Jump to content

Search the Community

Showing results for tags 'BSOD'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello I know your all busy so I'll keep this as short and as easy to read as possible. I have a rootkit that's been here for a while. I've been keylogged, monitored, lost admin rights had the bsod so I physically replaced the ram, wiped my hdd several times, gone into bios and flashed from there antivirus has stopped before finish, reads infection as clean and can't update, new anti virus doesn't pick up anything, virus is written to mbr windows can't pick up, worms itself through drivers and replaced gfx card, I have a tv and stb that I can't connect yet to the Internet because when I purchased a new laptop as soon as I connected the wifi the laptop got infected I read this can be done with dns changer as the dns dlds new malware even to clean pc's. I don't have dns changer but the dns being hijacked would do the same thing. I've used Gmer, FixTDSS, ewido, mbrscan, kaspersky, avg, mse, rootbuster, roguekiller, tdsskiller and more nothing will pick up. Based on my firewall I think there is a hidden network when I connect and l want to know what programs are the best for finding out anything hiding behind or configuring the router. When I check ipconfig it says the dns is 10.1.1.1 but wouldn't it just be the dns from the isp? No rogue dns can be displayed but all symptoms of an infected dns is there. I get skidded web sites, kiddie scripts, blocked or denial of service. I have changed my ISP account but it's like the router is still configured to be under attack because the adsl light wasn't solid before I even connect the pc to try the new account. Could it be access to the phone line alone? I know my calls have been listened in on or disconnected. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 19:50:13 ----------------------------- 19:50:13.761 OS Version: Windows 6.1.7601 Service Pack 1 19:50:13.761 Number of processors: 1 586 0xD06 19:50:13.761 ComputerName: ALAN-LAPTOP UserName: Alan 19:50:26.995 Initialize success 19:50:33.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:50:33.737 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 19:50:33.757 Disk 0 MBR read successfully 19:50:33.757 Disk 0 MBR scan 19:50:33.767 Disk 0 Windows 7 default MBR code 19:50:33.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 19:50:33.787 Disk 0 scanning sectors +234438656 19:50:33.867 Disk 0 scanning C:\Windows\system32\drivers 19:50:40.006 Service scanning 19:50:45.714 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 19:50:46.695 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 19:50:56.740 Modules scanning 19:51:08.757 Disk 0 trace - called modules: 19:51:08.797 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 19:51:08.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 19:51:08.817 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 19:51:08.827 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 19:51:08.847 Scan finished successfully 20:09:46.807 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:09:46.817 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 20:23:26 ----------------------------- 20:23:26.028 OS Version: Windows 6.1.7601 Service Pack 1 20:23:26.028 Number of processors: 1 586 0xD06 20:23:26.028 ComputerName: ALAN-LAPTOP UserName: Alan 20:23:26.839 Initialize success 20:23:30.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:23:30.674 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 20:23:30.694 Disk 0 MBR read successfully 20:23:30.704 Disk 0 MBR scan 20:23:30.704 Disk 0 Windows 7 default MBR code 20:23:30.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 20:23:30.724 Disk 0 scanning sectors +234438656 20:23:30.784 Disk 0 scanning C:\Windows\system32\drivers 20:23:36.603 Service scanning 20:23:41.961 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 20:23:42.862 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 20:23:52.185 Modules scanning 20:24:03.605 Disk 0 trace - called modules: 20:24:03.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 20:24:03.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 20:24:03.625 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 20:24:03.625 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 20:24:03.625 Scan finished successfully 20:24:12.932 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:24:12.952 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (32 bit) PROCESSOR : x86 Family 6 Model 13 Stepping 6, GenuineIntel BOOT : Normal Boot DATE : 2012/09/01 (ISO 8601) at 20:22:50 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __SAMSUNG HM121HC (LS100-10) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 111.8 Go [Fixed] ==> 7 MBR Code MBR_MD5 : EA7111D01CF65E981A7ED331D2CCCC18 MBR_SHA1 : 0DF8508901D6811ACF3FC0D5C6F718A94ED56C8A Device\Harddisk0\Partition1 111.8 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x8EABA000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0x8EAC5000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x8EACE000 SIZE : 68.0 Ko DRIVER : C:\Users\Alan\AppData\Local\Temp\aswMBR.sys => Invisible on the disk ADDRESS : 0x93C00000 SIZE : 48.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 64 C5 C4 A3 00 00 80 20 em...c{.dÅÄ£... 0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 38 F9 0D 00 00 !..þ.......8ù... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Alan [Admin rights] Mode: Scan -- Date: 09/01/2012 20:33:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[39] : NtAlpcSendWaitReceivePort @ 0x82A7DCC5 -> HOOKED (Unknown @ 0x853073F0) SSDT[215] : NtProtectVirtualMemory @ 0x82A6E483 -> HOOKED (Unknown @ 0x85DA4A18) SSDT[370] : NtTerminateProcess @ 0x82A4A3E6 -> HOOKED (Unknown @ 0x85308380) S_SSDT[14] : Unknown -> HOOKED (Unknown @ 0x85DA7FD0) S_SSDT[302] : Unknown -> HOOKED (Unknown @ 0x85DA6CD8) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x85DA1A00) S_SSDT[361] : Unknown -> HOOKED (Unknown @ 0x85D96B50) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x85DADC90) S_SSDT[408] : Unknown -> HOOKED (Unknown @ 0x85D9CBF0) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x85DADBC0) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85DADC28) S_SSDT[447] : Unknown -> HOOKED (Unknown @ 0x85DB0F68) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x85DB0FD0) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x85DAD868) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x85D9C8B0) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x85DAE858) S_SSDT[594] : Unknown -> HOOKED (Unknown @ 0x85DA0A58) S_SSDT[607] : Unknown -> HOOKED (Unknown @ 0x85DA1868) _INLINE_ : NtCreateKey -> HOOKED (Unknown @ 0x85DA6B38) _INLINE_ : NtOpenKey -> HOOKED (Unknown @ 0x85DA7E48) _INLINE_ : NtOpenKeyEx -> HOOKED (Unknown @ 0x85DADCF8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM121HC ATA Device +++++ --- User --- [MBR] ea7111d01cf65e981a7ed331d2cccc18 [bSP] 41f6f0124a45d065c91422fa63be84ab : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> Can anyone give me some info on this please. Did the reports I posted seem suspicious in any way?
  2. Here's the background: After doing a thorough cleaning of MBAM, ESET, & MSSE, I started seeing the Blocked IP messages, and it was obvious from a "netstat -ano" that the offending executable was svchost.exe, which was also growing in RAM until the entire machine would either become completely unresponsive, BSOD, or just reset. So in an effort to isolate the problem, I followed "Getting Started with SVCHOST.EXE Troubleshooting" http://blogs.technet...leshooting.aspx , and found through isolating the services to their own svchost.exe that the offending service was gpsvc . gpsvc has protected permissions in regedit, and I'm hesitant to mess with it. The machine was previously a domain member, but now is stand-alone and the problem persists, so if the problem resides there, it's local. Disabling the adapter connecting to the Internet seems to be the best way to halt the virus activity, and prevent crashing. Using the TCP/IP tab of "Process Explorer" you can watch the svchost with the gpsvc service grow and start launching all the tcp connections a few seconds after an Internet connection can be established. So what is this evil, and how can we cast it out forever? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:39:06 PM, on 3/25/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} (SFImageUpload1_10.ImageUpload) - http://riteaid.store...eUpload1_10.CAB O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgre...eensActivia.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.ado...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8371982F-EBF2-474C-91A1-0F111FDA3BB1}: NameServer = 209.183.35.23 209.183.33.23 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- End of file - 7372 bytes Since I was experiencing the exact issues as "piggyigg", I went rogue and followed Maurice Naggar's instructions here: http://forums.malwar...ndpost&p=535809 Even though I didn't think it was going to work, I ran Combofix, RogueKiller(crashed), TDSSKiller, & GooredFix The most significant I believe was Combofix & TDSSKiller. svchost.exe is now clean. I set the service types back to "share" and all is well. One of the items I noted Combofix delete was an ini file for the Intel wireless on this laptop. Not sure if that was triggerring the problem or not -- just glad it's over now. TDSSKiller also found what looked like a hidden virtual harddisk. Thanks to Maurice!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.