Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC going into recovery mode with every start up, other odd problems, having to restore with ea. startup


  • This topic is locked This topic is locked
17 replies to this topic

#1 Necroscope84

Necroscope84

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 08 September 2011 - 06:25 PM

Hello, I have been having several odd problems lately. Last month I had 2 viruses and Avira Free Antivirus quarantined them and everything seemed fine but now my PC is acting very odd. For the last 3 days every morning I start my computer up it either says it wasn't shut down correctly or it goes into recovery console mode and then has to do a restore because it says my PC will not boot up (I've tried to read the message but it flashes by so fast I can't make it out) Also I have had problems with Firfox disconnecting me almost every time I use it. Google Chrome messes up my games if I try to delete it's cache - for instance it's messed up the current game I play twice now - Icewind dale 2. It got rid of my saved game folder once and made the graphics all weird the other time. My Computers clock keeps resetting back to manufacture date most mornings when I boot it up and Internet Explorer has never worked well for me. I can't get Vista SP2 because of a Virtual Store issue and Microsoft told me I'd have to buy Windows 7 after walking me through all the steps to fix it that they could.

I've run Avira Free Antivirus and it came up empty but had 7 warnings. The log didn't show exactly what they were, I think they were just files it couldn't read or something like that I'm not sure (I believe I still have the log if you'll need it). Spybot came up empty and so did Malewarebytes.

Here are my logs. Thank you in advance for all of your help on this matter. Hopefully we can get to the bottom of this. I usually turn off my system restore to purge it as suggested after any viruses but am afraid to since I can't seem to boot up in the morning without doing a restore.

Here's my DDS Log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_27
Run by Jamie at 10:23:20 on 2011-09-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1747 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jamie\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Google Update] "c:\users\jamie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\gigaby~1.lnk - c:\program files\gigabyte\gamer hud lite\HUD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mywalmart.com
Trusted Zone: secunia.com
Trusted Zone: yahoo.com\login
Trusted Zone: youtube.com\www
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\sony online entertainment\npsoeact.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jamie\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-27 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-6-25 78848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-17 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-7 66616]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-23 12672]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-15 20328]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\dragon age\tools\toolssql\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-2 2255464]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-6-17 809296]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-2 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 99152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-07 23:09:18 -------- d-----w- c:\users\jamie\appdata\local\Apple Computer
2011-09-07 23:07:48 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{25f901e8-5372-418e-8e70-624b475a4361}\mpengine.dll
2011-09-02 21:48:18 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-02 21:48:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-02 21:48:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-02 21:48:17 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-09-02 21:48:17 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-02 21:48:17 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-02 21:48:17 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-02 21:48:17 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-02 21:48:17 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-02 21:48:17 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-01 23:47:32 -------- d-----w- c:\users\jamie\appdata\local\Google
2011-08-31 21:23:00 -------- d-----w- c:\program files\ESET
2011-08-31 21:20:39 -------- d-----w- c:\users\jamie\appdata\roaming\QuickScan
2011-08-30 00:56:11 -------- d-----w- c:\users\jamie\appdata\local\Eastman_Kodak_Company
2011-08-30 00:51:53 -------- d-----w- c:\windows\system32\kodak
2011-08-27 20:42:11 -------- d-----w- c:\users\jamie\appdata\local\Funcom
2011-08-27 19:44:19 -------- d-----w- c:\programdata\Funcom
2011-08-24 08:53:02 -------- d-----w- c:\program files\common files\xing shared
2011-08-24 08:46:09 -------- d-----w- c:\users\jamie\appdata\local\Apple
2011-08-14 15:44:13 -------- d-----w- c:\program files\ValuSoft
2011-08-13 22:12:09 -------- d-----w- C:\Direct2DriveDownloads
2011-08-13 22:11:04 -------- d-----w- c:\program files\Download Manager
2011-08-12 22:10:55 -------- d-----w- c:\users\jamie\appdata\roaming\.BitTornado
2011-08-11 17:27:20 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2011-08-11 17:11:27 -------- d-----w- c:\program files\Jade Empire
2011-08-11 01:15:32 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
==================== Find3M ====================
.
2011-09-01 23:20:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 18:45:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 08:52:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-03 11:50:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50:00 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:50:00 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50:00 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50:00 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50:00 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50:00 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 08:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-24 18:29:18 52224 ----a-w- c:\windows\ipuninst.exe
2011-07-16 18:30:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 17:47:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 10:24:47.95 ===============

Attached Files

  • Attached File  ark.txt   8.05KB   0 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 13 September 2011 - 06:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418112 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 September 2011 - 12:03 PM

Hello, I'm still having alot of problems. First: my hard drive may be going out. My PC keeps crashing, or when I start it up it now says Hard Disk failure imminent, back up your files and replace your hard disk. I would like to make sure that it is my hard drive going before I spend %300+ on a new one and Windows 7. I do NOT have a windows disk of any kind. I bought my pc at Wal-Mart. Also, I ran an online scan with Emisoft and it found 4 issues but I didn't let it get rid of them in case they're false positives. I'll include that scan if you would like to see it.

My computer has crashed to blue screen alot, I can't read anything because it goes away so fast and alot of times it goes into System Restore mode and I have to do a restore to get it to boot. I was in the process of uninstalling alot of my games so these scans would go faster when it crashed and did a restore so now I have alot of games in my Program Files that are only half there and I can't uninstall them nor can I re-install them without crashing. One weird thing is that I can leave my pc on for quite a while with no problems but as soon as I connect the dsl it goes into a blue screen then does the whole restore thing. This happened this morning on me. I have also been getting some odd pop-ups especially when trying to use my email. I can't really back anything up because it crashes but I have most of my important stuff saved on DVD's. I have ran Chkdsk quite a few times with both options checked and I ran my Compaq HP Hardware Diagnostics tool and it showed everything as being ok. I don't know if I have a virus or if it is indeed my Hard Disk going out or what. I'd just like to find out for sure before I buy a new one.

I found this article from someone who also had a virus from the exact same game I just bought not too long ago, actually it was right before I started having problems. It's about the Trymedia adware. He got his game from the same place I did mine and Emisoft showed several results for it. Here's the link: http://nerdonaplane.blogspot.com/2009/03/drakensang-goloadercom-trymedia-argh.html

I didn't remove it yet because I wanted to check with you'll first. If I have trouble getting booted then I will be checking my post here through my brothers pc also. Thank you for any and all help on this matter. I'm hoping it's not my hd but if so then that's ok. I'd just like to know for sure before buying new stuff. Thank you.

Here is my new DDS Log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_27
Run by Jamie at 20:21:16 on 2011-09-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1802 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jamie\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [<NO NAME>]
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mywalmart.com
Trusted Zone: secunia.com
Trusted Zone: yahoo.com\login
Trusted Zone: youtube.com\www
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/emsisoft_webscan.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\sony online entertainment\npsoeact.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-27 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-6-25 78848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-17 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-7 66616]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-23 12672]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-15 20328]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\dragon age\tools\toolssql\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-2 2255464]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-6-17 809296]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-2 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 99152]
.
=============== Created Last 30 ================
.
2011-09-14 17:49:36 -------- d-----w- c:\program files\Interplay
2011-09-14 14:45:34 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{44c672ee-c0e2-4793-ae3a-1d7c772563d2}\mpengine.dll
2011-09-13 22:54:21 -------- d-----w- C:\BGII-SOA_Saves
2011-09-13 22:52:50 -------- d-----w- C:\Sacred SAves
2011-09-13 22:12:14 -------- d-----w- C:\Newest IWD2 Saves
2011-09-13 22:01:14 -------- d-----w- c:\program files\Seagate
2011-09-11 18:03:50 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-11 17:56:32 -------- d-----w- c:\users\jamie\appdata\roaming\HpUpdate
2011-09-10 18:13:45 -------- d-----w- c:\program files\Microsoft Application Compatibility Toolkit
2011-09-09 19:42:17 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-09 19:41:32 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-09-09 19:41:32 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-07 23:09:18 -------- d-----w- c:\users\jamie\appdata\local\Apple Computer
2011-09-02 21:48:18 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-02 21:48:17 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-02 21:48:17 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-02 21:48:17 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-09-02 21:48:17 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-02 21:48:17 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-02 21:48:17 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-02 21:48:17 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-02 21:48:17 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-02 21:48:17 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-01 23:47:32 -------- d-----w- c:\users\jamie\appdata\local\Google
2011-08-31 21:20:39 -------- d-----w- c:\users\jamie\appdata\roaming\QuickScan
2011-08-27 19:44:19 -------- d-----w- c:\programdata\Funcom
2011-08-24 08:53:02 -------- d-----w- c:\program files\common files\xing shared
2011-08-24 08:46:09 -------- d-----w- c:\users\jamie\appdata\local\Apple
.
==================== Find3M ====================
.
2011-09-14 17:51:43 52224 ----a-w- c:\windows\ipuninst.exe
2011-09-01 23:20:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 18:45:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 08:52:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-03 11:50:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50:00 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:50:00 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50:00 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50:00 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50:00 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50:00 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 08:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-16 18:30:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 17:47:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 20:22:59.72 ===============

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 18 September 2011 - 03:47 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 18 September 2011 - 08:31 PM

Hello and thank you very much for replying. I ran combofix. It said a couple of times "Failed to get data for 'EnableLUA' whatever that means. I don't know if that's normal. It may well be that my Hard drive is going out but I'm not sure. I did have some virus problems but don't know if it's linked to the HD problem or not. Anyway, here's my Combofix Log. Thanks again.

ComboFix 11-09-18.03 - Jamie 09/18/2011 20:16:09.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1877 [GMT -5:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Jamie\AppData\Local\ApplicationHistory
c:\users\Jamie\AppData\Local\ApplicationHistory\CasPol.exe.f62feae4.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\dndlauncher.exe.b1babda4.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\dndlauncher.exe.c6c7008.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\dndlauncher.exe.ef3d20fe.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\HorizonsLauncher.exe.2335ed4e.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\SilentPatcher.exe.a668b5da.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\SilentPatcher.exe.b1f83e92.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\SilentPatcher.exe.b1f83e92.ini.inuse
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineInvoker.exe.51db07c9.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineInvoker.exe.53f847ef.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineInvoker.exe.b5b86065.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineInvoker.exe.ccffdf2c.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineLauncher.exe.ab650b53.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineLauncher.exe.b804356.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineLauncher.exe.b804356.ini.inuse
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineLauncher.exe.d221105d.ini
c:\users\Jamie\AppData\Local\ApplicationHistory\TurbineLauncher.exe.e60c41f9.ini
c:\users\Jamie\AppData\Roaming\app
c:\users\Jamie\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Jamie\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\system32\nvdispco3220140.dll
c:\windows\system32\nvdispco3220150.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-17 23:42 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E56BF66-7F61-46C9-A48F-0622B5A514DA}\mpengine.dll
2011-09-14 17:49 . 2011-09-14 17:49 -------- d-----w- c:\program files\Interplay
2011-09-13 22:54 . 2011-09-13 22:54 -------- d-----w- C:\BGII-SOA_Saves
2011-09-13 22:52 . 2011-09-13 22:53 -------- d-----w- C:\Sacred SAves
2011-09-13 22:12 . 2011-09-13 22:12 -------- d-----w- C:\Newest IWD2 Saves
2011-09-13 22:01 . 2011-09-13 22:01 -------- d-----w- c:\program files\Seagate
2011-09-11 18:03 . 2011-09-11 18:03 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-11 17:56 . 2011-09-11 18:10 -------- d-----w- c:\users\Jamie\AppData\Roaming\HpUpdate
2011-09-10 18:13 . 2011-09-13 00:11 -------- d-----w- c:\program files\Microsoft Application Compatibility Toolkit
2011-09-09 19:42 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-09-09 19:42 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-09-09 19:42 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-09 19:41 . 2011-09-09 19:42 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-09 19:41 . 2010-05-15 21:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-09-07 23:42 . 2011-09-08 18:00 -------- d-----w- c:\users\Default\{ac3b6253-5bef-4eb8-adde-d9288a0f6cb3}
2011-09-07 23:09 . 2011-09-07 23:09 -------- d-----w- c:\users\Jamie\AppData\Local\Apple Computer
2011-09-02 21:50 . 2011-09-15 18:16 -------- d-----w- c:\users\UpdatusUser
2011-09-02 21:48 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-02 21:48 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-02 21:48 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-02 21:48 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-09-02 21:48 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-02 21:48 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-02 21:48 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-02 21:48 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-02 21:48 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-02 21:48 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-01 23:47 . 2011-09-11 14:58 -------- d-----w- c:\users\Jamie\AppData\Local\Google
2011-08-31 21:20 . 2011-08-31 21:20 -------- d-----w- c:\users\Jamie\AppData\Roaming\QuickScan
2011-08-27 19:44 . 2011-08-27 19:44 -------- d-----w- c:\programdata\Funcom
2011-08-27 19:07 . 2011-08-27 19:43 -------- d-----w- c:\program files\Electronic Arts
2011-08-25 18:46 . 2011-08-25 18:46 -------- d-----w- c:\program files\Common Files\Java
2011-08-25 18:45 . 2011-08-25 18:45 -------- d-----w- c:\program files\Java
2011-08-24 08:53 . 2011-08-24 08:53 -------- d-----w- c:\program files\Common Files\xing shared
2011-08-24 08:48 . 2011-09-07 20:56 -------- d-----w- c:\programdata\Apple Computer
2011-08-24 08:46 . 2011-08-24 08:46 -------- d-----w- c:\program files\Apple Software Update
2011-08-24 08:46 . 2011-08-24 08:46 -------- d-----w- c:\users\Jamie\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 17:51 . 2009-01-17 00:57 52224 ----a-w- c:\windows\ipuninst.exe
2011-09-01 23:20 . 2011-06-06 19:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 18:45 . 2010-05-10 01:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 08:52 . 2008-03-11 08:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-03 11:50 . 2011-04-08 03:45 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:50 . 2011-04-08 03:45 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-04-08 03:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-08 03:44 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-04-08 03:44 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2011-03-21 17:10 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2010-05-27 18:46 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50 . 2010-04-03 23:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 08:31 . 2011-08-03 08:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-16 18:30 . 2010-03-13 23:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-07 00:52 . 2010-10-18 17:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-10-18 17:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:56 . 2011-08-11 01:15 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 17:47 . 2010-11-07 20:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 17:47 . 2010-11-07 20:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-11 17:22 . 2011-06-06 22:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-12 2969496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 ALSysIO;ALSysIO;c:\users\Jamie\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-13 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-06-25 78848]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
Trusted Zone: mywalmart.com
Trusted Zone: secunia.com
Trusted Zone: yahoo.com\login
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.1.1 68.94.156.1 68.94.157.1
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Drakensang The Dark Eye - c:\program files\ValuSoft\Drakensang The Dark Eye\uninst.exe
AddRemove-The Sith Lords Restored Content Mod_is1 - c:\program files\LucasArts\SWKotOR2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 20:22
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
.
[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:8b,2c,c9,68,ab,35,f9,30,ac,e9,0a,f1,7a,6d,e4,2d,9d,fe,88,8e,40,ac,ad,
eb,6c,bb,64,47,ca,76,c5,e3,86,c0,44,b0,cb,df,08,d5,a9,21,2a,df,d2,15,bb,3b,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:e6,04,e1,d6,c7,b8,41,bd,40,73,96,1f,4c,16,e0,90,6f,c0,6c,9c,79,
ba,71,63,9b,87,a2,e4,6e,a6,f5,a4,1f,65,91,04,49,1c,cb,32,82,ce,e8,e0,59,7d,\
"rkeysecu"=hex:6a,1e,83,43,ec,29,f7,6b,22,b5,02,79,ae,33,67,f3
.
Completion time: 2011-09-18 20:25:49
ComboFix-quarantined-files.txt 2011-09-19 01:25
.
Pre-Run: 194,226,413,568 bytes free
Post-Run: 194,191,937,536 bytes free
.
- - End Of File - - 6C8E024873A6B9DCAAD092BA12A52766

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 18 September 2011 - 09:49 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll | c:\windows\System32\wiaservc.dll

DDS::
Trusted Zone: mywalmart.com
Trusted Zone: secunia.com
Trusted Zone: yahoo.com\login
Trusted Zone: youtube.com\www

ClearJavaCache::


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 19 September 2011 - 12:10 PM

I dragged that script into Combofix and it asked for an update and I hit yes and after it updated it said: Windows cannot find 'Combofix' Make sure you typed the name correctly and then try again. So I drug the script back over to Combofix again and that time it worked. I went through some stuff saying Completed stage 1,2 etc. and afterwards I saved the log. Right after I closed it I had a message pop up saying: "Host Process for Windows Services stopped working and was closed" I've been getting those errors alot. So I restarted my computer to see if it was still giving me the hard drive error and it did. It says: ST3360320AS: Hard Disk failure is imminent. Please backup your hard disk and have it replaced.

I also didn't realize it was not a good idea to run windows in selective startup until I read everything at BleepingComputer. Unfortunately I've had my pc in selective startup for years now and I changed it back to normal a few weeks ago. Right before I started having trouble. I truly wish every site in the world wouldn't recommend doing these types of things without adequate research. I had gone through and disabled alot of useless junk like Realplayer and Quicktime right before all of this too. I checked out everything that I disabled and I don't think any of it was essential. Those things I couldn't get to stop running in startup I used Spybot to stop them as suggested. I don't know what may have happened if anything. I was hoping my HD was just doing this from a virus but I don't know. Anyway, here's my new ComboFix Log. Even if it turns out that my HD is going out I still really appreciate all your help. I try to be so careful on my computer but have been plagued with viruses since having vista. I don't even surf very much anymore and only at news sites like cbs but I still seem to get hit way too much. My brother is on the same network and he's not so careful and his XP doesn't seem to get hardly much at all in the way of viruses. I don't know, Here's that Log. Thanks again.

ComboFix 11-09-19.01 - Jamie 09/19/2011 11:41:15.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2077 [GMT -5:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
Command switches used :: c:\users\Jamie\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll --> c:\windows\System32\wiaservc.dll
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 16:48 . 2011-09-19 16:48 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2011-09-19 16:48 . 2011-09-19 16:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-19 16:48 . 2011-09-19 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-17 23:42 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E56BF66-7F61-46C9-A48F-0622B5A514DA}\mpengine.dll
2011-09-14 17:49 . 2011-09-14 17:49 -------- d-----w- c:\program files\Interplay
2011-09-13 22:54 . 2011-09-13 22:54 -------- d-----w- C:\BGII-SOA_Saves
2011-09-13 22:52 . 2011-09-13 22:53 -------- d-----w- C:\Sacred SAves
2011-09-13 22:12 . 2011-09-13 22:12 -------- d-----w- C:\Newest IWD2 Saves
2011-09-13 22:01 . 2011-09-13 22:01 -------- d-----w- c:\program files\Seagate
2011-09-11 18:03 . 2011-09-11 18:03 -------- d-----w- c:\windows\Hewlett-Packard
2011-09-11 17:56 . 2011-09-11 18:10 -------- d-----w- c:\users\Jamie\AppData\Roaming\HpUpdate
2011-09-10 18:13 . 2011-09-13 00:11 -------- d-----w- c:\program files\Microsoft Application Compatibility Toolkit
2011-09-09 19:42 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-09-09 19:42 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-09-09 19:42 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-09 19:41 . 2011-09-09 19:42 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-09 19:41 . 2010-05-15 21:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-09-07 23:42 . 2011-09-08 18:00 -------- d-----w- c:\users\Default\{ac3b6253-5bef-4eb8-adde-d9288a0f6cb3}
2011-09-07 23:09 . 2011-09-07 23:09 -------- d-----w- c:\users\Jamie\AppData\Local\Apple Computer
2011-09-02 21:50 . 2011-09-15 18:16 -------- d-----w- c:\users\UpdatusUser
2011-09-02 21:48 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-02 21:48 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-02 21:48 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-02 21:48 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-09-02 21:48 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-02 21:48 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-02 21:48 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-02 21:48 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-02 21:48 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-02 21:48 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-01 23:47 . 2011-09-11 14:58 -------- d-----w- c:\users\Jamie\AppData\Local\Google
2011-08-31 21:20 . 2011-08-31 21:20 -------- d-----w- c:\users\Jamie\AppData\Roaming\QuickScan
2011-08-27 19:44 . 2011-08-27 19:44 -------- d-----w- c:\programdata\Funcom
2011-08-27 19:07 . 2011-08-27 19:43 -------- d-----w- c:\program files\Electronic Arts
2011-08-25 18:46 . 2011-08-25 18:46 -------- d-----w- c:\program files\Common Files\Java
2011-08-25 18:45 . 2011-08-25 18:45 -------- d-----w- c:\program files\Java
2011-08-24 08:53 . 2011-08-24 08:53 -------- d-----w- c:\program files\Common Files\xing shared
2011-08-24 08:48 . 2011-09-07 20:56 -------- d-----w- c:\programdata\Apple Computer
2011-08-24 08:46 . 2011-08-24 08:46 -------- d-----w- c:\program files\Apple Software Update
2011-08-24 08:46 . 2011-08-24 08:46 -------- d-----w- c:\users\Jamie\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 17:51 . 2009-01-17 00:57 52224 ----a-w- c:\windows\ipuninst.exe
2011-09-01 23:20 . 2011-06-06 19:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 18:45 . 2010-05-10 01:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 08:52 . 2008-03-11 08:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-03 11:50 . 2011-04-08 03:45 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:50 . 2011-04-08 03:45 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-04-08 03:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-08 03:44 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-04-08 03:44 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2011-03-21 17:10 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2010-05-27 18:46 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50 . 2010-04-03 23:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 08:31 . 2011-08-03 08:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-16 18:30 . 2010-03-13 23:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-07 00:52 . 2010-10-18 17:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-10-18 17:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:56 . 2011-08-11 01:15 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-30 17:47 . 2010-11-07 20:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 17:47 . 2010-11-07 20:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-11 17:22 . 2011-06-06 22:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-12 2969496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 ALSysIO;ALSysIO;c:\users\Jamie\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-13 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-06-25 78848]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
TCP: DhcpNameServer = 192.168.1.1 68.94.156.1 68.94.157.1
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 11:48
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
.
[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:8b,2c,c9,68,ab,35,f9,30,ac,e9,0a,f1,7a,6d,e4,2d,9d,fe,88,8e,40,ac,ad,
eb,6c,bb,64,47,ca,76,c5,e3,86,c0,44,b0,cb,df,08,d5,a9,21,2a,df,d2,15,bb,3b,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:e6,04,e1,d6,c7,b8,41,bd,40,73,96,1f,4c,16,e0,90,6f,c0,6c,9c,79,
ba,71,63,9b,87,a2,e4,6e,a6,f5,a4,1f,65,91,04,49,1c,cb,32,82,ce,e8,e0,59,7d,\
"rkeysecu"=hex:6a,1e,83,43,ec,29,f7,6b,22,b5,02,79,ae,33,67,f3
.
Completion time: 2011-09-19 11:51:09
ComboFix-quarantined-files.txt 2011-09-19 16:51
ComboFix2.txt 2011-09-19 01:25
.
Pre-Run: 194,126,692,352 bytes free
Post-Run: 194,108,129,280 bytes free
.
- - End Of File - - EC842C3701DEDA3D8FB02FFBFB75B893

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 19 September 2011 - 04:47 PM

What's in this folder?

c:\users\Default\{ac3b6253-5bef-4eb8-adde-d9288a0f6cb3}

If it's empty > right click and delete it

Go through your installed programs list and uninstall anything you don't ever use


Now run TFC to clean out the junk

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.



NEXT



run Chkdsk on your harddrive, hopefully it will be able to identify and repair any bad clusters

  • Go to Start and type in cmd
  • Right-click on the cmd icon above, and click Run As Administrator
  • Type in chkdsk /R to the command window that appears, and press enter
  • Agree to the prompt, then reboot your system
Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.


let me know how the computer is behaving once you complete that

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 19 September 2011 - 08:50 PM

Hello. I did everything. That c:\users\Default\{ac3b6253-5bef-4eb8-adde-d9288a0f6cb3} was some leftover crap from my printer which I uninstalled a week or two ago because the software for it kept downloading Huge updates, like 4 to 5 20-100mb updates every week and Kodak doesn't seem to just offer the drivers without their ridiculous software with it. I Ran the TFC and it cleared out alot of crap. I was kinda surprised at how much it got since I run Disk Cleanup alot.

After the Chkdsk ran my computer rebooted and I couldn't see anything on my screen even though I could hear it so I had to do a hard boot to get it back up and it's still giving me that Hard disk failure is imminent message. Guess this means that my Hard drive really is going out? I was so hoping it was some kind of virus especially since I'd just had a couple of them.

Did you find any virus or adware junk in my logs? Just curious. I'm gonna buy a good AV Suite if I have to get a new HD. Or maybe a new computer since it'd be about the same price. Is there a certain AV product you would recommend for real time protection? If there's anything else you want me to try just please let me know and once again thank you for all of your help.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 19 September 2011 - 09:06 PM

Hi

Yes it does sound as though your hard drive is failing although you did have a couple of trojans on your system, there are a couple more scans to perform to make sure there are no left overs


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


Have you tried to defrag your system, that may help


First open an elevated Command Prompt
  • Go to Start > All Programs > Accessories
  • right click on the Command Prompt and choose “Run as administrator”
  • Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):
  • defrag c: -a
  • Vista will tell you a “Percent file fragmentation” and, at the bottom, if you need to defragment the drive or not.
  • To fully defragment your C:\ drive type the following:
  • defrag c: -w
  • Give it time to run (best to leave the computer alone) and then you’re done!

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 19 September 2011 - 10:26 PM

I ran Malewarebytes and it came up clean. I have actually been running it and Avira nearly everyday for the past week or so and they weren't able to find anything. I was running the ESET Online scanner but my computer crashed giving me that hard disk failure is imminent notice again. I'm gonna try to run it once again. If that doesn't work then I'll try and click their download link and see if that does better.

I've been trying to defrag but I keep crashing everytime. Bad thing is that I have never defraged my system once. Every single time I've run it it has always said your system is fine and does not need to be defragmented at this time. I just thought it was some kind of weird Vista thing. Once I have a new HD or PC then I'm gonna defrag every so often whether it says to or not. I'll try to get that ESET scan done tonight but if not then I'll try again in the morning.

Also after typing Defrag c: -a it says:
Volume Size 326GB
Free Space 178GB
Largest Free space extent 21.56GB
Percent File Fragmentation 0%
Note: On NTFS volumes file fragments larger than 64MB are not included in the fragmentation stats
You do not need to defragment this drive

Is this good?



Here's the Malewarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7751

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

9/19/2011 9:22:14 PM
mbam-log-2011-09-19 (21-22-14).txt

Scan type: Quick scan
Objects scanned: 189416
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 September 2011 - 01:11 PM

I can't get the ESET scan to finish without crashing. When it gets to around 33 or 34% I either crash to a blue screen or it crashes and gives me that hard drive failure is imminent warning. Everything else seems to be working fine though. I'm not getting any more weird pop ups or anything. I'm probably just going to get a new computer on my next paycheck seeing as how it's only about a hundred dollars more than buying a new hd and windows 7. I've been wanting an upgrade anyway. Hopefully Windows 7 will be much better than Vista has been for me. Thank you so much for taking the time to help me out. I just didn't want to spend that much money on the off chance that this was all caused by a virus. If you need me to run anything else I will. I'll check back every hour or so until I hear from you. I'm gonna try defragging one more time and see if I can get it to do so without crashing. Thank you.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 20 September 2011 - 07:12 PM

Hi

If Chkdsk didn't help and you can't complete a defrag then its likely your HD is failing for sure, I'd back up what you need to back up and save your important documents, pictures music etc.while you can.



I'll give my usual housekeeping speech then you can use some of the tips for your new computer, make sure you get an installation disk with your new computer, manufacturers don't like to give them, but will if you insist.

good luck


You can delete the DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 September 2011 - 09:29 PM

Hello and thank you so much for the tips. I've copied them down and sent them as an attachment to my email so If I go down for good I'll still have them. I just have one question. When you said to make sure to get an installation disk do you mean like windows 7? And if so who should I talk to? I was looking at a computer at Wal-Mart would I ask them about getting the disk or contact the manufacturer of the PC after I buy a computer? Or should I try to shop somewhere else like online or Bestbuy? I'd definetly love to have a disk. I hate how they stopped giving them with computers. Most people like me just buy a ready-to-go pc from walmart or something and can't really afford the extra two hundred for a Windows disk. It's a shame when you spend 7 to 8 hundred like I did on this last computer that you don't actually get one with it.

Thank you for all of your help. I have most everything I want burnt to a cd. My backup won't work, it keeps crashing on me but I managed to save all the important stuff. At least now I know it's my HD and not a virus or something. Thank you very much for helping me and tell everyone at BleepingComputer.com how much I appreciate and respect them for doing what they do. Thank You.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:58 AM

Posted 21 September 2011 - 04:16 PM

You are welcome

It's the manufacturer of the machine that needs to supply the installation disk of the operating system, some will want to charge a nominal fee to give it to you but I think it's well worth it, if anything goes wrong then you have it there, or make sure you make a set of recovery disks as soon as you open the box and then back up your system on a regular basis.

Good Luck

~CB

One other thing you might want to do that I just thought of - download, install and run SeaTools for Windows
It will test your hard drive to help determine what is wrong with it.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users