BleepingComputer.com: Getting constant BSOD occurrances and can only boot in safe mode

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Getting constant BSOD occurrances and can only boot in safe mode

#1 User is offline   Lyssfrgr 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 01-April 11

Posted 14 July 2011 - 07:37 PM

I have been having major problems with my computer. I had the BSOD twice yesterday, as well as a few other times. I am now unable to boot in normal mode, and am stuck in safe mode. When I try to boot in normal mode, my desktop shows up, but I am unable to do anything and then the screen goes black with an error code I wish I had written down. I can not get into a lot of my files as they are locked and even when I take ownership and change privileges, it still says access denied. I will admit up front that I did/do have p2p programs on my system. I have tried uninstalling them, but nothing happens! Below is the DDS log I just ran. I have not included a GMER log since the last time I tried to run it, my computer crashed. I can try again, but I really wanted to get this posted as soon as I could to start somewhere. Any help would be greatly appreciated. Thank you so much in advance!

DDS (Ver_2011-07-14.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Alyssa at 20:15:36 on 2011-07-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2370 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\windows\SysWOW64\DllHost.exe
C:\Users\Alyssa\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\explorer.exe
C:\windows\explorer.exe
C:\windows\explorer.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Users\Alyssa\Downloads\Defogger(2).exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{8685EAEB-7A9D-44DF-91C1-93DDA2A53965} : DHCPNameServer = 192.168.15.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mSearchAssistant = hxxp://www.yahoo.com
x64-mCustomizeSearch = hxxp://www.yahoo.com
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\2bqv3bnc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e02b478&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R0 Lbd;Lbd;C:\windows\System32\drivers\Lbd.sys [2011-7-14 69376]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-4-30 55856]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-4-30 482384]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2151640]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-4-30 215040]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2011-4-30 446976]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R4 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-5-4 2440632]
S0 TfFsMon;TfFsMon;C:\windows\System32\drivers\TfFsMon.sys [2011-7-14 65072]
S0 TfSysMon;TfSysMon;C:\windows\System32\drivers\TfSysMon.sys [2011-7-14 74824]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-7-14 67584]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-30 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
S2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-22 1025352]
S3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\AVGIDSDriver.sys [2011-4-14 118864]
S3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
S3 COH_Mon;COH_Mon;C:\windows\System32\drivers\COH_Mon.sys [2011-5-4 25424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-21 136824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-30 135664]
S3 MEMSWEEP2;MEMSWEEP2;C:\windows\System32\78F9.tmp [2011-7-14 6144]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-4-30 222208]
S3 TfNetMon;TfNetMon;C:\windows\System32\drivers\TfNetMon.sys [2011-7-14 41888]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-4-30 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-2 1255736]
.
=============== Created Last 30 ================
.
2011-07-15 00:10:02 -------- d-----w- C:\Users\Alyssa\AppData\Local\Safe mirror
2011-07-15 00:07:18 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-07-14 22:51:14 6144 ------w- C:\windows\System32\78F9.tmp
2011-07-14 22:37:24 6144 ------w- C:\windows\System32\CD5D.tmp
2011-07-14 22:37:03 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-14 05:19:46 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-07-14 05:19:39 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-14 05:18:56 74824 ----a-w- C:\windows\System32\drivers\TfSysMon.sys
2011-07-14 05:18:56 65072 ----a-w- C:\windows\System32\drivers\TfFsMon.sys
2011-07-14 05:18:56 41888 ----a-w- C:\windows\System32\drivers\TfNetMon.sys
2011-07-14 05:18:54 -------- d-----w- C:\ProgramData\PC Tools
2011-07-14 05:18:54 -------- d-----w- C:\Program Files (x86)\ThreatFire
2011-07-14 01:13:14 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-13 23:20:50 -------- d-----w- C:\ProgramData\SecTaskMan
2011-07-13 23:20:45 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-07-13 03:36:12 696832 ----a-w- C:\windows\System32\xvidcore.dll
2011-07-13 03:36:12 645632 ----a-w- C:\windows\SysWow64\xvidcore.dll
2011-07-13 03:36:12 255488 ----a-w- C:\windows\System32\xvidvfw.dll
2011-07-13 03:36:12 240640 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2011-07-13 03:36:12 173568 ----a-w- C:\windows\System32\xvid.ax
2011-07-13 03:36:12 153088 ----a-w- C:\windows\SysWow64\xvid.ax
2011-07-12 23:24:59 338944 ----a-w- C:\windows\System32\conhost.exe
2011-07-12 23:24:59 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-12 23:24:59 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-12 23:24:59 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-12 23:24:58 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-12 23:24:58 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-12 23:24:58 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-12 23:24:58 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-12 23:24:58 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-12 23:24:50 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-09 19:04:02 -------- d-----w- C:\Program Files (x86)\SelectRebates
2011-07-09 06:36:47 -------- d-----w- C:\Users\Alyssa\AppData\Local\DDMSettings
2011-07-09 06:29:24 -------- d-----w- C:\Program Files\DivX
2011-07-09 06:29:14 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-09 06:24:40 -------- d-----w- C:\Program Files (x86)\DivX
2011-07-09 06:23:43 -------- d-----w- C:\ProgramData\DivX
2011-07-06 05:26:18 -------- d-----w- C:\Program Files\iPod
2011-07-06 05:26:17 -------- d-----w- C:\Program Files\iTunes
2011-07-06 05:26:17 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-06 03:50:02 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 03:50:02 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-06 02:00:21 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2011-07-06 01:59:09 -------- d-----w- C:\Program Files (x86)\Superfish
2011-07-06 01:59:09 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-07-05 17:26:45 -------- d--h--w- C:\$AVG
2011-07-01 05:59:16 -------- d-----w- C:\Users\Alyssa\AppData\Local\{BA044584-419F-4DAE-B429-728D628D9B77}
2011-07-01 05:59:16 -------- d-----w- C:\Users\Alyssa\AppData\Local\{23EF4BFB-E0FC-4988-B27C-C36EC63BB863}
2011-06-28 04:33:53 -------- d-----w- C:\Program Files (x86)\Common Files\eSellerate
2011-06-28 04:33:49 -------- d-----w- C:\Program Files (x86)\Chess Buddy Yahoo
2011-06-26 08:19:36 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\SoMud
2011-06-25 02:20:05 -------- d-----w- C:\Users\Alyssa\AppData\Local\{34FFC964-C03F-4CC4-83BE-D73EEB18BF3D}
2011-06-25 02:18:53 -------- d-----w- C:\Users\Alyssa\AppData\Local\{104246FD-1D01-4B7D-AA7F-E4AE823BA70A}
2011-06-25 02:18:19 -------- d-----w- C:\Users\Alyssa\AppData\Local\{E3851C12-EF11-42CA-A58E-52F547670602}
2011-06-24 07:33:07 -------- d-----w- C:\Users\Alyssa\AppData\Local\{78CB17B6-B9B7-4383-96B5-6466562B7BFE}
2011-06-24 04:08:55 -------- d-----w- C:\Program Files (x86)\Conduit
2011-06-24 04:08:49 0 ----a-w- C:\windows\SysWow64\ConduitEngine.tmp
2011-06-24 04:08:49 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-06-24 04:08:48 -------- d-----w- C:\Users\Alyssa\AppData\Local\Conduit
2011-06-24 04:08:46 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-06-24 01:58:59 -------- d-----w- C:\Program Files (x86)\Coupons
2011-06-24 01:33:41 -------- d-----w- C:\REMEMBER_ME
2011-06-23 22:12:41 -------- d-----w- C:\Users\Alyssa\AppData\Local\{7F5FF291-8D4D-4F4E-B50F-E89AF11A20CB}
2011-06-23 22:04:43 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\HandBrake
2011-06-23 22:04:43 -------- d-----w- C:\Users\Alyssa\AppData\Local\HandBrake
2011-06-23 22:04:31 -------- d-----w- C:\Program Files (x86)\Handbrake
2011-06-23 21:56:42 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\AVS4YOU
2011-06-23 21:55:16 10833920 ----a-w- C:\windows\SysWow64\libmfxsw32.dll
2011-06-23 21:55:15 10915840 ----a-w- C:\windows\SysWow64\libmfxhw32.dll
2011-06-23 21:55:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-06-23 21:54:41 24576 ----a-w- C:\windows\SysWow64\msxml3a.dll
2011-06-23 21:54:41 1700352 ----a-w- C:\windows\SysWow64\GdiPlus.dll
2011-06-23 21:54:40 -------- d-----w- C:\ProgramData\AVS4YOU
2011-06-23 21:54:40 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-06-23 20:34:30 -------- d-----w- C:\HANNIBAL
2011-06-23 03:42:25 -------- d-----w- C:\Users\Alyssa\AppData\Local\AVG Security Toolbar
2011-06-23 03:36:27 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\AVG10
2011-06-23 03:35:20 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-06-23 03:35:03 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-06-23 03:34:06 -------- d-----w- C:\windows\System32\drivers\AVG
2011-06-23 03:34:06 -------- d-----w- C:\ProgramData\AVG10
2011-06-23 03:33:21 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-23 01:44:13 -------- d--h--w- C:\ProgramData\Common Files
2011-06-23 00:12:33 -------- d-----w- C:\ProgramData\MFAData
2011-06-21 22:40:22 -------- d-----w- C:\Users\Alyssa\AppData\Local\Windows Live Writer
2011-06-21 22:40:21 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\Windows Live Writer
2011-06-21 20:05:50 -------- d-----w- C:\windows\en
2011-06-21 20:03:45 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-06-21 20:03:45 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-06-21 20:03:45 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-06-21 20:03:45 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-06-21 06:27:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-21 06:09:20 98816 ----a-w- C:\windows\sed.exe
2011-06-21 06:09:20 256512 ----a-w- C:\windows\PEV.exe
2011-06-21 06:09:20 208896 ----a-w- C:\windows\MBR.exe
2011-06-21 06:04:31 -------- d-----w- C:\ComboFix
2011-06-21 05:53:08 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\SUPERAntiSpyware.com
2011-06-21 05:53:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-21 05:47:56 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-21 05:47:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-21 05:21:29 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-06-21 05:16:19 388096 ----a-r- C:\Users\Alyssa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-21 05:16:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-21 03:56:15 -------- d-----w- C:\Users\Alyssa\AppData\Local\NPE
2011-06-21 03:41:21 -------- d-----w- C:\Program Files (x86)\Xvid
2011-06-20 17:02:17 -------- d-----w- C:\ProgramData\Nero
2011-06-20 16:40:06 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-06-19 00:15:48 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\IrfanView
2011-06-19 00:15:47 -------- d-----w- C:\Program Files (x86)\IrfanView
2011-06-18 01:57:55 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-18 01:57:55 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-06-18 01:38:24 -------- d-----w- C:\ProgramData\AIM
2011-06-18 01:38:20 -------- d-----w- C:\Program Files (x86)\AIM
2011-06-18 01:38:19 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-06-18 01:20:24 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\AOL
2011-06-18 01:20:00 -------- d-----w- C:\ProgramData\Viewpoint
2011-06-18 01:19:58 -------- d-----w- C:\Program Files (x86)\Viewpoint
2011-06-18 01:19:57 58696 ----a-w- C:\windows\SysWow64\AOLParconLink.exe
2011-06-18 01:18:58 24064 ----a-w- C:\windows\System32\drivers\wanatw64.sys
2011-06-18 01:18:02 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-06-18 01:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\aolshare
2011-06-18 01:18:01 -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.6
2011-06-18 00:28:47 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\mIRC
2011-06-18 00:28:46 -------- d-----w- C:\Program Files (x86)\mIRC
2011-06-16 20:03:00 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2011-06-16 06:01:40 91568 ----a-w- C:\windows\System32\drivers\scdemu.sys
2011-06-16 06:01:40 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-06-16 05:54:59 -------- d-----w- C:\Program Files (x86)\SlySoft
2011-06-16 05:02:56 -------- d-----w- C:\Party_Monster
2011-06-16 04:39:49 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys
2011-06-16 04:39:48 499712 ----a-w- C:\windows\System32\drivers\afd.sys
2011-06-16 04:39:48 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-06-16 04:39:32 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-06-16 04:39:31 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-06-16 04:39:31 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-06-16 04:38:00 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-06-16 04:38:00 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-06-16 04:37:58 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-06-16 04:37:58 399872 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-06-16 04:37:58 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-06-16 04:37:52 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-06-16 04:37:51 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-06-16 04:37:50 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-06-16 04:37:50 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-06-16 03:31:15 -------- d-----w- C:\NO_LABEL
2011-06-16 03:13:24 -------- d-----w- C:\Party Monster
2011-06-16 03:12:16 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2011-06-16 03:09:20 -------- d-----w- C:\Users\Alyssa\AppData\Roaming\RipIt4Me
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-06 03:53:38 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
2011-06-02 17:53:02 94208 ----a-w- C:\windows\SysWow64\dpl100.dll
2011-06-02 06:45:22 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-02 05:56:28 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:21:59 404992 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-10 12:06:08 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-05-04 22:00:49 172080 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2011-05-04 15:31:04 52784 ----a-w- C:\windows\System32\drivers\WPSDRVnt.sys
2011-05-04 15:31:04 137544 ----a-w- C:\windows\SysWow64\SymVPN.dll
2011-05-04 15:31:04 137544 ----a-w- C:\windows\System32\SymVPN.dll
2011-05-04 15:31:02 89088 ----a-w- C:\windows\SysWow64\atl71.dll
2011-05-04 15:31:02 49480 ----a-w- C:\windows\SysWow64\FwsVpn.dll
2011-05-04 15:31:01 480304 ----a-w- C:\windows\SysWow64\drivers\srtspl64.sys
2011-05-04 15:31:01 480304 ----a-w- C:\windows\System32\drivers\srtspl64.sys
2011-05-04 15:31:01 441904 ----a-w- C:\windows\SysWow64\drivers\srtsp64.sys
2011-05-04 15:31:01 441904 ----a-w- C:\windows\System32\drivers\srtsp64.sys
2011-05-04 15:31:01 32304 ----a-w- C:\windows\SysWow64\drivers\srtspx64.sys
2011-05-04 15:31:01 32304 ----a-w- C:\windows\System32\drivers\srtspx64.sys
2011-05-04 15:30:56 62512 ----a-w- C:\windows\System32\drivers\Teefer2.sys
2011-05-04 15:30:48 25424 ----a-w- C:\windows\System32\drivers\COH_Mon.sys
2011-05-04 05:30:38 2326016 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
.
============= FINISH: 20:16:01.07 ===============

Attached File(s)


#2 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,816
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 17 July 2011 - 04:35 PM

Hi Lyssfrgr and welcome to Bleeping Computer.

If you have not resolved the issue please update me on the current condition of your computer.
Posted Image

#3 User is offline   Lyssfrgr 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 01-April 11

Posted 17 July 2011 - 05:33 PM

Thank you for getting back to me, but I had to restore back to factory settings. Whatever was infecting my system made it so I couldn't boot in safe mode or normal mode. Also, when I tried to restore to a previous date, it informed me that all of my drivers would be gone. I wish I knew what it was, but it's too late now :(

#4 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,816
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 17 July 2011 - 05:42 PM

Thanks for letting me know and glad it is resolved anyway.:)

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.
Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users