Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes, Blue Screens often


  • This topic is locked This topic is locked
6 replies to this topic

#1 sarahsmile

sarahsmile

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 July 2009 - 08:18 AM

My computer has become unusable and i have a major project due next week.

I have scanned it with ESET and found nothing.

It Blue screens over and over or the keyboard and mouse just freeze completely. This is occuring more frequently each day. I tried going back to a system restore before the problems began but within hours the problems were back.

When the computer starts backup i get the "This system has recovered from a serioius error" and then the error report says possible virus but i find nothing on scanning.

Thanks for your help,

Sarah


DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 8:14:12.68 on Thu 07/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2280 [GMT -4:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\ThreatFire\TFService.exe
C:\windows\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\UltraEdit-32\uedit32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 8\SnagItIEAddin.dll
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [SBCSTray] c:\program files\sunbelt software\counterspy\SBCSTray.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\egrabber\addressgrabber business 5.0\InternetAddress.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\oca
Trusted Zone: microsoft.com\www
Trusted Zone: pandasoftware.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - hxxps://oca.microsoft.com/en/secure/ocarpt.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joseph~1\applic~1\mozilla\firefox\profiles\fqaeu7iw.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\User\application data\mozilla\firefox\profiles\fqaeu7iw.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2007-11-5 15544]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-12 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-12 46864]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-12-21 3968]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-6-1 33920]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-12 33552]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 cmdGuard;cmdGuard;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
S1 cmdHlp;cmdHlp;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
S2 cmdAgent;cmdAgent;"c:\program files\comodo\firewall\cmdagent.exe" --> c:\program files\comodo\firewall\cmdagent.exe [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\joseph~1\locals~1\temp\cpuz.sys --> c:\docume~1\joseph~1\locals~1\temp\cpuz.sys [?]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2008-1-19 8576]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2007-12-23 44928]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-12-30 3379264]
S4 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe --> c:\windows\system32\drivers\services.exe [?]

=============== Created Last 30 ================

2009-07-02 07:30 268 ac--h--- C:\sqmdata07.sqm
2009-07-02 07:30 244 ac--h--- C:\sqmnoopt07.sqm
2009-07-02 06:35 <DIR> -cd----- c:\program files\CCleaner
2009-07-02 06:05 268 ac--h--- C:\sqmdata06.sqm
2009-07-02 06:05 244 ac--h--- C:\sqmnoopt06.sqm
2009-06-13 10:47 <DIR> -cd----- c:\windows\LastGood.Tmp
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\scripting
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\en
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\bits
2009-06-13 08:26 <DIR> -cd----- c:\windows\l2schemas
2009-06-13 08:25 <DIR> -cd----- c:\windows\ServicePackFiles
2009-06-13 08:20 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-13 08:18 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-13 08:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-13 08:17 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-13 08:17 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-13 08:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-13 08:12 7,680 ac------ c:\windows\system32\spdwnwxp.exe
2009-06-13 08:11 397,312 -c------ c:\windows\system32\mmcex.dll
2009-06-13 08:10 650,752 -c------ c:\windows\system32\dot3ui.dll
2009-06-13 08:09 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-13 08:09 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-13 08:08 2,560 -c------ c:\windows\system32\xpsp4res.dll
2009-06-13 08:08 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 08:08 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-13 02:19 268 ac--h--- C:\sqmdata04.sqm
2009-06-13 02:19 244 ac--h--- C:\sqmnoopt04.sqm
2009-06-13 01:44 202,776 ac------ c:\windows\system32\dllcache\wuweb.dll
2009-06-13 01:44 208,744 ac------ c:\windows\system32\muweb.dll
2009-06-13 00:49 42 ac------ c:\windows\system32\Jiii_PNUCT.pnc
2009-06-13 00:48 42 ac------ c:\windows\system32\AK083E209605E394C.lie

==================== Find3M ====================

2009-06-19 16:37 46,864 ac------ c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 16:37 33,552 ac------ c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 16:37 51,984 ac------ c:\windows\system32\drivers\TfFsMon.sys
2009-06-13 14:02 81,731 ac------ c:\windows\system32\nvModes.dat
2009-06-13 08:29 88,247 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 11:32 345,600 ac------ c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 ac------ c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 ac------ c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 ac------ c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 ac------ c:\windows\system32\rpcrt4.dll
2007-12-31 01:03 22,328 ac------ c:\docume~1\joseph~1\applic~1\PnkBstrK.sys
2007-12-31 00:59 103,736 ac------ c:\docume~1\joseph~1\applic~1\PnkBstrB.exe
2007-06-15 15:14 2,793 ac------ c:\docume~1\joseph~1\applic~1\SAS7_000.DAT
2007-03-21 06:06 50,208 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2007-03-21 06:06 2,080 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 8:15:20.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 06 July 2009 - 10:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 sarahsmile

sarahsmile
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 07 July 2009 - 09:40 AM

Since July 2nd, i've tried numerous antivirus scans under safe mode. ESET found a number of viruses, I think. It took it nearly 24 hours to scan the harddrives. Don't know why it took so long.

Sadly no positive effect. It is still bluescreening frequently and on start up the error report occassionally states that the spooldr.sys virus caused it. But googling spooldr.sys, i see none of the indicia of that virus on the system.

Here is the DDR.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 9:43:20.32 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2299 [GMT -4:00]

AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\ThreatFire\TFService.exe
C:\windows\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\windows\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\PROGRAM FILES\GPSOFTWARE\DIRECTORY OPUS\DOPUS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070314
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 8\SnagItBHO.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 8\SnagItIEAddin.dll
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - e:\program files\copernic desktop search 2\DesktopSearchBand202000032.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\egrabber\addressgrabber business 5.0\InternetAddress.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\oca
Trusted Zone: microsoft.com\www
Trusted Zone: pandasoftware.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - hxxps://oca.microsoft.com/en/secure/ocarpt.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joseph~1\applic~1\mozilla\firefox\profiles\fqaeu7iw.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\User\application

data\mozilla\firefox\profiles\fqaeu7iw.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-12 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-12 46864]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-12-21 3968]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 94360]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-6-1 33920]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-7-5 13360]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-5 353680]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-12 33552]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 cmdGuard;cmdGuard;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
S1 cmdHlp;cmdHlp;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
S2 cmdAgent;cmdAgent; [x]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2008-12-17 886056]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-7-5 69168]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz126;cpuz126;\??\c:\docume~1\joseph~1\locals~1\temp\cpuz.sys --> c:\docume~1\joseph~1\locals~1\temp\cpuz.sys [?]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [2007-8-28 191104]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2008-1-19 8576]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2007-12-23 44928]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S4 Windows Services Control;Windows Services Control; [x]

=============== Created Last 30 ================

2009-07-07 09:28 <DIR> -cd----- c:\program files\Windows Installer Clean Up
2009-07-07 09:28 <DIR> -cd----- c:\program files\MSECACHE
2009-07-06 05:39 <DIR> --dsh--- C:\found.003
2009-07-05 22:31 <DIR> -cd----- c:\program files\DAEMON Tools Pro
2009-07-05 22:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-07-05 22:06 <DIR> -cd----- c:\docume~1\joseph~1\applic~1\DAEMON Tools Pro
2009-07-05 21:49 721,904 ac------ c:\windows\system32\drivers\sptd.sys
2009-07-05 16:29 1,221,008 ac------ c:\windows\system32\zpeng25.dll
2009-07-05 16:29 <DIR> -cd----- c:\windows\system32\ZoneLabs
2009-07-05 16:29 352,606 ac------ c:\windows\system32\vsconfig.xml
2009-07-05 14:00 69,168 ac------ c:\windows\system32\drivers\sbapifs.sys
2009-07-05 14:00 13,360 ac------ c:\windows\system32\drivers\sbaphd.sys
2009-07-05 13:49 <DIR> -cd----- c:\docume~1\joseph~1\applic~1\Sunbelt
2009-07-05 13:46 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-07-04 18:29 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-04 09:23 268 ac--h--- C:\sqmdata19.sqm
2009-07-04 09:23 244 ac--h--- C:\sqmnoopt19.sqm
2009-07-04 08:12 <DIR> -cd----- c:\windows\SxsCaPendDel
2009-07-04 08:07 268 ac--h--- C:\sqmdata18.sqm
2009-07-04 08:07 244 ac--h--- C:\sqmnoopt18.sqm
2009-07-04 07:20 268 ac--h--- C:\sqmdata17.sqm
2009-07-04 07:20 244 ac--h--- C:\sqmnoopt17.sqm
2009-07-04 07:15 <DIR> -cdsh--- c:\documents and settings\User\IECompatCache
2009-07-04 07:13 <DIR> -cdsh--- c:\documents and settings\User\PrivacIE
2009-07-04 07:07 <DIR> -cdsh--- c:\documents and settings\User\IETldCache
2009-07-04 06:47 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-04 06:47 <DIR> -cd----- c:\windows\ie8updates
2009-07-04 06:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-04 06:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-04 06:45 <DIR> -cd-h--- c:\windows\ie8
2009-07-04 06:03 268 ac--h--- C:\sqmdata16.sqm
2009-07-04 06:03 244 ac--h--- C:\sqmnoopt16.sqm
2009-07-04 05:43 <DIR> --dsh--- C:\found.002
2009-07-03 21:09 268 ac--h--- C:\sqmdata15.sqm
2009-07-03 21:09 244 ac--h--- C:\sqmnoopt15.sqm
2009-07-03 18:00 268 ac--h--- C:\sqmdata14.sqm
2009-07-03 18:00 244 ac--h--- C:\sqmnoopt14.sqm
2009-07-03 16:42 268 ac--h--- C:\sqmdata13.sqm
2009-07-03 16:42 244 ac--h--- C:\sqmnoopt13.sqm
2009-07-03 15:45 268 ac--h--- C:\sqmdata12.sqm
2009-07-03 15:45 244 ac--h--- C:\sqmnoopt12.sqm
2009-07-03 14:55 268 ac--h--- C:\sqmdata11.sqm
2009-07-03 14:55 244 ac--h--- C:\sqmnoopt11.sqm
2009-07-03 12:45 <DIR> -cd----- c:\program files\common files\EZB Systems
2009-07-03 12:45 <DIR> -cd----- c:\program files\UltraISO
2009-07-03 12:38 268 ac--h--- C:\sqmdata10.sqm
2009-07-03 12:38 244 ac--h--- C:\sqmnoopt10.sqm
2009-07-03 06:44 <DIR> -cd----- c:\docume~1\joseph~1\applic~1\Blackberry Desktop
2009-07-03 06:31 256 ac------ c:\windows\system32\pool.bin
2009-07-03 06:31 <DIR> -cd----- c:\docume~1\joseph~1\applic~1\Research In Motion
2009-07-02 20:25 26,496 ac---r-- c:\windows\system32\drivers\RimSerial.sys
2009-07-02 20:24 <DIR> -cd----- c:\program files\common files\Research In Motion
2009-07-02 20:24 <DIR> -cd----- c:\program files\Research In Motion
2009-07-02 19:00 <DIR> -cd----- c:\program files\common files\Realtime Soft
2009-07-02 19:00 <DIR> -cd----- c:\program files\UltraMon
2009-07-02 19:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Realtime Soft
2009-07-02 18:49 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-07-02 18:48 <DIR> -cd----- c:\docume~1\joseph~1\applic~1\Smith Micro
2009-07-02 18:45 <DIR> -cd----- c:\program files\Kyocera Wireless Corp
2009-07-02 18:45 <DIR> -cd----- c:\program files\Verizon Wireless
2009-07-02 17:52 268 ac--h--- C:\sqmdata09.sqm
2009-07-02 17:52 244 ac--h--- C:\sqmnoopt09.sqm
2009-07-02 17:27 268 ac--h--- C:\sqmdata08.sqm
2009-07-02 17:27 244 ac--h--- C:\sqmnoopt08.sqm
2009-07-02 13:39 <DIR> -cd----- c:\program files\WebEx
2009-07-02 13:38 23,984 ac------ c:\windows\system32\drivers\pnarp.sys
2009-07-02 13:38 25,264 ac------ c:\windows\system32\drivers\purendis.sys
2009-07-02 13:38 <DIR> -cd----- c:\program files\common files\Pure Networks Shared
2009-07-02 13:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-07-02 10:56 <DIR> -cd----- c:\program files\WinASO
2009-07-02 07:30 268 ac--h--- C:\sqmdata07.sqm
2009-07-02 07:30 244 ac--h--- C:\sqmnoopt07.sqm
2009-07-02 06:35 <DIR> -cd----- c:\program files\CCleaner
2009-07-02 06:05 268 ac--h--- C:\sqmdata06.sqm
2009-07-02 06:05 244 ac--h--- C:\sqmnoopt06.sqm
2009-06-13 10:47 <DIR> -cd----- c:\windows\LastGood.Tmp
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\scripting
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\en
2009-06-13 08:26 <DIR> -cd----- c:\windows\system32\bits
2009-06-13 08:26 <DIR> -cd----- c:\windows\l2schemas
2009-06-13 08:25 <DIR> -cd----- c:\windows\ServicePackFiles
2009-06-13 08:20 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-13 08:18 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-13 08:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-13 08:17 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-13 08:17 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-13 08:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-13 08:12 7,680 ac------ c:\windows\system32\spdwnwxp.exe
2009-06-13 08:11 397,312 -c------ c:\windows\system32\mmcex.dll
2009-06-13 08:10 650,752 -c------ c:\windows\system32\dot3ui.dll
2009-06-13 08:09 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-13 08:09 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-13 08:08 2,560 -c------ c:\windows\system32\xpsp4res.dll
2009-06-13 08:08 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 08:08 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-13 02:19 268 ac--h--- C:\sqmdata04.sqm
2009-06-13 02:19 244 ac--h--- C:\sqmnoopt04.sqm
2009-06-13 01:44 202,776 ac------ c:\windows\system32\dllcache\wuweb.dll
2009-06-13 01:44 208,744 ac------ c:\windows\system32\muweb.dll
2009-06-13 00:49 42 ac------ c:\windows\system32\Jiii_PNUCT.pnc
2009-06-13 00:48 42 ac------ c:\windows\system32\AK083E209605E394C.lie

==================== Find3M ====================

2009-07-05 22:01 4,212 ac--h--- c:\windows\system32\zllictbl.dat
2009-07-02 18:06 81,791 ac------ c:\windows\system32\nvModes.dat
2009-06-19 16:37 46,864 ac------ c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 16:37 33,552 ac------ c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 16:37 51,984 ac------ c:\windows\system32\drivers\TfFsMon.sys
2009-06-13 08:29 88,247 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-14 15:49 94,360 ac------ c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 15:47 107,256 ac------ c:\windows\system32\drivers\ehdrv.sys
2009-05-14 15:41 114,472 ac------ c:\windows\system32\drivers\eamon.sys
2009-05-13 01:15 915,456 ac------ c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 ac------ c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 ac------ c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 ac------ c:\windows\system32\rpcrt4.dll
2007-12-31 01:03 22,328 ac------ c:\docume~1\joseph~1\applic~1\PnkBstrK.sys
2007-12-31 00:59 103,736 ac------ c:\docume~1\joseph~1\applic~1\PnkBstrB.exe
2007-06-15 15:14 2,793 ac------ c:\docume~1\joseph~1\applic~1\SAS7_000.DAT
2007-03-21 06:06 50,208 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2007-03-21 06:06 2,080 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 9:43:46.00 ===============

Attached Files



#4 sarahsmile

sarahsmile
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 07 July 2009 - 12:37 PM

It just blue screened again with the message:

A problem has been detected and Windows has been shut down to prevent damage to your computer.

BAD_POOL_HEADER

Technical Information

STOP: 0xoooooo19 (0.00000020, 0x00000718, 0x00001220, 0.0B616113)

Beginning dump of physical memory

#5 sarahsmile

sarahsmile
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 08 July 2009 - 02:52 PM

Well, I had to give it up and start from scratch. I formatted the hard drive and wiped it using Acronis Disk Cleaner. Then I used a backup of my last clean install using acronis workstation. I scanned that install with Malwarebytes and Eset, and Panda Online. there were a few trojan droppers found in .exe files that had some how replaced a directory full of pictures in the My Picture folder.

It hasn't blue screened so far so I'm hoping that the quasi-reinstall will do the trick.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 10 July 2009 - 08:41 AM

Hello.

From a quick look at your logs, this was not caused by malware.

Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 July 2009 - 08:46 AM

Hello.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users