Jump to content

Malwarebytes freezes after 2 seconds


Recommended Posts

  • Root Admin

Hello there Rabbit,

I will taking over your case from Maniac for now.

STEP 01

Please restart the computer into the Recovery Console

Then type the following exactly as shown.

COPY C:\WINDOWS\SYSTEM32\DRIVERS\iastor.sys C:\iastor.bin

STEP 02

Then restart the computer and upload the file C:\iastor.bin to virustotal.com and have it scanned.

If it says it's already been scanned just tell it to rescan the file and then post back the results.

STEP 03

Please uninstall the following programs for now. We can re-install ZoneAlarm and TuneUp Utilities again once we're done here.

You can review this page that has tools to help manually remove programs like ZoneAlarm that can be difficult to remove.

Macromedia Flash Player

TuneUp Utilities

ZoneAlarm

STEP 04

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=-
"ZoneAlarm Client"=-
"CTHelper"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
Driver::
kbeepm
MEMSWEEP2
File::
c:\docume~1\JOHNMA~1\LOCALS~1\Temp\kbeepm.sys
c:\windows\system32\BD.tmp
NetSvc::
getPlusHelper

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 05

Click on
START - RUN
and type in
SIGVERIF
and click OK

This is a Microsoft File Signature Verification program that will check some file status for us.

  • Click on the
    START
    button and let it run.

  • It will popup a box when it's done to show the status, you can close that box.

  • Close the
    File Signature Verification
    application.

  • Find and attach the file C:\WINDOWS\
    SIGVERIF.TXT
    to your reply.

  • DO NOT
    post the log directly into your reply, attach the file please.

STEP 06

    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

After the loading bar for the Windows Recovery Console, I got a new Blue Screen of Death, warning of viruses, suggesting I remove new hardware, and suggesting that type CHKDSK /F in the command console.

Ran Check Disk a few days ago, and it came up with very little.

Shall I run CHKDSK again, continue with the rest of the list, or is there some solution to the BSOD?

BSOD Technical Data

***Stop:0000007b (0F78D2524, 0xC0000034, 0x00000000, 0x00000000)

Link to post
Share on other sites

  • Root Admin

It is probably due to the fact that you have a SATA hard drive and the XP CD does not have native SATA drivers on it for your system.

Go into the BIOS, find the SATA Menu and change in to Legacy mode (or ATA mode).

OR just disable AHCI if you have that option.

Then try the process again.

Link to post
Share on other sites

VirusTotal Scan of iastor.bin

File 81A8F62D00532BB84BE6070C4E818100BBBA23ED.sys received on 2010.04.06 13:47:45 (UTC)

Current status: finished

Result: 0/39 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.04.06 -

AhnLab-V3 5.0.0.2 2010.04.05 -

AntiVir 7.10.6.29 2010.04.06 -

Antiy-AVL 2.0.3.7 2010.04.06 -

Authentium 5.2.0.5 2010.04.06 -

Avast 4.8.1351.0 2010.04.06 -

Avast5 5.0.332.0 2010.04.06 -

AVG 9.0.0.787 2010.04.06 -

BitDefender 7.2 2010.04.06 -

CAT-QuickHeal 10.00 2010.04.06 -

ClamAV 0.96.0.3-git 2010.04.06 -

Comodo 4516 2010.04.06 -

DrWeb 5.0.2.03300 2010.04.06 -

eSafe 7.0.17.0 2010.04.01 -

eTrust-Vet 35.2.7410 2010.04.06 -

F-Prot 4.5.1.85 2010.04.05 -

F-Secure 9.0.15370.0 2010.04.06 -

Fortinet 4.0.14.0 2010.04.06 -

GData 19 2010.04.06 -

Ikarus T3.1.1.80.0 2010.04.06 -

Jiangmin 13.0.900 2010.04.06 -

Kaspersky 7.0.0.125 2010.04.06 -

McAfee-GW-Edition 6.8.5 2010.04.06 -

Microsoft 1.5605 2010.04.06 -

NOD32 5004 2010.04.06 -

Norman 6.04.11 2010.04.06 -

nProtect 2009.1.8.0 2010.04.06 -

Panda 10.0.2.2 2010.04.05 -

PCTools 7.0.3.5 2010.04.06 -

Prevx 3.0 2010.04.06 -

Rising 22.42.01.04 2010.04.06 -

Sophos 4.52.0 2010.04.06 -

Sunbelt 6143 2010.04.06 -

Symantec 20091.2.0.41 2010.04.06 -

TheHacker 6.5.2.0.256 2010.04.06 -

TrendMicro 9.120.0.1004 2010.04.06 -

VBA32 3.12.12.4 2010.04.05 -

ViRobot 2010.4.6.2263 2010.04.06 -

VirusBuster 5.0.27.0 2010.04.06 -

Additional information

File size: 477952 bytes

MD5 : d7731536e183b4397402ca6f9e1d52f7

SHA1 : 1bb9158a3634e29c3abe1d88707ba0f1b21d9dff

SHA256: 32c7fbb2f151faa4f0b4a77fd11bf3098b5691d5dbcf1e3648b932d792174241

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x3676

timedatestamp.....: 0x40E1B22A (Tue Jun 29 20:17:14 2004)

machinetype.......: 0x14C (Intel I386)

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x300 0x37F3E 0x37F80 6.58 b087a0b6145bab659f8ae9db70ed72ba

.rdata 0x38280 0x11A4 0x1200 4.96 dec4ad02df321c919de1d35469dfbfa4

.data 0x39480 0x38574 0x38580 0.11 671f49fab98da90ec610bcef549b3cb1

INIT 0x71A00 0xD2C 0xD80 5.58 b09f4f0968adf979bba0cc6a5a61f374

.rsrc 0x72780 0x448 0x480 3.17 b38228c938a2779e4a9bee57de9af68a

.reloc 0x72C00 0x1EBE 0x1F00 5.99 1ed403ca7ea327de46f73c9f99624e43

( 2 imports )

> hal.dll: ExAcquireFastMutex, ExReleaseFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, KeGetCurrentIrql, READ_PORT_ULONG, WRITE_PORT_ULONG, WRITE_PORT_BUFFER_ULONG, READ_PORT_BUFFER_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR, READ_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, HalGetInterruptVector

> ntoskrnl.exe: memmove, _vsnprintf, KeInsertQueueDpc, MmAllocateNonCachedMemory, KeInitializeSpinLock, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoInvalidateDeviceRelations, IoFreeWorkItem, IoRequestDeviceEject, IoQueueWorkItem, IoAllocateWorkItem, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, IofCompleteRequest, IofCallDriver, IoGetDmaAdapter, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwCreateKey, swprintf, KeWaitForSingleObject, KeInitializeEvent, IoDisconnectInterrupt, IoGetConfigurationInformation, IoDeleteDevice, ExDeleteNPagedLookasideList, KeCancelTimer, IoFreeIrp, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoDetachDevice, IoDeleteSymbolicLink, IoConnectInterrupt, IoReleaseRemoveLockAndWaitEx, strstr, strncat, sprintf, IoBuildDeviceIoControlRequest, PoSetPowerState, PoRegisterDeviceForIdleDetection, RtlCompareMemory, KeClearEvent, IoInitializeRemoveLockEx, ObfReferenceObject, KeSetTimer, KeBugCheckEx, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlCopyUnicodeString, IoReleaseRemoveLockEx, KeSetEvent, KeRemoveQueueDpc, ObfDereferenceObject, IoGetAttachedDeviceReference, IoAllocateIrp, IoInvalidateDeviceState, strncpy, strncmp, PoRequestPowerIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, _local_unwind2, MmMapLockedPagesSpecifyCache, PsTerminateSystemThread, KeWaitForMultipleObjects, _allmul, KeBugCheck, KeSetPriorityThread, ObReferenceObjectByHandle, PsCreateSystemThread, ExInitializeNPagedLookasideList, KeInitializeDpc, KeInitializeTimer, MmMapIoSpace, IoReportResourceForDetection, MmUnmapIoSpace, RtlCheckRegistryKey, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, READ_REGISTER_ULONG, PsGetVersion, _alldiv, PoStartNextPowerIrp, PoCallDriver, ExSystemTimeToLocalTime, KeQuerySystemTime, _purecall, _except_handler3, RtlCreateRegistryKey, DbgPrint, ZwOpenKey, ZwClose, ZwQueryValueKey, RtlWriteRegistryValue, RtlInitUnicodeString, wcslen, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, ExFreePoolWithTag, KeNumberProcessors, MmGetPhysicalAddress, IoAcquireRemoveLockEx, WRITE_REGISTER_ULONG

( 0 exports )

TrID : File type identification

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ssdeep: 6144:DzF2q7zhUndlZP4+7ewqZ4Z+1liPqoROGwiSm:lpnhUndc6+1liyuX

sigcheck: publisher....: Intel Corporation

copyright....: Copyright© Intel Corporation 1994-2004

product......: Intel Application Accelerator driver

description..: Intel Application Accelerator driver

original name: iaStor.sys

internal name: iaStor.sys

file version.: 4.5.0.6515

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

ComboFix 10-06-05.03 - John Macdonald 06/06/2010 12:15:24.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2471 [GMT -4:00]

Running from: c:\documents and settings\John Macdonald\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\John Macdonald\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\docume~1\JOHNMA~1\LOCALS~1\Temp\kbeepm.sys"

"c:\windows\system32\BD.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\AUTORUN.INF . . . . failed to delete

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KBEEPM

-------\Legacy_MEMSWEEP2

-------\Service_kbeepm

-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))

.

2010-06-03 12:14 . 2010-06-03 12:14 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-06-03 12:14 . 2010-06-03 12:14 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-05-31 18:01 . 2010-05-31 18:01 63488 ----a-w- c:\documents and settings\John Macdonald\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-05-31 18:01 . 2010-05-31 18:01 52224 ----a-w- c:\documents and settings\John Macdonald\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-31 18:01 . 2010-05-31 18:01 117760 ----a-w- c:\documents and settings\John Macdonald\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-31 18:00 . 2010-05-31 18:00 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\SUPERAntiSpyware.com

2010-05-31 18:00 . 2010-05-31 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-05-31 18:00 . 2010-05-31 18:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-30 15:13 . 2010-05-30 15:13 -------- d-----w- c:\documents and settings\John Macdonald\DoctorWeb

2010-05-28 19:52 . 2010-05-28 19:52 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\NVIDIA

2010-05-27 06:08 . 2010-05-27 06:08 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\VistaCodecs

2010-05-27 06:08 . 2010-05-27 06:08 -------- d-----w- c:\program files\VistaCodecPack

2010-05-27 06:06 . 2010-05-27 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs

2010-05-27 06:02 . 2010-05-27 06:02 -------- d-----w- c:\program files\MPC Homecinema

2010-05-27 05:57 . 2010-06-06 06:30 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\Media Player Classic

2010-05-27 04:10 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-05-27 04:10 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

2010-05-25 22:20 . 2010-05-25 22:20 -------- d-----w- c:\program files\Trend Micro

2010-05-25 16:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-25 16:29 . 2010-05-29 15:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 16:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-24 02:05 . 2010-05-24 02:06 -------- d-----w- c:\program files\iTunes

2010-05-24 02:05 . 2010-05-24 02:05 -------- d-----w- c:\program files\Apple Software Update

2010-05-22 06:16 . 2010-05-22 06:16 -------- d-sh--w- c:\documents and settings\John Macdonald\IECompatCache

2010-05-21 06:39 . 2010-05-25 16:29 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\Malwarebytes

2010-05-21 06:39 . 2010-05-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-18 21:58 . 2010-05-18 21:58 1085440 ----a-w- c:\windows\system32\VSFilter.dll

2010-05-18 05:47 . 2010-05-18 05:47 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-17 00:33 . 2010-05-17 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-05-17 00:33 . 2010-05-17 00:33 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\Office Genuine Advantage

2010-05-16 18:32 . 2010-05-16 21:26 -------- d--h--w- c:\windows\Icons

2010-05-09 04:46 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-06 06:26 . 2008-01-20 23:00 -------- d-----w- c:\program files\CCleaner

2010-06-03 21:12 . 2005-05-26 22:30 40714 -c--a-w- c:\documents and settings\John Macdonald\Application Data\wklnhst.dat

2010-06-03 12:14 . 2009-01-30 06:21 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 12:14 . 2009-01-30 06:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-30 07:17 . 2006-12-17 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-29 18:41 . 2005-05-27 01:56 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-27 06:50 . 2005-12-08 00:39 -------- d-----w- c:\program files\DivX

2010-05-27 06:50 . 2006-02-02 05:31 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\Petroglyph

2010-05-27 04:13 . 2009-09-30 00:48 -------- d-----w- c:\program files\NVIDIA Corporation

2010-05-27 04:12 . 2008-11-23 17:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-26 20:39 . 2005-05-20 01:50 -------- d-----w- c:\program files\Java

2010-05-24 02:05 . 2005-05-27 17:59 -------- d-----w- c:\program files\iPod

2010-05-24 02:05 . 2007-07-26 02:30 -------- d-----w- c:\program files\Common Files\Apple

2010-05-16 04:19 . 2005-05-29 15:29 -------- d-----w- c:\program files\World of Warcraft

2010-05-16 04:06 . 2005-05-20 01:51 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-07 03:43 . 2005-05-27 18:00 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\Apple Computer

2010-05-07 03:43 . 2010-05-07 03:43 -------- d-----w- c:\program files\Bonjour

2010-04-29 06:40 . 2005-08-08 04:09 76648 -c--a-w- c:\documents and settings\John Macdonald\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-29 05:57 . 2010-04-13 23:46 -------- d-----w- c:\program files\HRBlock2009

2010-04-29 05:52 . 2010-04-13 23:46 -------- d-----w- c:\program files\PDF995

2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-04-28 01:29 . 2010-04-28 01:29 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\TuneUp Software

2010-04-28 01:29 . 2010-04-28 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2010-04-28 01:29 . 2010-04-28 01:29 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-04-15 01:21 . 2010-04-15 01:21 -------- d-----w- c:\program files\StreamTransport

2010-04-15 00:41 . 2010-04-13 23:47 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\TaxCut

2010-04-15 00:41 . 2010-04-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2010-04-14 02:04 . 2010-04-14 02:04 -------- d-----w- c:\documents and settings\John Macdonald\Application Data\pdf995

2010-04-14 02:00 . 2010-04-14 02:00 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2010-04-14 02:00 . 2010-04-14 02:00 249856 ----a-w- c:\windows\system32\pdfmona.dll

2010-04-14 00:34 . 2010-04-14 00:34 3116520 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockCT.exe

2010-04-13 23:48 . 2010-04-13 23:47 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026901xupd.exe

2010-04-13 23:45 . 2010-04-13 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut

2010-04-13 03:00 . 2010-04-01 23:22 -------- d-----w- c:\program files\Activision

2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-04 02:26 . 2010-04-04 02:25 8 ----a-w- c:\windows\crpf.bin

2010-04-04 02:25 . 2010-04-04 02:25 4 ----a-w- c:\windows\crpf_sdum.bin

2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-04-03 22:55 . 2009-09-30 05:38 600680 -c--a-w- c:\windows\system32\nvudisp.exe

2010-04-03 22:55 . 2009-06-10 10:03 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-04-03 22:55 . 2009-06-10 10:03 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-04-03 22:55 . 2009-06-10 10:03 2030184 ----a-w- c:\windows\system32\nvcuvid.dll

2010-04-03 22:55 . 2008-12-25 16:08 4075520 ----a-w- c:\windows\system32\nvcuda.dll

2010-04-03 22:55 . 2008-12-25 16:08 227944 ----a-w- c:\windows\system32\nvcodins.dll

2010-04-03 22:55 . 2008-12-25 16:08 227944 ----a-w- c:\windows\system32\nvcod.dll

2010-04-03 22:55 . 2008-12-25 16:08 14757888 ----a-w- c:\windows\system32\nvoglnt.dll

2010-04-03 22:55 . 2008-12-25 16:08 1097728 ----a-w- c:\windows\system32\nvapi.dll

2010-04-03 22:55 . 2006-09-04 16:24 6432128 ----a-w- c:\windows\system32\nv4_disp.dll

2010-04-03 22:55 . 1980-01-01 05:00 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-04-03 06:19 . 2010-04-03 06:19 503808 ----a-w- c:\documents and settings\John Macdonald\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1624d392-n\msvcp71.dll

2010-04-03 06:19 . 2010-04-03 06:19 499712 ----a-w- c:\documents and settings\John Macdonald\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1624d392-n\jmc.dll

2010-04-03 06:19 . 2010-04-03 06:19 348160 ----a-w- c:\documents and settings\John Macdonald\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1624d392-n\msvcr71.dll

2010-04-03 06:19 . 2010-04-03 06:19 61440 ----a-w- c:\documents and settings\John Macdonald\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6b4d2e3f-n\decora-sse.dll

2010-04-03 06:19 . 2010-04-03 06:19 12800 ----a-w- c:\documents and settings\John Macdonald\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6b4d2e3f-n\decora-d3d.dll

2010-04-02 22:31 . 2010-04-02 22:31 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-04-02 22:31 . 2010-04-02 22:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-04-02 22:31 . 2010-04-02 22:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-04-02 22:31 . 2010-04-02 22:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-04-02 22:31 . 2010-04-02 22:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-04-02 22:31 . 2010-04-02 22:31 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-04-02 22:31 . 2010-04-02 22:31 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-02 22:31 . 2010-04-02 22:31 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-02 22:31 . 2010-04-02 22:31 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-02 22:30 . 2004-09-16 17:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-04-02 22:30 . 2004-09-16 17:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-02 20:54 . 2009-09-30 05:34 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE

2010-03-17 18:54 . 2010-03-17 18:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-17 18:53 . 2009-01-30 06:21 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2008-08-10 17:59 . 2008-08-10 21:58 262144 -c--a-w- c:\program files\Uninstall Spy Blocker.dll

2009-07-09 14:23 . 2009-07-09 14:17 577568 -csha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HWDN1 Wireless Utility.lnk - c:\program files\Hawking\Common\RaUI.exe [2009-9-25 704512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-17 18:54 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk

backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2009-04-29 17:55 3338240 -c--a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-03-26 15:55 133104 -c--atw- c:\documents and settings\John Macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-04-03 23:23 13670504 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-04-03 23:23 110696 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-05-26 21:17 1238352 ----a-w- c:\valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-04-02 22:30 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"FastUserSwitchingCompatibility"=3 (0x3)

"PnkBstrA"=2 (0x2)

"JavaQuickStarterService"=3 (0x3)

"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"UpdReg"=c:\windows\UpdReg.EXE

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"CTSysVol"=c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Valve\\Steam\\Steam.exe"=

"c:\\WINDOWS\\SYSTEM32\\MQSVC.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=

"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=

"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=

"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=

"c:\\Program Files\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Games\\Mass Effect\\MassEffectLauncher.exe"=

"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Program Files\\Games\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Program Files\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Program Files\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

"c:\\Program Files\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Valve\\Steam\\SteamApps\\agentsmythe\\counter-strike source\\hl2.exe"=

"c:\\Valve\\Steam\\SteamApps\\common\\nexus the jupiter incident\\runme.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/30/2009 2:21 AM 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [1/30/2009 2:21 AM 242896]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 2:53 PM 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 2:54 PM 308064]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [3/4/2009 2:42 PM 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [3/4/2009 2:42 PM 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [3/4/2009 2:42 PM 566296]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 10:00 AM 133104]

S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [3/4/2009 2:42 PM 99352]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/22/2009 12:46 AM 79360]

S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]

S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [3/4/2009 2:42 PM 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [3/4/2009 2:42 PM 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [3/4/2009 2:42 PM 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [3/4/2009 2:42 PM 566296]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [11/14/2009 1:54 AM 25832]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/25/2010 12:29 PM 38224]

S4 PrintSuperVision Assistant;PrintSuperVision Assistant;c:\program files\PrintSuperVision Assistant\PSVSAService.exe --> c:\program files\PrintSuperVision Assistant\PSVSAService.exe [?]

S4 PRISMSVC;PRISMSVC;c:\windows\SYSTEM32\PRISMSVC.exe [5/19/2005 9:51 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 14:00]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 14:00]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3365313937-3253272465-2137926639-1005Core.job

- c:\documents and settings\John Macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-26 15:55]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3365313937-3253272465-2137926639-1005UA.job

- c:\documents and settings\John Macdonald\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-26 15:55]

2010-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3365313937-3253272465-2137926639-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3365313937-3253272465-2137926639-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell4me.com/myway

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &AIM Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\John Macdonald\Application Data\Mozilla\Firefox\Profiles\1oj6u7or.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\John Macdonald\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\windows\system32\Cult3D\NPMCult3DP.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-06 12:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3365313937-3253272465-2137926639-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b4,5a,22,4d,78,ad,e2,77,fb,9c,7a,8e,19,66,6c,90,a7,f6,f7,f1,d0,04,39,

58,83,2e,d3,7f,ba,3e,d5,99,97,c1,3f,e1,32,93,b8,2a,a4,8b,57,89,17,79,a9,91,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-3365313937-3253272465-2137926639-1005\Software\SecuROM\License information*]

"datasecu"=hex:9a,77,b6,be,5e,8c,d7,a3,2b,04,2c,6b,a0,84,3b,15,fd,88,c7,a5,e6,

4b,c4,2b,7b,30,18,d6,79,7f,03,e5,1d,8e,e0,69,9a,85,73,53,39,24,68,bd,a5,82,\

"rkeysecu"=hex:f8,49,c5,73,b7,f6,49,8f,af,66,2d,82,39,e1,af,63

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\PRISMAPI.dll

- - - - - - - > 'explorer.exe'(3772)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\windows\system32\msdtc.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\PRISMSVR.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-06-06 12:27:24 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-06 16:27

ComboFix2.txt 2010-05-29 20:37

ComboFix3.txt 2010-05-29 20:01

Pre-Run: 41,115,119,616 bytes free

Post-Run: 40,957,321,216 bytes free

- - End Of File - - 4DB91AC177B5D399960699FDC8AD2E58

NTBTLOG

Service Pack 3 6 6 2010 12:40:39.375

Loaded driver \WINDOWS\system32\ntkrnlpa.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver sfsync04.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver aliide.sys

Loaded driver cmdide.sys

Loaded driver toside.sys

Loaded driver viaide.sys

Loaded driver intelide.sys

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver cpqarray.sys

Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

Loaded driver iaStor.sys

Loaded driver atapi.sys

Loaded driver aha154x.sys

Loaded driver sparrow.sys

Loaded driver symc810.sys

Loaded driver aic78xx.sys

Loaded driver dac960nt.sys

Loaded driver ql10wnt.sys

Loaded driver amsint.sys

Loaded driver asc.sys

Loaded driver asc3550.sys

Loaded driver mraid35x.sys

Loaded driver i2omp.sys

Loaded driver ini910u.sys

Loaded driver ql1240.sys

Loaded driver aic78u2.sys

Loaded driver symc8xx.sys

Loaded driver sym_hi.sys

Loaded driver sym_u3.sys

Loaded driver ABP480N5.SYS

Loaded driver asc3350p.sys

Loaded driver cd20xrnt.sys

Loaded driver ultra.sys

Loaded driver adpu160m.sys

Loaded driver dpti2o.sys

Loaded driver ql1080.sys

Loaded driver ql1280.sys

Loaded driver ql12160.sys

Loaded driver perc2.sys

Loaded driver perc2hib.sys

Loaded driver hpn.sys

Loaded driver cbidf2k.sys

Loaded driver dac2w2k.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver sisagp.sys

Loaded driver viaagp.sys

Loaded driver sfhlp02.sys

Loaded driver sfdrv01.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver Mup.sys

Loaded driver agp440.sys

Loaded driver alim1541.sys

Loaded driver amdagp.sys

Loaded driver agpCPQ.sys

Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys

Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys

Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys

Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys

Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\system32\DRIVERS\parport.sys

Loaded driver \SystemRoot\system32\DRIVERS\serial.sys

Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\System32\Drivers\RootMdm.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\system32\DRIVERS\omci.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\system32\drivers\hap16v2k.sys

Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys

Loaded driver \SystemRoot\system32\drivers\emupia2k.sys

Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys

Loaded driver \SystemRoot\system32\drivers\ctac32k.sys

Loaded driver \SystemRoot\System32\drivers\COMMONFX.SYS

Loaded driver \SystemRoot\System32\drivers\CTAUDFX.SYS

Loaded driver \SystemRoot\System32\drivers\CTSBLFX.SYS

Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys

Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rt2870.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys

Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys

Loaded driver \SystemRoot\System32\drivers\aspi32.sys

Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS

Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\mqac.sys

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\RMCast.sys

Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

SIGVERIF.TXT

Link to post
Share on other sites

  • Root Admin

Please run the following now and let me know how it goes. For now do not re-enable your Anti-Virus (and don't be surfing the Web or you'll easily get reinfected)

Please do the following to see if it resolves the issue:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Do a Quick Scan and send me back the log. If it freezes again go to the options and uncheck one by one and try scanning again and let me know how it goes.

Thanks.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/6/2010 5:25:27 PM

mbam-log-2010-06-06 (17-25-27).txt

Scan type: Quick scan

Objects scanned: 129845

Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

However, after the successful scan, it's back to freezing. It wasn't working with any combination of settings, then one made it through for unclear reasons, (I unchecked the anonymous reporting to Malware Bytes, and shut down the windows firewall, and it started working). One got through, then I aborted another (having started it to see if the problem were really solved) and all subsequent scans have frozen

Link to post
Share on other sites

  • Root Admin

Okay at this point it's up to you if you want to proceed or not so let me know. If so we will be removing temporarily your Anti-Virus and other security software and disable all startup programs to see if we can get to the bottom of it. I can understand if you don't want to go to this time and trouble, just let me know.

Link to post
Share on other sites

I think it might be best to just let it go. Uninstalled AVG and it was still not working, switched to Avira for AV and Online Armor for firewall, so hopefully any malware will have a harder time getting in. I'm actually about to move, so it would probably be best to let sleeping dogs lie.

Thanks for all the help though, I greatly appreciate it.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.