Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD keeps reappearing, only operateable in SAFE MODE


  • This topic is locked This topic is locked
8 replies to this topic

#1 chrismrivera

chrismrivera

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 10 April 2011 - 10:31 AM

Hey, I am running Windows 7 and whenever I am not in safe mode I will get the BSOD saying IRQL not equal. Had some pop ups from AVG before it was going nuts about me having a virus on my laptop. Here is my DDS log

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by Chris at 10:14:01.49 on Sun 04/10/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4055.3337 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Chris\Desktop\cg.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Notify: glowext - C:\Windows\system32\config\systemprofile\AppData\Local\glowext.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5umpg0ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-3-22 517448]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
.
=============== Created Last 30 ================
.
2011-04-09 04:36:08 -------- d-----w- C:\Users\Chris\AppData\Local\Diagnostics
2011-03-27 04:57:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-26 16:43:13 -------- d-----w- C:\Program Files\Synaptics
2011-03-26 16:42:04 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-03-26 16:42:03 285744 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-03-26 16:42:03 204584 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-03-26 16:42:03 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2011-03-26 16:42:03 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-03-26 16:42:02 395048 ----a-w- C:\Windows\System32\SynCOM.dll
2011-03-26 16:42:02 261928 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-03-26 16:42:02 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-03-26 16:42:02 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-03-26 16:42:01 -------- d-----w- C:\dell
2011-03-25 06:04:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-23 17:45:42 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2011-03-23 17:35:10 -------- d-----w- C:\Users\Chris\AppData\Local\Adobe
2011-03-23 16:24:49 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-03-23 16:24:20 -------- d-----w- C:\Windows\PCHEALTH
2011-03-23 16:24:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-03-23 16:22:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-03-23 16:20:59 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-03-23 16:10:54 -------- d-----w- C:\Windows\System32\appmgmt
2011-03-23 16:05:55 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-03-23 04:09:33 -------- d-----w- C:\Program Files (x86)\Audacity
2011-03-23 00:30:07 -------- d-----w- C:\Program Files (x86)\Conduit
2011-03-23 00:29:55 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-03-23 00:29:52 -------- d-----w- C:\Program Files (x86)\BitTorrentBar
2011-03-23 00:29:44 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-03-23 00:28:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\BitTorrent
2011-03-23 00:00:39 -------- d-----w- C:\Users\Chris\AppData\Local\Google
2011-03-22 23:34:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\TuneAid
2011-03-22 23:30:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\DiskAid
2011-03-22 23:30:11 -------- d-----w- C:\Program Files (x86)\DigiDNA
2011-03-22 22:57:18 -------- d--h--w- C:\$AVG
2011-03-22 22:25:17 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer
2011-03-22 22:25:08 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-03-22 22:25:08 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-03-22 22:25:07 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-03-22 22:24:30 -------- d-----w- C:\Program Files\iTunes
2011-03-22 22:24:30 -------- d-----w- C:\Program Files\iPod
2011-03-22 22:24:30 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-22 22:24:30 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-22 22:22:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-22 22:21:32 -------- d-----w- C:\Users\Chris\AppData\Local\Apple
2011-03-22 22:20:29 -------- d-----w- C:\Program Files\Bonjour
2011-03-22 22:20:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-03-22 20:48:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG10
2011-03-22 20:48:24 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-22 20:48:14 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2011-03-22 20:47:56 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-22 20:46:29 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-22 20:46:29 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-22 20:45:14 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-22 20:43:32 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-22 20:41:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-03-22 20:41:43 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-22 20:41:43 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-22 20:41:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-22 20:41:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-22 20:39:40 99384 ----a-w- C:\Users\Chris\AppData\Roaming\inst.exe
2011-03-22 20:39:40 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2011-03-22 20:39:40 82816 ----a-w- C:\Users\Chris\AppData\Roaming\pcouffin.sys
2011-03-22 20:39:36 -------- d-----w- C:\Program Files (x86)\DVDFab 8
2011-03-22 20:38:09 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2011-03-22 20:36:50 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-03-22 20:35:30 -------- d-----w- C:\Users\Chris\AppData\Local\Ahead
2011-03-22 20:32:46 -------- d-----w- C:\Program Files (x86)\Nero
2011-03-22 20:32:46 -------- d-----w- C:\PROGRA~3\Nero
2011-03-22 20:11:14 -------- d-----w- C:\Users\Chris\AppData\Local\Microsoft Help
2011-03-22 20:10:58 -------- d-sh--w- C:\Windows\Installer
2011-03-22 20:09:03 -------- d-----w- C:\IUware Online
2011-03-22 19:00:36 -------- d-----w- C:\Windows\Panther
2011-03-22 18:47:49 -------- d-----w- C:\Windows.old
2011-03-22 18:32:20 -------- d-----w- C:\Apps
2011-03-22 18:10:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-22 18:10:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-22 18:01:20 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-03-22 18:01:20 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-03-22 17:55:16 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-03-22 17:55:16 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2011-03-22 17:54:04 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-22 17:54:04 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-22 17:54:04 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-22 17:54:04 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-22 17:54:04 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-22 17:54:04 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-22 17:54:04 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-22 17:54:04 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-22 17:54:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-22 17:54:04 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-22 17:47:17 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-03-22 17:47:17 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-03-22 17:46:45 -------- d-----w- C:\Intel
2011-03-22 17:44:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-03-22 17:42:43 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-03-22 17:42:43 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-03-22 17:42:15 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-03-22 17:42:05 112000 ----a-w- C:\Windows\System32\consent.exe
2011-03-22 17:42:03 46592 ----a-w- C:\Windows\System32\msasn1.dll
2011-03-22 17:42:03 395776 ----a-w- C:\Windows\System32\webio.dll
2011-03-22 17:42:03 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-03-22 17:42:03 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-03-22 16:55:24 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{60914530-B71C-40B9-A5A8-49A7AD427BB0}\mpengine.dll
2011-03-22 16:55:22 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-22 16:29:18 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-03-07 02:08:13 93552 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-17 06:17:00 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-17 05:38:38 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-15 16:21:04 36352 ----a-w- C:\Windows\System32\drivers\VClone.sys
.
============= FINISH: 10:14:59.16 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:49 AM

Posted 18 April 2011 - 07:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 chrismrivera

chrismrivera
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 19 April 2011 - 06:59 PM

Hey I am on Windows 7 so I am unable to run the GMER scan. I still get the Blue Screen that says IRQL_not equal
THe DDS file is above, I have not turned on my computer since I started this thread.
I can run in Safe Mode without having a Blue Screen

Thanks so much
Chris

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 AM

Posted 20 April 2011 - 08:37 AM

Hi chrismrivera, and welcome to Bleeping Computer.

In Safe Mode, please run this tool:

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.


Then, if you're able to boot into Normal Mode, please run OTL.exe:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 chrismrivera

chrismrivera
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 April 2011 - 10:02 PM

HEY

I have done the TDSSKILLER scan and here is the log, it found one infection.

I will now try to boot into normal mode

Thanks a lot,
Chris

Attached Files



#6 chrismrivera

chrismrivera
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 April 2011 - 10:29 PM

Hello

I was able to boot into normal mode and do the OTL scan

Here are the logs, everything seems to be working back to normal!

Thanks so much for everything!

Chris Rivera

Attached Files



#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 AM

Posted 23 April 2011 - 11:25 AM

Hi again Chris!!.. :)

Here are the logs, everything seems to be working back to normal!

Yep, looks like the rootkit infection is gone now!.. :thumbup2:

Please do the following:

Firstly, to remove some leftovers,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/04/13 14:27:10 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5umpg0ao.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011/04/13 14:27:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5umpg0ao.default\extensions\engine@conduit.com
    [2011/03/21 15:17:36 | 000,000,863 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5umpg0ao.default\searchplugins\conduit.xml
    [2011/04/10 09:48:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Thirdly,
In your log, there are quite a few errors of this type visible:

Error - 4/22/2011 10:57:06 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


Please open the Event Viewer, toggle Windows Logs and check System events for such an error - paste the full error message here...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 AM

Posted 06 May 2011 - 01:44 PM

Still with us Chris??..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 AM

Posted 15 May 2011 - 06:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users