Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Crashes Computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 toshibalaptopgirl

toshibalaptopgirl

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 13 March 2011 - 02:29 PM

Hi

I have a Microsoft Vista.

For the past two days, anytime I select the 'Computer' icon, my laptop freezes and completely crashes.

I am going into the Computer icon to open up the other drives (E:, DVD, etc.). I want to transfer photos from my camera to my laptop. Normally, I go into the Computer icon, select the drive where I insert the SD card and I am able to transfer photos directly.

I automatically assumed I had a virus. I ran Malware Bytes (after getting the updates) and there was no virus. I did a Combofix and it says that System32/userinit.exe was infected. It was able to restore it and fix it. 'Computer' option continues to crash.

Strangely enough, the 'Computer' open in MicrosoftWord opens up the drive and shows me the additional hard drives.

This was the log from Combofix:

ComboFix 11-03-12.01 - Mehnaz 12/03/2011 21:24:14.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.466 [GMT -5:00]
Running from: c:\users\Mehnaz\Desktop\ComboFix.exe
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Rogers Online Protection Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Rogers Online Protection Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\shs_setup_4059-354328.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Mehnaz\AppData\Roaming\inst.exe
c:\users\Mehnaz\AppData\Roaming\Local
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 02:43 . 2011-03-13 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 00:54 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{927B98A7-C660-449E-AE7F-87AC311DE272}\mpengine.dll
2011-03-10 03:09 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 03:09 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 03:09 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 03:09 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 03:09 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:09 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 02:13 . 2009-11-02 21:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-03-09 02:13 . 2011-03-09 02:43 -------- d-----w- c:\program files\Rogers Backup Manager
2011-03-09 02:11 . 2009-10-23 19:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-03-09 02:10 . 2011-03-09 02:44 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-03-09 02:09 . 2011-03-09 02:09 -------- d-----w- c:\programdata\Raxco
2011-03-09 02:09 . 2011-03-09 02:09 -------- d-----w- c:\program files\Raxco
2011-03-09 01:59 . 2011-03-09 01:59 -------- d-----w- c:\programdata\Radialpoint
2011-02-24 08:05 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:04 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:04 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:04 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:04 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:04 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-24 08:04 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-24 08:04 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-24 08:04 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-24 08:04 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-24 08:04 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-24 08:04 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-24 08:04 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-24 08:03 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-24 08:03 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-24 08:03 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-24 08:03 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-24 08:03 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 08:03 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 02:10 . 2009-05-11 21:35 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-03-09 01:45 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 22:11 . 2009-10-02 22:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 03:36 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 03:36 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 03:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 03:36 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 03:36 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 03:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 03:36 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 03:36 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 03:36 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 03:36 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 03:36 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 03:36 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 03:36 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 03:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 03:36 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 03:36 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 03:36 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 03:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 03:36 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 03:36 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 03:36 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 03:36 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 03:36 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 03:36 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 03:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 03:36 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 03:36 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 03:36 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 03:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 03:37 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-10 03:37 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-13 03:58 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2009-03-25 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-03-25 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:36 . 2011-02-10 03:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37 . 2011-02-10 03:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55 . 2011-02-10 03:35 389632 ----a-w- c:\windows\system32\html.iec
2010-12-14 14:49 . 2011-01-13 03:58 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-06-07 17:46 344064 ----a-w- c:\program files\Rogers Backup Manager\VaultClientMenu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 133912]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Rogers SHS"="c:\program files\Rogers\SelfHealing\shs.exe" [2010-06-03 2736128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2011-01-04 4318520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-03-13 00:58 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-20 02:43 342848 ----a-w- c:\users\Mehnaz\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-03-22 00:23 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 01:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-02-12 16:19 1050112 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-09 01:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14 34352 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 05:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-02-12 16:23 1620480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-02-17 15:43 1830128 ----a-w- c:\program files\SUPERAntiSpyware\14e5a4ef-e810-471e-95a5-626793248a3c.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-02-02 04:36 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-05-10 16:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4045130228-3135669407-952081849-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BVEXT;BVEXT;c:\users\Mehnaz\AppData\Local\Temp\BVEXT.exe [x]
R3 HTCCVSCB;HTCCVSCB;c:\users\Mehnaz\AppData\Local\Temp\HTCCVSCB.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2011-03-13 12872]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-03-13 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-03-13 67656]
S2 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2010-06-07 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-06-03 139264]
S2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2010-06-03 163840]
S2 ServicepointService;ServicepointService;c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe [2011-01-04 689464]
S2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\Rogers Backup Manager\VaultClientSRV.exe [2010-06-07 1053936]
S2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\Rogers Backup Manager\VaultClientUpgrade.exe [2010-06-07 120048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A16B0CD4
*Deregistered* - a16b0cd4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Mehnaz\AppData\Roaming\Mozilla\Firefox\Profiles\wgaoap4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-12 21:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2760)
c:\program files\Rogers Backup Manager\VaultClientMenu.dll
c:\program files\Rogers Backup Manager\LIBEXPAT.dll
c:\program files\Rogers Backup Manager\VaultClientCOM.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Rogers Online Protection\Rogers Online Protection\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-03-12 22:01:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 03:01
ComboFix2.txt 2009-04-16 00:38
ComboFix3.txt 2009-03-23 02:22
.
Pre-Run: 74,701,574,144 bytes free
Post-Run: 76,294,885,376 bytes free
.
- - End Of File - - D2C22EBD96FE07EE227BD1E08BC9E831


I ran GMER and this is the log:

leepiGMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2011-03-13 08:38:28
Windows 6.0.6002 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys
AttachedDevice \Driver\tdx \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edit: Moved topic from Internal Hardware to the more appropriate forum. ~ Animal

EDIT: Please be patient. There are over 140 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Edited by Budapest, 16 March 2011 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 AM

Posted 17 March 2011 - 08:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 AM

Posted 22 March 2011 - 07:39 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users