Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on update startup :(


  • This topic is locked This topic is locked
16 replies to this topic

#1 aaronsurfs22

aaronsurfs22

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 29 April 2011 - 10:45 PM

The other night my computer went through the process of an automatic update and now whenever it gets to the starting screen I get a blue screen of death. The computer restarts itself so fast that I'm not even able to see the error message. I'm able to access the computer via safe mode but it wont allow me to do a system restore so I assume that malware is the problem. Here is my log.
Thanks,
Aaron
P.S. I was not able to attach the ark.txt file as it was too big.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by Aaron at 21:44:59.96 on Fri 04/29/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.3134 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Aaron\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14986&l=dis
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [scheduler_monitor] C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
uRunOnce: [Application Restart #0] C:\Windows\ehome\ehtray.exe
uRunOnce: [Application Restart #1] C:\Program Files\Windows Defender\MSASCui.exe -Hide
uRunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe nostartupscreen
mRun: [WLSS] "C:\Program Files (x86)\Compal\Wireless Select Switch\WLSS.exe"
mRun: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
mRun: [<NO NAME>]
mRun: [SmtLauncher] C:\Program Files (x86)\Compal\Smart Tracing\SmLaunch.exe
mRun: [Wow Video&Audio] C:\Program Files (x86)\Compal\Wow Video&Audio\WVAMain.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [sealmon.exe] C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {35065594-9169-4A34-B167-FC4865038E53} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
mRun-x64: [KTPWare] C:\Program Files\Elantech\ktp.exe
mRun-x64: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun-x64: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MRT] "C:\Windows\system32\MRT.exe" /R
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hmyea2fn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100813013936418&tb_oid=13-08-2010&tb_mrud=13-08-2010
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100813013936418&tb_oid=13-08-2010&tb_mrud=13-08-2010&query=
FF - component: C:\Program Files (x86)\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Aaron\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {A0DA8AF7-A61A-4AEE-924A-02C68F4F12B7} - C:\Windows\system32\config\systemprofile\AppData\Local\{A0DA8AF7-A61A-4AEE-924A-02C68F4F12B7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2007-3-23 14336]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2007-7-26 36864]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-2-25 3141120]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2008-7-17 427016]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2008-7-17 33416]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-1-5 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 67656]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-7-17 297752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-11-27 12744]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-9 1038088]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-16 93184]
.
=============== Created Last 30 ================
.
2011-04-28 19:51:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-27 19:07:10 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-27 19:07:10 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-27 19:07:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 19:07:07 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-26 05:38:53 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F41624D3-B4E6-40F7-B6B3-79BDD527CDAF}\mpengine.dll
2011-04-20 14:42:50 -------- d-----w- C:\Users\Aaron\AppData\Roaming\PMS
2011-04-20 14:42:35 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2011-04-18 22:22:08 -------- d-----w- C:\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip
2011-04-18 04:04:47 -------- d-----w- C:\Program Files (x86)\Comical
2011-04-15 21:44:16 -------- d-----w- C:\Program Files (x86)\Audacity
2011-04-14 22:51:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-14 22:51:57 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-14 22:51:57 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-14 22:51:57 1161728 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-14 22:51:57 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-14 22:51:55 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-14 22:51:55 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-14 22:51:55 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
.
==================== Find3M ====================
.
2011-03-03 15:09:00 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:06:28 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06:27 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06:27 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:00:15 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:15:30 2760704 ----a-w- C:\Windows\System32\win32k.sys
2011-02-27 15:53:47 18320 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-27 15:53:46 1075600 ----a-w- C:\Windows\System32\winload.efi
2011-02-27 15:53:45 990096 ----a-w- C:\Windows\System32\winresume.efi
2011-02-27 15:53:45 979344 ----a-w- C:\Windows\System32\winresume.exe
2011-02-27 15:53:45 20880 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-27 15:53:45 18832 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-27 15:53:45 1062800 ----a-w- C:\Windows\System32\winload.exe
2011-02-18 15:59:41 1032704 ----a-w- C:\Windows\System32\wininet.dll
2011-02-18 15:55:33 86528 ----a-w- C:\Windows\System32\ieencode.dll
2011-02-18 15:48:42 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2011-02-18 14:37:22 485376 ----a-w- C:\Windows\System32\html.iec
2011-02-18 14:11:11 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-18 14:09:54 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-18 13:51:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 13:51:27 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 13:51:25 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 13:50:40 135168 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-18 13:50:36 273920 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-18 13:50:34 105472 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-18 13:50:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-18 13:48:10 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-16 15:41:45 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 15:36:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 15:35:41 430080 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 13:44:38 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 13:24:56 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:46:41.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 08 May 2011 - 04:19 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 11 May 2011 - 06:08 PM

Here are the dds and attach logs that ended up on notepad,
Thanks!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by Aaron at 18:03:14.76 on Wed 05/11/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2997 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\QuickTime\PictureViewer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Aaron\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14986&l=dis
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [scheduler_monitor] C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
uRunOnce: [Application Restart #0] C:\Windows\ehome\ehtray.exe
uRunOnce: [Application Restart #1] C:\Program Files\Windows Defender\MSASCui.exe -Hide
uRunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe nostartupscreen
mRun: [WLSS] "C:\Program Files (x86)\Compal\Wireless Select Switch\WLSS.exe"
mRun: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
mRun: [<NO NAME>]
mRun: [SmtLauncher] C:\Program Files (x86)\Compal\Smart Tracing\SmLaunch.exe
mRun: [Wow Video&Audio] C:\Program Files (x86)\Compal\Wow Video&Audio\WVAMain.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [sealmon.exe] C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {35065594-9169-4A34-B167-FC4865038E53} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
mRun-x64: [KTPWare] C:\Program Files\Elantech\ktp.exe
mRun-x64: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun-x64: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MRT] "C:\Windows\system32\MRT.exe" /R
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hmyea2fn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100813013936418&tb_oid=13-08-2010&tb_mrud=13-08-2010
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100813013936418&tb_oid=13-08-2010&tb_mrud=13-08-2010&query=
FF - component: C:\Program Files (x86)\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Aaron\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {A0DA8AF7-A61A-4AEE-924A-02C68F4F12B7} - C:\Windows\system32\config\systemprofile\AppData\Local\{A0DA8AF7-A61A-4AEE-924A-02C68F4F12B7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2007-3-23 14336]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2007-7-26 36864]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-2-25 3141120]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2008-7-17 427016]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2008-7-17 33416]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-1-5 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 67656]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-7-17 297752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-11-27 12744]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-9 1038088]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-16 93184]
.
=============== Created Last 30 ================
.
2011-04-30 02:50:41 -------- d-----w- C:\Windows\SysWow64\gmer
2011-04-28 19:51:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-27 19:07:10 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-27 19:07:10 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-27 19:07:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 19:07:07 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-26 05:38:53 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F41624D3-B4E6-40F7-B6B3-79BDD527CDAF}\mpengine.dll
2011-04-20 14:42:50 -------- d-----w- C:\Users\Aaron\AppData\Roaming\PMS
2011-04-20 14:42:35 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2011-04-18 22:22:08 -------- d-----w- C:\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip
2011-04-18 04:04:47 -------- d-----w- C:\Program Files (x86)\Comical
2011-04-15 21:44:16 -------- d-----w- C:\Program Files (x86)\Audacity
2011-04-14 22:51:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-14 22:51:57 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-14 22:51:57 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-14 22:51:57 1161728 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-14 22:51:57 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-14 22:51:55 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-14 22:51:55 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-14 22:51:55 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
.
==================== Find3M ====================
.
2011-03-03 15:09:00 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:06:28 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06:27 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06:27 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:00:15 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:15:30 2760704 ----a-w- C:\Windows\System32\win32k.sys
2011-02-27 15:53:47 18320 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-27 15:53:46 1075600 ----a-w- C:\Windows\System32\winload.efi
2011-02-27 15:53:45 990096 ----a-w- C:\Windows\System32\winresume.efi
2011-02-27 15:53:45 979344 ----a-w- C:\Windows\System32\winresume.exe
2011-02-27 15:53:45 20880 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-27 15:53:45 18832 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-27 15:53:45 1062800 ----a-w- C:\Windows\System32\winload.exe
2011-02-18 15:59:41 1032704 ----a-w- C:\Windows\System32\wininet.dll
2011-02-18 15:55:33 86528 ----a-w- C:\Windows\System32\ieencode.dll
2011-02-18 15:48:42 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2011-02-18 14:37:22 485376 ----a-w- C:\Windows\System32\html.iec
2011-02-18 14:11:11 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-18 14:09:54 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-18 13:51:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 13:51:27 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 13:51:25 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 13:50:40 135168 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-18 13:50:36 273920 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-18 13:50:34 105472 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-18 13:50:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-18 13:48:10 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-16 15:41:45 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 15:36:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 15:35:41 430080 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 13:44:38 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 13:24:56 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 18:04:50.78 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2008 3:51:51 PM
System Uptime: 5/11/2011 11:09:21 AM (7 hours ago)
.
Motherboard: - | | JFL92
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz | U2E1 | 2493/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 23.619 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0018
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #16
PNP Device ID: ROOT\*6TO4MP\0018
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP993: 4/27/2011 5:37:31 AM - Scheduled Checkpoint
RP994: 4/28/2011 12:00:02 AM - Scheduled Checkpoint
RP995: 4/28/2011 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
AIM Toolbar
Amnesia - The Dark Descent
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Audacity 1.2.6
Aurora
AutoUpdate
AVG Free 8.5
Beat Hazard
BitTorrent
Braid (Version 1.009 from Greenhouse)
Canon iP2600 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cave Story Deluxe
CCleaner (remove only)
Collab
Comical 0.8
Connect
Counter-Strike: Source
CourseSmart Bookshelf
Curse Client
DAEMON Tools Toolbar
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Doom 3
Download Updater (AOL LLC)
DVD Suite
Dyson v1.20
EA Download Manager
Easy GIF Animator 5.1
Easy Gif Animator Extension
Edirol HQ Orchestral v1.01
EMSC
EVEREST Home Edition v2.20
FL Studio 8
Free M4a to MP3 Converter 6.1
Free WMA to MP3 Converter 1.16
Futuremark SystemInfo
GameSpy Comrade
Google Chrome
GunBound Thor's Hammer
Hamachi 1.0.3.0
Heroes of Might and Magic® III
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ijji
ijji - Gunz
ijji FireFox Launcher 1.0
ijji REACTOR
IL Download Manager
Indeo® Software
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 7
kuler
Left 4 Dead 2
LimeWire 5.5.8
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XNA Framework Redistributable 4.0
Mixxx
Mortal Online
MotioninJoy ds3 driver version 0.6.0001
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.16)
NS Virtual DJ 6.0 Full
NVIDIA PhysX
OpenAL
OpenOffice.org 2.4
Oracle IRM Desktop 5.5.19 10gR3 PR5
oZone3D.Net FurMark v1.8.2
PDF Settings CS4
PhotoNow! 1.0
Photoshop Camera Raw
PIXMA Extended Survey Program
Plasma Pong v1.2
PoiZone
PokerStars.net
Power2Go 5.0
PowerBackup 2.5
PowerDVD
PowerProducer
Project64 1.6
PS3 Media Center X 0.92
PS3 Media Server
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
Rainmeter
ReaConverter 5.5 Pro
Realtek High Definition Audio Driver
Resource Hacker Version 3.5.2
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart Battery
Smart Meeting
Smart Tracing
Source SDK Base
Spybot - Search & Destroy
SSH Secure Shell
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
System Requirements Lab
Team Fortress 2
Toxic Biohazard
uMusic
Unreal
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
USB Video Device
Vampire - The Masquerade Bloodlines
VC80CRTRedist - 8.0.50727.762
VeohTV BETA
Viewpoint Media Player
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.0-rc4
Whitesmoke Translator
Windows Media Player Firefox Plugin
WinRAR archiver
Wireless Select Switch
Wow Video&Audio utility
Xfire (remove only)
ZalmanFrisbee
zbattle.net 1.09 SR-1 beta
.
==== End Of File ===========================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 12 May 2011 - 05:04 AM

I see indeed some malware here, so lets search for that first.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 12 May 2011 - 03:50 PM

Hmm It tells me to select an action for the one suspicious object, but doesn't actually allow me to. It says that the file is locked.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 13 May 2011 - 01:58 AM

Can you give me the name of the object?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 15 May 2011 - 06:56 PM

The service name is sptd, the type is a kernel driver (0x1), the service start is boot (0x0)

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 16 May 2011 - 12:46 AM

Hi, thats not malware, so leave it where it is.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 May 2011 - 10:28 AM

Unfortunately, whenever I use combofix.exe towards the end of it's process (I believe) it reboots my computer, leaving me with no log file.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 20 May 2011 - 10:47 AM

Please try to run combofix from safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 May 2011 - 09:00 PM

I am running it in safe mode :/

Edited by aaronsurfs22, 20 May 2011 - 10:45 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 21 May 2011 - 02:29 AM

Please right click on Combofix and select rename. Rename the file to Random and try to run it like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 22 May 2011 - 09:43 PM

Tried this, and unfortunately still no luck.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:09 AM

Posted 23 May 2011 - 06:31 AM

Click Start > Run, type combofix /killall and press enter. See if it runs like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 aaronsurfs22

aaronsurfs22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 23 May 2011 - 10:47 AM

Well the thing is, it runs. It just auto restarts my computer when it's well into the process and I don't get a log file out of it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users