Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus I think?! Computer restarts about every 30 mins...


  • Please log in to reply
5 replies to this topic

#1 johndglas

johndglas

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 17 January 2010 - 01:44 AM

Hi their guys new and I need some help. I have this problem which I think is a virus. i've looked it up here and their online and it seems like it is.

Every 30 minutes or so I'll get either an "DCOM has terminated..." error or a plug and play something has terminated and the computer restarts. Now when I go to google something i get the same ad over and over about Defender registry download and some of my links keep going to info.com.

If you need to know anything about my computer please just give me step by step and I'll get whatever info you need. I'm not the brightest at this thing. I do have Malwarebytes anti-malware app and have had it but it won't find anything. I searched with AVG but it doesn't find anything.

BC AdBot (Login to Remove)

 


#2 johndglas

johndglas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 18 January 2010 - 02:06 AM

Bump.

have an annoying redirect virus. I think this is all related but I honestly don't know.

#3 johndglas

johndglas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 18 January 2010 - 01:32 PM

anything i need to still do?




ComboFix 10-01-18.01 - SageBigly 01/18/2010 13:15:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.2144 [GMT -5:00]
Running from: c:\users\SageBigly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1330578457-975718839-1319057842-500
c:\$recycle.bin\S-1-5-21-2320622200-290198469-743072080-500
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\users\SageBigly\AppData\Roaming\.#
c:\users\SageBigly\AppData\Roaming\.#\MBX@CFC@19F8978.###
c:\users\SageBigly\AppData\Roaming\inst.exe
c:\windows\Fonts\hl2crosshairs.ttf
c:\windows\system32\1520170.dll
c:\windows\system32\launcher.exe
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-18 18:25 . 2010-01-18 18:26 -------- d-----w- c:\users\SageBigly\AppData\Local\temp
2010-01-18 18:25 . 2010-01-18 18:25 -------- d-----w- c:\users\Mcx1-SAGEBIGLY-PC\AppData\Local\temp
2010-01-18 18:25 . 2010-01-18 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-18 14:03 . 2010-01-18 14:03 4624 ----a-w- c:\windows\system32\zzop91.dll
2010-01-17 06:47 . 2010-01-17 06:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-17 06:46 . 2010-01-18 06:55 -------- d-----w- c:\users\SageBigly\AppData\Roaming\SUPERAntiSpyware.com
2010-01-17 06:46 . 2010-01-18 06:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-17 05:40 . 2010-01-18 06:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-17 05:40 . 2010-01-18 06:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 03:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 03:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 18:51 . 2010-01-16 18:51 -------- d-----w- C:\perflogs
2010-01-10 17:35 . 2010-01-17 03:17 -------- d-----w- c:\program files\GyroTools - Air Mouse
2010-01-10 17:35 . 2010-01-13 12:56 -------- d-----w- c:\users\SageBigly\AppData\Roaming\GyroTools
2010-01-10 14:51 . 2010-01-10 14:51 272384 ----a-w- c:\users\SageBigly\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2010-01-10 14:51 . 2010-01-10 14:51 196608 ----a-w- c:\users\SageBigly\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2010-01-10 14:51 . 2010-01-10 14:51 258048 ----a-w- c:\users\SageBigly\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2010-01-10 14:51 . 2010-01-10 14:51 -------- d-----w- c:\users\SageBigly\AppData\Roaming\Acreon
2010-01-10 14:51 . 2010-01-10 14:58 -------- d-----w- c:\users\SageBigly\AppData\Local\._Revolution_
2010-01-09 15:12 . 2010-01-09 15:12 -------- d-----w- c:\users\SageBigly\AppData\Local\Blizzard Entertainment
2010-01-09 09:54 . 2010-01-09 10:28 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-01-08 15:39 . 2010-01-17 03:17 -------- d-----w- c:\program files\Crayon Physics Deluxe
2010-01-08 15:29 . 2010-01-18 01:48 -------- d-----w- C:\World of Warcraft
2010-01-08 15:29 . 2010-01-08 15:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-08 15:29 . 2010-01-08 15:29 -------- d-----w- c:\program files\World of Warcraft
2010-01-04 14:32 . 2010-01-17 03:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-02 17:44 . 2009-12-23 23:26 52224 ----a-w- c:\users\SageBigly\AppData\Roaming\Mozilla\Firefox\Profiles\1rhbm9l5.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}\components\FFExternalAlert.dll
2010-01-02 17:44 . 2009-12-23 23:26 101376 ----a-w- c:\users\SageBigly\AppData\Roaming\Mozilla\Firefox\Profiles\1rhbm9l5.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}\components\RadioWMPCore.dll
2010-01-01 04:37 . 2010-01-17 04:16 -------- d-----w- c:\program files\Runtime Software
2010-01-01 04:08 . 2010-01-01 04:08 -------- d-----w- c:\users\SageBigly\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-01-01 02:25 . 2010-01-17 03:43 -------- d-----w- C:\gPotato.com
2009-12-31 03:53 . 2009-12-31 03:53 2145 ----a-w- c:\users\SageBigly\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\ows.messenger.msn.com
2009-12-31 00:16 . 2009-12-31 00:16 2087 ----a-w- c:\users\SageBigly\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-31 00:16 . 2009-12-31 00:16 2095 ----a-w- c:\users\SageBigly\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\login.live.com
2009-12-31 00:14 . 2009-12-31 00:14 1251 ----a-w- c:\users\SageBigly\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2009-12-31 00:10 . 2009-12-31 00:10 -------- d-----w- c:\users\SageBigly\AppData\Roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-12-31 00:09 . 2010-01-17 03:17 -------- d-----w- c:\program files\Raptr
2009-12-31 00:09 . 2009-12-31 00:09 -------- d-----w- c:\users\SageBigly\AppData\Roaming\Raptr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 18:11 . 2009-01-29 14:39 -------- d-----w- c:\programdata\NVIDIA
2010-01-18 07:33 . 2009-03-25 19:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 06:56 . 2009-02-13 06:02 -------- d-----w- c:\program files\Electronic Arts
2010-01-18 06:56 . 2009-02-11 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 06:55 . 2009-02-11 20:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 01:27 . 2009-02-14 14:56 -------- d-----w- c:\users\SageBigly\AppData\Roaming\uTorrent
2010-01-17 16:16 . 2009-01-29 14:57 -------- d-----w- c:\programdata\Uninstall
2010-01-17 16:16 . 2009-01-29 14:52 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-17 16:14 . 2009-01-29 14:54 -------- d-----w- c:\programdata\Roxio
2010-01-17 15:58 . 2009-04-28 22:12 -------- d-----w- c:\program files\Steam
2010-01-17 10:54 . 2009-08-04 11:46 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-17 03:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-17 03:16 . 2009-10-29 02:18 -------- d-----w- c:\program files\Common Files\logishrd
2010-01-17 03:16 . 2009-10-13 19:04 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-17 03:16 . 2009-03-20 18:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-17 03:16 . 2009-07-04 14:24 -------- d-----w- c:\program files\CCleaner
2010-01-17 03:16 . 2009-07-01 12:58 -------- d-----w- c:\program files\CFToolbox
2010-01-17 03:16 . 2009-02-22 05:50 -------- d-----w- c:\program files\CDisplay
2010-01-17 03:16 . 2009-06-01 17:37 -------- d-----w- c:\program files\Apple Software Update
2010-01-17 03:16 . 2009-02-11 20:17 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-14 16:12 . 2009-10-02 22:53 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 17:49 . 2009-09-10 19:35 -------- d-----w- c:\users\SageBigly\AppData\Roaming\IGN_DLM
2010-01-08 15:56 . 2009-05-14 19:06 -------- d-----w- c:\users\SageBigly\AppData\Roaming\Crayon Physics Deluxe
2010-01-07 21:07 . 2009-03-25 19:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-03-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:12 . 2009-06-06 15:13 21840 ------w- c:\windows\system32\SIntfNT.dll
2010-01-06 15:12 . 2009-06-06 15:13 17212 ------w- c:\windows\system32\SIntf32.dll
2009-12-31 03:50 . 2009-07-16 15:34 -------- d-----w- c:\programdata\PMB Files
2009-12-25 02:56 . 2009-02-11 20:49 3432 ------w- c:\windows\system32\ealregsnapshot1.reg
2009-12-22 21:32 . 2009-02-11 20:01 86800 ----a-w- c:\users\SageBigly\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 13:43 . 2009-12-18 19:40 6667344 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Support\EADM\eadm-installer.exe
2009-12-19 10:30 . 2009-12-18 19:40 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Game\Bin\TSLHelper.exe
2009-12-19 10:28 . 2009-12-18 19:40 1969936 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Game\Bin\Sims3EP01GDF.dll
2009-12-19 10:26 . 2009-12-18 19:40 300304 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Game\Bin\paul.dll
2009-12-19 10:26 . 2009-12-18 19:40 107792 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Game\Bin\S3Launcher.exe
2009-12-19 02:24 . 2009-12-19 02:24 -------- d-----w- c:\users\SageBigly\AppData\Roaming\runic games
2009-12-18 19:41 . 2009-12-18 19:40 319488 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\_Setup.dll
2009-12-18 19:41 . 2009-12-18 19:40 398608 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Sims3EP01Setup.exe
2009-12-18 19:40 . 2009-12-18 19:40 555520 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\ISSetup.dll
2009-12-18 19:40 . 2009-12-18 19:40 54544 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2275720902 }\sims3_ep01_sku7\Autorun.exe
2009-12-12 18:27 . 2009-12-12 18:27 -------- d-----w- c:\users\SageBigly\AppData\Roaming\Amazon
2009-12-12 18:26 . 2009-12-12 18:26 -------- d-----w- c:\program files\Amazon
2009-11-30 23:02 . 2009-11-30 23:02 171144 ------w- c:\windows\system32\xliveinstall.dll
2009-11-30 23:02 . 2009-11-30 23:02 72840 ------w- c:\windows\system32\xliveinstallhost.exe
2009-11-30 15:56 . 2009-10-02 14:03 -------- d-----w- c:\program files\Autodesk
2009-11-29 16:26 . 2009-11-29 16:10 103360440 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ }\Sims3_1.7.9.002001_from_1.0.631.00001.exe
2009-11-21 06:40 . 2009-12-08 21:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 21:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-08 21:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-08 21:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 02:29 . 2009-06-19 03:14 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 02:28 . 2009-02-16 00:50 -------- d-----w- c:\programdata\Apple Computer
2009-11-17 08:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-09 08:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 08:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 08:05 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 15:59 . 2009-11-06 15:59 15406728 ------w- c:\windows\system32\xlive.dll
2009-11-06 15:59 . 2009-11-06 15:59 13642888 ------w- c:\windows\system32\xlivefnt.dll
2009-10-29 09:17 . 2009-11-26 08:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-31 20:17 . 2008-07-31 20:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zzop91]
2010-01-18 14:03 4624 ----a-w- c:\windows\System32\zzop91.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GyroTools.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GyroTools.lnk
backup=c:\windows\pss\GyroTools.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^SageBigly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\SageBigly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^SageBigly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\SageBigly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^SageBigly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MySurvey Messenger.lnk]
path=c:\users\SageBigly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySurvey Messenger.lnk
backup=c:\windows\pss\MySurvey Messenger.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 14:10 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-04-09 08:48 228808 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-10-24 15:26 135680 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetDownload_upgrade]
2009-01-05 06:27 361472 ----a-w- c:\program files\VersalSoft\InternetDownload\InternetDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-27 22:46 13949544 ------w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-27 22:47 92776 ------w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-10-13 22:34 6335008 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-30 01:46 1217808 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 06:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-12-12 16:41 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbsup::49,38,6d,69,fe,14,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/15/2009 10:12 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/15/2009 10:12 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/15/2009 10:11 AM 297752]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [7/14/2009 11:28 AM 239648]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [3/3/2009 12:26 PM 721904]
S2 RPCER;Remote Procedure Call (HNM);c:\program files\Common Files\ODBC\comp.exe --> c:\program files\Common Files\ODBC\comp.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/3/2009 6:59 PM 25832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [3/11/2008 4:27 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/11/2009 9:11 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/15/2009 10:11 AM 908056]
S4 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;"c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe" --> c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [?]
S4 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;"c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe" --> c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{E80A3C65-9D96-412F-8CCC-C4343706620A}.job
- c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\SageBigly\AppData\Roaming\Mozilla\Firefox\Profiles\1rhbm9l5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\users\SageBigly\AppData\Roaming\Mozilla\Firefox\Profiles\1rhbm9l5.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}\components\FFExternalAlert.dll
FF - component: c:\users\SageBigly\AppData\Roaming\Mozilla\Firefox\Profiles\1rhbm9l5.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-DMXLauncher - c:\program files\Roxio\CinePlayer\DMXLauncher.exe
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-NCsoft Launcher - c:\program files\NCsoft\Launcher\NCLauncher.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
MSConfigStartUp-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 13:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\SAGEBI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8505C856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a5a6d24
\Driver\ACPI -> acpi.sys @ 0x82a42d68
\Driver\atapi -> ataport.SYS @ 0x82b51a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320622200-290198469-743072080-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7a,74,aa,11,99,51,51,12,48,bd,70,58,78,cd,4e,bf,94,bc,ed,40,27,1f,f8,
84,7f,89,97,31,33,f0,0b,59,80,ab,6e,30,d5,7e,26,61,dd,2d,9f,6d,6c,28,d2,f4,\
"??"=hex:98,29,88,27,45,70,0d,c8,15,24,c3,75,dd,9b,33,e6

[HKEY_USERS\S-1-5-21-2320622200-290198469-743072080-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:64,9d,ad,18,64,34,19,a5,af,a3,aa,05,1b,48,98,e3,15,1a,5f,11,4e,
44,ef,f7,f7,56,11,56,6a,f6,92,73,a1,53,ef,58,1b,35,44,f3,d0,77,86,d1,9d,99,\
"rkeysecu"=hex:9e,37,0d,58,ff,a3,62,d5,5b,5a,1d,43,73,28,ac,ea
.
Completion time: 2010-01-18 13:28:58
ComboFix-quarantined-files.txt 2010-01-18 18:28

Pre-Run: 125,731,778,560 bytes free
Post-Run: 125,711,605,760 bytes free

- - End Of File - - C5819C8D07BD5DC0184C351678800CE9

#4 johndglas

johndglas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 January 2010 - 01:41 AM

Bump...still having problems. Now computer is restarting even though windows auto restart on failures is off.

#5 albert12

albert12

  • Banned Spammer
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 January 2010 - 02:29 AM

My laptop also restarts after sometime. But it is not happens always. From the day I installed Windows Vista as previously it had Windows XP, have to face restart problem. Is there any virus issue or some other technical problem?

#6 Ocnarfidnek

Ocnarfidnek

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 January 2010 - 04:35 PM

I am having the same situation with my Computer as well. Plug and Play has terminated and the computer keeps restarting every 10 minutes. Started 2 days ago. Once the computer restarts it prompts me to reinstall compact flash player. Device has been successfully installed and about 10 minutes later the message concerning plug and play appears. Tried to restore but to no avail. Any suggestions or is this a job for a professional??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users