Author Topic: [Inactive]Can't Get Past Blue Screen.  (Read 6309 times)

0 Members and 1 Guest are viewing this topic.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #45 on: September 15, 2011, 10:08:58 am »
Did performance change at all after running combofix?

Download Silent Runners.zip and extract it to a new folder on your Desktop.

    * Run the Silent Runners.vbs file.
    * You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
    * If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
    * This script is not malicious so please allow it.
    * A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
    * Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #46 on: September 15, 2011, 12:08:12 pm »
Performance is much slower than it was yesterday. Even the internet is slow.

I can't run the script because it keeps saying server execution failed.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #47 on: September 15, 2011, 02:53:18 pm »
HMM, please run combofix again and post the new log. Use the same instructions as before. 

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #48 on: September 16, 2011, 08:33:46 pm »
Part of the reason it was slow yesterday was because Windows was installing automatic updates. Even after installation it was very slow up until this afternoon when I ran Combofix. However the machine crashed with the "device driver attempting to corrupt the system has been caught" message before it could finish. Even with doing everything right with the SilentRunners script, nothing came up after the Yes/No prompt.

Stop code: 0x000000C4 (0x0000003C, 0x00000AC8, 0x00000000, 0x00000000)
« Last Edit: September 16, 2011, 08:39:06 pm by Ascertain20 »

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #49 on: September 16, 2011, 09:40:55 pm »
Please reboot into safe mode and then run combofix. Unless one of the windows drivers is corrupted, it should run OK and check all the extra drivers.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #50 on: September 17, 2011, 10:22:52 am »
Combofix ran well in Safe Mode with no problems. However I tried connecting to the internet in Safe Mode and the machine crashed with an IRQL_NOT_LESS_OR_EQUAL stop error.

0x000000D1 (0xDBE9EDAC, 0X00000002, 0X00000000, 0X0BE9EDAC)

Combofix log

ComboFix 11-09-16.01 - Administrator 09/17/2011   1:12.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.268 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Computer Security *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Computer Security *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dad\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Dad\Local Settings\Application Data\ApplicationHistory\mswmc.exe.ed1fcd7a.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\DotHalo.exe.d3fe77b5.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\Grouper.exe.b78da3da.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\Grouper.exe.b78da3da.ini.inuse
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\HaloMapTools.exe.5c40c357.ini.inuse
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\HHT.exe.6f29b3b7.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\HHT.exe.ad14bb6b.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\mswmc.exe.ed1fcd7a.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\mswmc.exe.ed1fcd7a.ini.inuse
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\StringListEditor.exe.560e502.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\StringListEditor.exe.c5c826cd.ini
c:\documents and settings\Louis\Local Settings\Application Data\ApplicationHistory\UpdaterApp.exe.8567dbf2.ini
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\windows\help\wmplayer.bak
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mfc100deu.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-17 to 2011-09-17  )))))))))))))))))))))))))))))))
.
.
2011-09-12 20:59 . 2011-09-12 23:14   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Runscanner.net
2011-09-12 17:00 . 2011-09-12 17:22   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2011-09-12 17:00 . 2011-09-12 17:00   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\RadarSync
2011-09-10 01:57 . 2011-09-08 03:52   1275112   ----a-w-   c:\windows\system32\drivers\WNA3100M.sys
2011-09-10 01:57 . 2011-09-10 01:57   --------   d-----w-   c:\program files\NETGEAR
2011-09-10 01:57 . 2011-09-10 01:57   --------   d-----w-   c:\documents and settings\Administrator\Application Data\InstallShield
2011-08-30 22:39 . 2011-08-30 22:39   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
2011-08-26 16:34 . 2004-01-09 00:45   256896   ----a-r-   c:\windows\system32\drivers\mrv8k51.sys
2011-08-26 11:45 . 2011-08-26 13:28   --------   d-----w-   c:\windows\mytmp
2011-08-23 04:20 . 2011-08-23 04:20   --------   d-----w-   c:\program files\LSPFix
2011-08-23 04:19 . 2011-08-23 04:19   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\WinZip
2011-08-23 01:07 . 2011-08-23 01:07   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-08-22 17:45 . 2003-06-25 20:05   266360   ----a-w-   c:\windows\system32\TweakUI.exe
2011-08-22 02:33 . 2011-08-22 02:33   --------   d-sh--w-   c:\documents and settings\James\IETldCache
2011-08-21 00:47 . 2011-08-21 00:47   --------   d-----w-   c:\program files\NirSoft
2011-08-21 00:41 . 2011-08-21 00:41   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-08-21 00:40 . 2011-08-21 14:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-08-21 00:40 . 2011-08-21 00:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-20 23:53 . 2011-08-20 23:53   --------   d-----w-   c:\program files\SiSoftware
2011-08-20 16:33 . 2011-08-20 16:33   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-08-18 21:51 . 2011-08-18 21:51   --------   d-sh--w-   c:\documents and settings\Dad\PrivacIE
2011-08-18 21:46 . 2011-08-18 21:46   --------   d-sh--w-   c:\documents and settings\Dad\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 15:37 . 2011-06-07 18:37   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-10 16:25 . 2011-07-18 06:15   21361   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2011-09-03 10:16 . 2004-09-30 22:17   599552   ----a-w-   c:\windows\system32\crypt32.dll
2011-08-08 21:06 . 2011-08-08 21:06   1409   ----a-w-   c:\windows\system32\tmpAE36E.FOT
2011-08-08 21:06 . 2011-08-08 21:06   1409   ----a-w-   c:\windows\system32\tmp3156E.FOT
2011-08-08 21:06 . 2011-08-08 21:06   1409   ----a-w-   c:\windows\system32\tmp2926E.FOT
2011-07-17 17:05 . 2011-07-17 16:52   42672   ----a-w-   c:\windows\system32\drivers\fsbts.sys.old
2011-07-15 13:29 . 2009-08-31 12:58   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-09 14:25 . 2011-07-09 14:21   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-09 14:25 . 2010-08-02 16:06   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-08 14:02 . 2009-08-31 12:58   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-08 10:37 . 2011-07-17 16:50   82200   ----a-w-   c:\windows\system32\drivers\fsdfw.sys.old
2011-07-08 07:55 . 2009-09-20 08:59   156672   ----a-w-   c:\windows\system32\rmc_fixasf.exe
2011-07-08 07:55 . 2009-09-20 08:59   237568   ----a-w-   c:\windows\system32\rmc_rtspdl.dll
2011-07-08 07:54 . 2009-09-20 08:55   323584   ----a-w-   c:\windows\system32\AUDIOGENIE2.DLL
2011-07-06 23:52 . 2011-06-12 04:24   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-06-12 04:23   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-08-31 12:58   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-09-30 22:17   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-09-30 22:17   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-09-30 22:16   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-06-23 12:05 . 2004-08-04 05:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-09-30 22:16   293376   ----a-w-   c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Louis\Start Menu\Programs\Startup\
Xfire.lnk.disabled [2005-9-19 662]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNA3100M Genie.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk
backup=c:\windows\pss\NETGEAR WNA3100M Genie.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20090604]
2009-06-12 18:40   102522   ----a-w-   c:\program files\Bicycle\Texas Hold ‘Em Poker\encore_reg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 19:35   67112   ----a-w-   c:\program files\aim\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-17 23:50   976832   ----a-w-   c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2009-08-27 20:05   1737216   ------w-   c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-07-06 23:52   1047656   ----a-w-   f:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38   421888   ----a-w-   f:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-08-12 21:37   4603264   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2009-08-04 20:49   1068424   ----a-w-   f:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-04-29 14:38   1652736   ----a-r-   c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSWNA3100M"=2 (0x2)
"BsUpdate"=3 (0x3)
"BsScanner"=3 (0x3)
"BsMain"=3 (0x3)
"BsMailProxy"=3 (0x3)
"BsFire"=3 (0x3)
"BsFileScan"=3 (0x3)
"BsBrowser"=3 (0x3)
"BsBhvScan"=3 (0x3)
"BsBackup"=3 (0x3)
"AOL ACS"=2 (0x2)
"!SASCORE"=2 (0x2)
"WANMiniportService"=2 (0x2)
"SSScsiSV"=3 (0x3)
"SQLBrowser"=2 (0x2)
"sprtsvc_medicsp2"=2 (0x2)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MBAMService"=2 (0x2)
"LexBceS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=c:\program files\AWS\WeatherBug\Weather.exe 1
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AIM"=c:\program files\aim\aim.exe -cnetwait.odl
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\MapleStory.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\GameLauncher.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\Patcher.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\Setup.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\ASPLnchr.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\HShield\\HSUpdate.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\HShield\\hslogmgr.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\HShield\\ahnrpt.exe"=
"f:\\Program Files\\Nexon\\MapleStory\\HShield\\Update\\autoup.exe"=
"c:\\Program Files\\Blockland\\Blockland.exe"=
"c:\\Program Files\\RNX-N150UBE\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP4c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP4c\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [10/13/2010 10:14 AM 24192]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [10/13/2010 10:17 AM 15360]
R3 WNA3100M;NETGEAR WNA3100M N300 Wireless Mini USB Adapter;c:\windows\system32\drivers\WNA3100M.sys [9/9/2011 9:57 PM 1275112]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [11/10/2009 9:36 AM 53280]
S3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [6/8/2009 12:25 AM 16640]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [1/23/2010 6:48 PM 29184]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [1/2/2001 11:53 PM 19677]
S3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [10/13/2010 10:17 AM 10368]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2/14/2007 5:24 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2/14/2007 5:16 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2/14/2007 5:14 PM 55936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/12/2011 12:23 AM 22712]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [10/13/2010 10:14 AM 9088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [6/10/2004 4:53 AM 6912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [7/18/2011 2:14 AM 606056]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/30/2004 6:16 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 11:53 PM 19677]
S3 XSHARK;XSHARK Driver (xshark.sys);c:\windows\system32\drivers\xshark.sys [12/1/2004 12:09 AM 22912]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/30/2004 6:16 PM 14336]
S4 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/12/2011 12:24 AM 366640]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 5:07 AM 24652]
S4 WSWNA3100M;WSWNA3100M;c:\program files\NETGEAR\WNA3100M\WifiSvc.exe [9/9/2011 9:57 PM 297440]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai   REG_MULTI_SZ      Akamai
WINRM   REG_MULTI_SZ      WINRM
BullGuard_Proxy   REG_MULTI_SZ      BsMailProxy
BullGuard_Backup   REG_MULTI_SZ      BsBackup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 08:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383220309-3576834443-136221615-1008Core.job
- c:\documents and settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 14:38]
.
2009-11-25 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2009-07-24 20:05]
.
2009-11-25 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2006-06-29 20:05]
.
2011-09-17 c:\windows\Tasks\User_Feed_Synchronization-{3C7212CE-7457-47A2-973E-8DFDE4AA53E8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qmpcfrl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 02:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"f:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"f:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2383220309-3576834443-136221615-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,0c,4d,78,13,aa,9a,42,93,af,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,0c,4d,78,13,aa,9a,42,93,af,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-09-17  02:13:24
ComboFix-quarantined-files.txt  2011-09-17 06:13
ComboFix2.txt  2011-09-15 03:55
ComboFix3.txt  2011-08-30 15:00
.
Pre-Run: 7,685,550,080 bytes free
Post-Run: 7,766,745,088 bytes free
.
- - End Of File - - 98031C34BBAF39B9875E229CEA03172B

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #51 on: September 17, 2011, 11:35:15 am »
Check and see if the digital media reader got reinstalled.

Also check your computer when it is running normally and see how it runs. Let me know.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #52 on: September 17, 2011, 09:03:26 pm »
Yes, it did get reinstalled and removed it. It's not running as slow as it was before, but I got a message before about the virtual paging file being to low so it was freezing my programs until it increased the size of the file.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #53 on: September 17, 2011, 09:21:49 pm »
Have you messed with your paging file at all? Also can you tell me how big your harddrives are, and how much free space is left?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #54 on: September 17, 2011, 09:34:16 pm »
Not that I know of. The original drive is 80GB with 6.62GB left and larger drive is 300GB with 84.3GB left.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #55 on: September 17, 2011, 09:40:00 pm »
Can you clean any files off the C: drive?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #56 on: September 18, 2011, 01:19:40 pm »
Would Windows Easy File Transfer be able to do that over wi-fi? Asking because we have 3 Windows 7 and 2 XP. From what I've tried so far, they haven't been able to connect successfully.
« Last Edit: September 18, 2011, 01:25:17 pm by Ascertain20 »

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #57 on: September 18, 2011, 07:51:27 pm »
Are they all have the same workgroup name? You should be able to move files between them easily, although you may only be able to move files to the public folder on the Windows 7 machine.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #58 on: September 26, 2011, 09:07:23 am »
Ascertain20, do you still need help?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25482
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #59 on: October 14, 2011, 10:11:30 pm »
This thread is being closed due to inactivity. If you need it reopened send me a PM. This applies to the originator only. Anyone else please start a new thread.


Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!