Jump to content

Log Files and DDS, GMER crashed


Recommended Posts

GMER program crashed with blue screen of death about half way through the run

DDS (Ver_10-03-17.01) - NTFSx86

Run by WoolleyBear at 21:20:02.73 on Wed 06/09/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.505 [GMT -4:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\WoolleyBear\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uSearch Bar = hxxp://www.toshiba.com/search

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [TFncKy] TFncKy.exe

mRun: [TPSMain] TPSMain.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s

mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\woolle~1\startm~1\programs\startup\kuma_t~1.lnk - c:\program files\history channel games\kgsystray\Kuma_tray.exe

StartupFolder: c:\docume~1\woolle~1\startm~1\programs\startup\autoru~1\kuma_t~1.lnk - c:\program files\history channel games\kgsystray\Kuma_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\woolle~1\applic~1\mozilla\firefox\profiles\c21k7885.default\

FF - plugin: c:\documents and settings\woolleybear\application data\mozilla\firefox\profiles\c21k7885.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-3 207792]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-3-3 233136]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-11-4 14336]

R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2010-3-3 21904]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-3-3 88040]

R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2010-3-3 933720]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-3-3 818432]

R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2010-3-3 28560]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-3-3 70664]

R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-3-3 58816]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-3-3 115216]

S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-11-5 126976]

S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-11-5 121344]

S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-11-5 245760]

=============== Created Last 30 ================

2010-06-10 01:11:24 0 ----a-w- c:\documents and settings\woolleybear\defogger_reenable

2010-06-09 23:01:19 0 d-----w- c:\docume~1\woolle~1\applic~1\Malwarebytes

2010-06-09 22:59:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-09 22:59:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-09 22:57:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-09 22:57:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-29 09:24:30 0 d-----w- c:\docume~1\woolle~1\applic~1\Foxit Software

2010-05-26 01:05:08 0 d-----w- c:\docume~1\woolle~1\applic~1\Microsoft Games

2010-05-26 01:04:05 0 d-----w- c:\program files\GameSpy Arcade

2010-05-26 00:57:17 0 d-----w- c:\program files\Microsoft Games

2010-05-15 20:40:12 579 ----a-w- c:\windows\eReg.dat

2010-05-15 12:48:50 0 d-----w- c:\program files\Maxis

==================== Find3M ====================

2010-05-15 15:08:28 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-05-09 20:42:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-05-09 20:42:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-05-09 20:41:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf

2010-05-09 20:22:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf

2010-05-09 20:22:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-04-28 11:26:27 102262 ----a-w- c:\windows\hpoins05.dat

2010-03-22 23:54:32 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 21:21:46.35 ===============

Attach.zip

mbam_log_2010_06_09__19_58_28_.txt

Link to post
Share on other sites

Hello wxtrendsguy

Welcome to Malwarebytes.

=====================

Hi please try gmer with all options unchecked but for Sections.

If it works please run it then save and post that log.

If it still does not run try it in safe mode.

Click here if you do not know how to get into Safe Mode.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.