Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ThinkPoint on Vista laptop


  • This topic is locked This topic is locked
23 replies to this topic

#1 BillyTheBanana

BillyTheBanana

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 November 2010 - 02:02 PM

This morning I got hit with ThinkPoint when I turned on my computer. I seemingly got rid of it by deleting hotfix.exe in C:\Users\[my username]\AppData\Roaming, but I want to make sure I've totally eradicated it. One disconcerting thing is that I've gotten a blue screen of death during two attempts to scan using GMER. After the first one I did a system restore to two days ago.

I use my computer every day for internet and gaming, but I am embarrassingly ignorant when it comes to anything technical. So I am open and eager to learn :) Thanks in advance.

---

Here are the messages I got after an automatic restart after each blue screen:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 4e
BCP1: 00000007
BCP2: 00043E17
BCP3: 00000001
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini111210-01.dmp
C:\Users\Richie\AppData\Local\Temp\WER-70949-0.sysdata.xml
C:\Users\Richie\AppData\Local\Temp\WERB4FC.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: A3A1C038
BCP2: 00000000
BCP3: A278FEED
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini111210-01.dmp
C:\Users\Richie\AppData\Local\Temp\WER-236357-0.sysdata.xml
C:\Users\Richie\AppData\Local\Temp\WER5D.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


---


DDS (Ver_10-11-10.01) - NTFSx86
Run by Richie at 12:30:46.75 on Fri 11/12/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1423 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Richie\Desktop\cleaning my computer\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.asus.com
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Power2GoExpress] NA
uRun: [Google Update] "c:\users\richie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\richie\appdata\roaming\micros~1\windows\startm~1\programs\startup\sc2gears.lnk - c:\users\richie\desktop\starcraft stuff\sc2gears\Sc2gears.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\richie\appdata\roaming\mozilla\firefox\profiles\qk1apfgc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) - Search
FF - prefs.js: network.proxy.ftp - 172.1601
FF - prefs.js: network.proxy.http - //192.168.2.1.
FF - prefs.js: network.proxy.ssl - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\richie\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\richie\appdata\roaming\mozilla\firefox\profiles\qk1apfgc.default\extensions\gametap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\users\richie\appdata\roaming\mozilla\firefox\profiles\qk1apfgc.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\users\richie\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\richie\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\richie\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080926.005\IDSvix86.sys [2008-10-5 270384]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 176128]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-6 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-29 24652]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 5882368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 210944]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-23 47616]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-23 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 VirtDiskBus;Virtual disk Enumerator;c:\windows\system32\drivers\VirtDiskBus.sys [2009-5-25 55808]
S3 BazisVirtualCD;Virtual CD driver;c:\windows\system32\drivers\BazisVirtualCD.sys [2009-5-25 53248]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2009-8-18 69120]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-5 99376]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

=============== Created Last 30 ================

2010-11-06 18:46:35 -------- d-----w- c:\users\richie\appdata\local\Octoshape
2010-10-29 18:52:34 -------- d-----w- c:\progra~2\Media Center Programs
2010-10-26 19:28:16 -------- d-----w- c:\users\richie\appdata\roaming\Quest3D
2010-10-26 13:10:40 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-10-26 13:10:40 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-10-26 13:10:40 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-10-26 13:10:39 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-10-26 13:08:15 -------- d-----w- c:\program files\common files\Stardock
2010-10-26 13:07:20 -------- d-----w- c:\program files\Indie Games
2010-10-26 11:27:35 -------- d-----w- c:\users\richie\appdata\roaming\Stardock
2010-10-26 11:27:06 -------- d-----w- c:\progra~2\Stardock
2010-10-26 11:26:49 -------- dc-h--w- c:\progra~2\{1338EDEE-1DCB-4AA7-9B0F-956BE76B0A4A}
2010-10-26 11:24:51 -------- d-----w- c:\users\richie\appdata\local\PackageAware
2010-10-21 13:02:14 -------- d-----w- c:\users\richie\appdata\local\Opera
2010-10-21 13:02:09 -------- d-----w- c:\program files\Opera 11.00 alpha
2010-10-15 23:53:02 -------- d-----w- c:\users\richie\appdata\roaming\Octoshape

==================== Find3M ====================

2010-11-12 17:11:04 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-02 19:36:46 98304 ----a-w- c:\windows\W2BNEUnin.exe
2010-10-02 19:36:46 2829 ----a-w- c:\windows\W2BNEUnin.pif
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 12:32:20.53 ===============

Edited by BillyTheBanana, 12 November 2010 - 02:27 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 21 November 2010 - 12:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 November 2010 - 03:01 PM

Hello, yes, I'm still here. Thanks in advance for your help.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 21 November 2010 - 06:03 PM

Some strange proxy settings here but first, let's make sure we have no TDSS present.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 22 November 2010 - 06:12 PM

It didn't find anything, so I assume there's no need to restart.


2010/11/22 18:09:18.0187 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/22 18:09:18.0187 ================================================================================
2010/11/22 18:09:18.0187 SystemInfo:
2010/11/22 18:09:18.0187
2010/11/22 18:09:18.0187 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/22 18:09:18.0187 Product type: Workstation
2010/11/22 18:09:18.0187 ComputerName: RICHIE-PC
2010/11/22 18:09:18.0187 UserName: Richie
2010/11/22 18:09:18.0187 Windows directory: C:\Windows
2010/11/22 18:09:18.0187 System windows directory: C:\Windows
2010/11/22 18:09:18.0187 Processor architecture: Intel x86
2010/11/22 18:09:18.0188 Number of processors: 2
2010/11/22 18:09:18.0188 Page size: 0x1000
2010/11/22 18:09:18.0188 Boot type: Normal boot
2010/11/22 18:09:18.0188 ================================================================================
2010/11/22 18:09:19.0310 Initialize success
2010/11/22 18:09:24.0518 ================================================================================
2010/11/22 18:09:24.0518 Scan started
2010/11/22 18:09:24.0518 Mode: Manual;
2010/11/22 18:09:24.0518 ================================================================================
2010/11/22 18:09:26.0893 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/22 18:09:27.0091 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/22 18:09:27.0246 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/22 18:09:27.0426 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/22 18:09:27.0607 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/22 18:09:27.0818 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/22 18:09:27.0985 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/22 18:09:28.0081 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/22 18:09:28.0244 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/22 18:09:28.0371 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/22 18:09:28.0495 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/22 18:09:28.0633 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/22 18:09:28.0829 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/22 18:09:29.0106 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/22 18:09:29.0401 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/22 18:09:29.0565 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/22 18:09:29.0707 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/22 18:09:29.0892 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2010/11/22 18:09:30.0267 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/22 18:09:30.0457 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/22 18:09:30.0753 atikmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/22 18:09:30.0976 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/11/22 18:09:31.0166 BazisVirtualCD (c517e7f2d9f3de01fcc801d6d77514ff) C:\Windows\system32\DRIVERS\BazisVirtualCD.sys
2010/11/22 18:09:31.0336 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/22 18:09:31.0431 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/22 18:09:31.0628 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/22 18:09:31.0868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/22 18:09:31.0978 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/22 18:09:32.0274 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/22 18:09:32.0304 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/22 18:09:32.0480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/22 18:09:32.0600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/22 18:09:32.0728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/22 18:09:32.0792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/22 18:09:32.0995 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/22 18:09:33.0148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/22 18:09:33.0308 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/22 18:09:34.0178 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/11/22 18:09:34.0335 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/22 18:09:34.0475 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/22 18:09:34.0795 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/22 18:09:34.0965 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/22 18:09:35.0262 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/22 18:09:35.0497 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/22 18:09:35.0580 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/22 18:09:35.0856 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
2010/11/22 18:09:36.0077 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/22 18:09:36.0272 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\Windows\system32\drivers\CO_Mon.sys
2010/11/22 18:09:36.0440 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/22 18:09:36.0592 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/22 18:09:37.0259 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/22 18:09:37.0502 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/22 18:09:37.0985 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/22 18:09:38.0269 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/22 18:09:38.0411 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/22 18:09:38.0699 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/22 18:09:38.0833 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/22 18:09:39.0009 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/22 18:09:39.0252 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/22 18:09:39.0375 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/22 18:09:39.0482 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/22 18:09:39.0634 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/22 18:09:39.0752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/22 18:09:39.0922 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/22 18:09:40.0087 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/22 18:09:40.0403 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/22 18:09:40.0514 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/22 18:09:40.0699 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/22 18:09:40.0836 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/22 18:09:40.0967 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/22 18:09:41.0130 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/11/22 18:09:41.0280 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/22 18:09:41.0388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/22 18:09:41.0522 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/22 18:09:41.0618 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/22 18:09:41.0746 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/22 18:09:41.0904 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/22 18:09:42.0009 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/22 18:09:42.0127 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/22 18:09:42.0229 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/22 18:09:42.0329 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/22 18:09:42.0420 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/22 18:09:42.0528 IDSvix86 (ce5d5aaba62949b9bfa44d0eaf2d93e5) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys
2010/11/22 18:09:42.0636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/22 18:09:42.0854 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/22 18:09:43.0305 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/22 18:09:43.0377 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/22 18:09:43.0553 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/22 18:09:44.0574 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/22 18:09:44.0729 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/22 18:09:44.0846 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/22 18:09:44.0904 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/22 18:09:44.0976 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/22 18:09:46.0019 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/22 18:09:46.0428 itecir (6f912b420bf9c3650c03378ec1fd53d3) C:\Windows\system32\DRIVERS\itecir.sys
2010/11/22 18:09:47.0309 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/22 18:09:47.0448 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/22 18:09:48.0069 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/22 18:09:48.0190 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2010/11/22 18:09:49.0900 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/22 18:09:50.0078 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/22 18:09:50.0274 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/22 18:09:50.0551 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/22 18:09:50.0697 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/22 18:09:51.0529 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/22 18:09:53.0313 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/11/22 18:09:53.0647 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/22 18:09:53.0845 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/22 18:09:53.0981 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/22 18:09:54.0064 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2010/11/22 18:09:54.0160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/22 18:09:54.0329 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/22 18:09:54.0501 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/22 18:09:54.0595 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/22 18:09:55.0250 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/22 18:09:55.0373 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/22 18:09:56.0254 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/22 18:09:56.0505 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/22 18:09:57.0175 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/22 18:09:57.0514 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/22 18:09:58.0087 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/22 18:09:58.0826 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/22 18:09:59.0045 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/22 18:09:59.0266 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/22 18:09:59.0372 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/22 18:09:59.0546 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/22 18:09:59.0657 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/22 18:09:59.0749 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/22 18:10:00.0294 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/22 18:10:00.0401 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/22 18:10:00.0547 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/22 18:10:00.0641 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/11/22 18:10:01.0255 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/22 18:10:03.0272 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/22 18:10:04.0465 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/22 18:10:04.0627 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/22 18:10:06.0277 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/22 18:10:06.0497 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/22 18:10:06.0582 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/22 18:10:07.0255 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/22 18:10:07.0531 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/22 18:10:07.0751 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/11/22 18:10:08.0009 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/22 18:10:08.0271 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/22 18:10:08.0523 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/22 18:10:09.0275 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/22 18:10:09.0434 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/22 18:10:09.0531 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/22 18:10:09.0808 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/22 18:10:10.0006 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/22 18:10:10.0240 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/22 18:10:10.0818 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/22 18:10:10.0999 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/22 18:10:11.0160 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/22 18:10:11.0310 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/22 18:10:11.0530 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/22 18:10:11.0632 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/22 18:10:11.0794 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/22 18:10:11.0932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/22 18:10:12.0079 pgfilter (2cf226173b467ab48f89d77e89936951) D:\Program Files\PeerGuardian2\pgfilter.sys
2010/11/22 18:10:12.0281 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/22 18:10:12.0426 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/22 18:10:12.0643 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/22 18:10:13.0172 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/22 18:10:13.0390 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/22 18:10:13.0550 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/22 18:10:13.0706 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/22 18:10:13.0845 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/22 18:10:13.0977 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/22 18:10:14.0243 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/22 18:10:14.0399 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/22 18:10:14.0516 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/22 18:10:14.0745 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/22 18:10:14.0939 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/22 18:10:15.0184 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/22 18:10:15.0408 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/22 18:10:15.0584 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/22 18:10:15.0966 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/22 18:10:16.0054 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/22 18:10:16.0163 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/22 18:10:16.0307 RTL8169 (3d2b6520699d1dcd5a13f9e7cad62199) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/22 18:10:16.0459 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/22 18:10:16.0613 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/22 18:10:16.0707 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/22 18:10:16.0849 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/22 18:10:16.0913 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/22 18:10:17.0009 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/22 18:10:17.0083 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/22 18:10:17.0111 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/22 18:10:17.0183 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/22 18:10:17.0295 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/22 18:10:17.0468 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/22 18:10:18.0066 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/22 18:10:18.0223 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/22 18:10:18.0753 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/22 18:10:19.0019 smserial (84c9ba8ebb11e5c09916be791079409c) C:\Windows\system32\DRIVERS\smserial.sys
2010/11/22 18:10:19.0261 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/11/22 18:10:19.0446 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/11/22 18:10:19.0578 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/22 18:10:19.0775 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\Windows\system32\Drivers\SRTSP.SYS
2010/11/22 18:10:19.0910 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\Windows\system32\Drivers\SRTSPL.SYS
2010/11/22 18:10:20.0042 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\Windows\system32\Drivers\SRTSPX.SYS
2010/11/22 18:10:20.0286 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/22 18:10:20.0429 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/22 18:10:20.0550 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/22 18:10:20.0891 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/22 18:10:21.0091 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/22 18:10:21.0224 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS
2010/11/22 18:10:21.0328 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/22 18:10:21.0471 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS
2010/11/22 18:10:21.0572 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/11/22 18:10:21.0676 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS
2010/11/22 18:10:21.0826 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS
2010/11/22 18:10:21.0973 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS
2010/11/22 18:10:22.0094 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/22 18:10:22.0402 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/22 18:10:22.0556 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/22 18:10:22.0743 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/22 18:10:22.0910 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/22 18:10:23.0009 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/22 18:10:23.0070 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/22 18:10:23.0145 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/22 18:10:23.0291 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/22 18:10:23.0390 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/22 18:10:23.0543 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/22 18:10:23.0676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/22 18:10:23.0755 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/22 18:10:23.0862 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/22 18:10:23.0968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/22 18:10:24.0075 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/22 18:10:24.0183 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/22 18:10:24.0300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/22 18:10:24.0400 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/22 18:10:24.0626 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/11/22 18:10:24.0896 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/22 18:10:25.0055 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/22 18:10:25.0204 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/22 18:10:25.0332 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/22 18:10:25.0419 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/22 18:10:25.0505 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/11/22 18:10:25.0680 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/22 18:10:25.0799 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/22 18:10:25.0948 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/22 18:10:26.0163 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/22 18:10:26.0276 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/22 18:10:26.0396 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/22 18:10:26.0552 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/22 18:10:26.0628 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/22 18:10:26.0759 VirtDiskBus (6446ae98fcd9ce87834ab2e471bdc2d5) C:\Windows\system32\DRIVERS\VirtDiskBus.sys
2010/11/22 18:10:26.0867 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/22 18:10:27.0078 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/22 18:10:27.0317 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/22 18:10:27.0515 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/22 18:10:27.0807 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/22 18:10:28.0018 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/22 18:10:28.0055 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/22 18:10:28.0410 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/22 18:10:28.0589 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2010/11/22 18:10:28.0815 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/22 18:10:29.0169 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/22 18:10:29.0368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/22 18:10:29.0558 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/22 18:10:29.0677 X4HSX32 (72e8f37e00dcbd7432c7824570a3a7aa) C:\Program Files\GameTap Web Player\bin\release\X4HSX32.Sys
2010/11/22 18:10:30.0013 xusb20 (c1c30732240de36551f438d5412959be) C:\Windows\system32\DRIVERS\xusb20.sys
2010/11/22 18:10:30.0197 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/11/22 18:10:30.0278 ================================================================================
2010/11/22 18:10:30.0278 Scan finished
2010/11/22 18:10:30.0278 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 22 November 2010 - 07:27 PM

Yes, no restart needed. :)

Please next run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 22 November 2010 - 09:54 PM

So, I ran the scan. After my computer restarted and the little DOS window said it was almost done and I would find the log at C:\combofix.txt, I suddenly got a blue screen and an automatic restart. From what I can see in the folder, the log file was not created. I have no idea what went wrong. Sorry to make things more complicated. :wacko:

EDIT: I just noticed there is a folder C:\comfix that contains many files including ComboFix.txt, which seems to be the log. Should I post that?

Edited by BillyTheBanana, 22 November 2010 - 10:53 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 23 November 2010 - 09:08 AM

Yes. Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 23 November 2010 - 01:39 PM

I do not have a file called ComboFix-quarantined-files.txt in C:\qoobox. Here is C:\comfix\ComboFix.txt


ComboFix 10-11-22.04 - Richie 11/22/2010 20:45:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2094 [GMT -5:00]
Running from: C:\Users\Richie\Desktop\comfix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Richie\AppData\Roaming\install
C:\Users\Richie\AppData\Roaming\Love
C:\Users\Richie\AppData\Roaming\Love\TSW\data.lua
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 02:13:35 . 2010-11-23 02:13:35 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-11-16 23:59:08 . 2010-11-16 23:59:08 -------- d-----w- C:\Program Files\AutoHotkey
2010-11-12 17:23:14 . 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2010-11-12 17:23:14 . 2010-09-13 13:56:02 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-11-12 17:20:46 . 2010-08-31 13:27:38 2038272 ----a-w- C:\Windows\system32\win32k.sys
2010-11-12 17:20:07 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll
2010-11-12 17:20:06 . 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\system32\wmpmde.dll
2010-11-06 18:46:35 . 2010-11-06 18:46:35 -------- d-----w- C:\Users\Richie\AppData\Local\Octoshape
2010-10-29 18:52:34 . 2010-11-12 17:09:06 -------- d-----w- C:\ProgramData\Media Center Programs
2010-10-26 19:28:16 . 2010-10-26 19:28:16 -------- d-----w- C:\Users\Richie\AppData\Roaming\Quest3D
2010-10-26 13:10:40 . 2010-02-04 14:01:14 74072 ----a-w- C:\Windows\system32\XAPOFX1_4.dll
2010-10-26 13:10:40 . 2010-02-04 14:01:14 528216 ----a-w- C:\Windows\system32\XAudio2_6.dll
2010-10-26 13:10:40 . 2010-02-04 14:01:14 238936 ----a-w- C:\Windows\system32\xactengine3_6.dll
2010-10-26 13:10:39 . 2010-02-04 14:01:14 22360 ----a-w- C:\Windows\system32\X3DAudio1_7.dll
2010-10-26 13:08:15 . 2010-10-26 13:08:15 -------- d-----w- C:\Program Files\Common Files\Stardock
2010-10-26 13:07:20 . 2010-10-26 13:07:20 -------- d-----w- C:\Program Files\Indie Games
2010-10-26 11:27:35 . 2010-10-26 11:28:04 -------- d-----w- C:\Users\Richie\AppData\Roaming\Stardock
2010-10-26 11:27:06 . 2010-10-26 11:27:06 -------- d-----w- C:\ProgramData\Stardock
2010-10-26 11:26:49 . 2010-10-26 11:27:12 -------- dc-h--w- C:\ProgramData\{1338EDEE-1DCB-4AA7-9B0F-956BE76B0A4A}
2010-10-26 11:24:51 . 2010-10-26 11:24:51 -------- d-----w- C:\Users\Richie\AppData\Local\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 02:34:50 . 2008-09-04 09:51:11 45056 ----a-w- C:\Windows\system32\acovcnt.exe
2010-11-14 02:44:07 . 2009-01-04 19:38:09 444952 ----a-w- C:\Windows\system32\wrap_oal.dll
2010-11-14 02:44:06 . 2009-01-04 19:38:08 109080 ----a-w- C:\Windows\system32\OpenAL32.dll
2010-10-02 19:36:46 . 2010-10-02 19:36:46 98304 ----a-w- C:\Windows\W2BNEUnin.exe
2010-10-02 19:36:46 . 2010-10-02 19:36:46 2829 ----a-w- C:\Windows\W2BNEUnin.pif
2010-08-26 16:33:06 . 2010-11-12 17:22:27 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 . 2010-11-12 17:22:27 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 . 2010-11-12 17:22:27 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 . 2010-11-12 17:22:27 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2009-04-01 02:47:26 . 2008-09-04 23:32:30 324976 ----a-w- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"Google Update"="C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-04 20:43:49 133104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 08:24:22 33128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 20:52:10 51048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 19:17:18 61440]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 03:48:39 655360]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 21:11:59 17920]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 15:27:32 61440]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 17:48:02 7708672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 06:50:43 4702208]
"Skytel"="Skytel.exe" [2007-08-03 05:22:01 1826816]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 10:12:43 1029416]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [2007-08-03 03:52:40 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-08-23 18:43:25 39480]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-08-23 18:43:56 33136]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2006-10-17 23:24:39 277352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 09:19:17 148888]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-08-10 09:15:54 421888]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2010-09-01 12:32:00 421160]

C:\Users\Richie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Richie's standard shortcuts.ahk - Shortcut.lnk - C:\Users\Richie\Documents\AutoHotkey scripts\Richie's standard shortcuts.ahk [2010-11-16 35]
Sc2gears.lnk - C:\Users\Richie\Desktop\Starcraft stuff\Sc2gears\Sc2gears.exe [2010-8-27 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R3 BazisVirtualCD;Virtual CD driver;C:\Windows\system32\DRIVERS\BazisVirtualCD.sys [2009-05-25 13:35:28 53248]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 21:42:12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 08:00:00 99376]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2008-05-06 21:06:00 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 17:16:28 753504]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\Windows\system32\DRIVERS\xusb20.sys [2006-10-13 22:48:24 50048]
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys [2008-09-12 07:33:24 270384]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-07-07 01:50:42 176128]
S2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
S2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 20:52:10 149352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 21:38:08 24652]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 02:29:16 5882368]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 01:15:24 210944]
S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-20 23:14:32 47616]
S3 SYMNDISV;SYMNDISV;C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 17:31:18 41008]
S3 VirtDiskBus;Virtual disk Enumerator;C:\Windows\system32\DRIVERS\VirtDiskBus.sys [2009-05-25 13:35:26 55808]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56:58 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2833897363-243532919-2608326870-1000Core.job
- C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-04 20:43:50 . 2009-06-04 20:43:49]

2010-11-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2833897363-243532919-2608326870-1000UA.job
- C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-04 20:43:50 . 2009-06-04 20:43:49]

2010-11-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Richie.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:04:59 . 2008-02-07 07:04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - C:\Users\Richie\AppData\Roaming\Mozilla\Firefox\Profiles\qk1apfgc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) - Search
FF - prefs.js: network.proxy.ftp - 172.1601
FF - prefs.js: network.proxy.http - //192.168.2.1.
FF - prefs.js: network.proxy.ssl - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Richie\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Richie\AppData\Roaming\Mozilla\Firefox\Profiles\qk1apfgc.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: C:\Users\Richie\AppData\Roaming\Mozilla\Firefox\Profiles\qk1apfgc.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: C:\Users\Richie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Richie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Richie\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Plants vs. Zombies - D:\Program Files\AOL Games\Plants vs. Zombies\Uninstall.exe
AddRemove-Spacejunk - D:\1 GAMES\Spacejunk\Spacejunk\uninstall.exe

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 23 November 2010 - 04:13 PM

I do not have a file called ComboFix-quarantined-files.txt in C:\qoobox. Here is C:\comfix\ComboFix.txt


Even better! :)

Did you set up a proxy? There is one showing here.
Posted Image
m0le is a proud member of UNITE

#11 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 23 November 2010 - 07:58 PM

I don't know what a proxy is. I glanced at the Wikipedia article for it, and the only thing I can think of is that I know I followed some tutorial a while back to set up my laptop so I could connect it to my Xbox with a cable and get on Xbox Live via my laptop's wireless connection to our router.

Edited by BillyTheBanana, 23 November 2010 - 07:58 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 23 November 2010 - 08:22 PM

That must be it then.

Please run the PC through ESET's online scanner now to pick off anything left over

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 25 November 2010 - 10:31 AM

Just so you don't think I've disappeared, I'll be getting to this this weekend.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:35 PM

Posted 25 November 2010 - 11:51 AM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 BillyTheBanana

BillyTheBanana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 30 November 2010 - 03:01 PM

No threats found. I left "Scan for potentially unsafe applications" unchecked since you didn't mention it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users