Jump to content

Chrome seems broken and PC Bluescreens at times


Recommended Posts

I ran a complete system scan with Avira and it picked up 8 infections. I then restarted my computer, but Google Chrome still was not working, so I decided to try MBAM and it picked up another 26 infections. I restarted again, and still Chrome isn't working.

My computer has also bluescreened twice now since it's been infected.

DDS.txt information to follow

------------------------------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86

Run by SilverDragon at 15:17:14.49 on Thu 01/13/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.965 [GMT 2:00]

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Tunngle\TnglCtrl.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Razer\Diamondback 3G\razerhid.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BitTorrent\bittorrent.exe

Z:\Games\Steam\Steam.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Razer\Diamondback 3G\razertra.exe

C:\Program Files\Razer\Diamondback 3G\razerofa.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe

C:\Users\SilverDragon\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"

uRun: [steam] "z:\games\steam\steam.exe" -silent

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\silverdragon\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: {4E7C0AB4-E824-47E2-9F03-446B0082F81D} = 196.28.182.20,196.28.182.19

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\silver~1\appdata\roaming\mozilla\firefox\profiles\hfumd9v7.default\

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\infinite interactive\sage game engine plugin\npsage.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\silverdragon\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-12 64288]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-16 218592]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-22 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-22 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-22 61960]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-25 363344]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]

R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-11-24 716024]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-25 20952]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2010-10-22 13225]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-11-24 27136]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-16 136176]

S2 svajnag;sv_ajnag;c:\windows\system32\drivers\svajnager.exe --> c:\windows\system32\drivers\svajnager.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\gaming\installed\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-16 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-16 1142224]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-24 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-01-12 17:33:34 -------- d-----w- c:\users\silverdragon\dwhelper

2011-01-12 16:19:56 -------- d-----w- c:\users\silver~1\appdata\local\Mozilla

2011-01-12 16:19:17 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8

2011-01-12 15:55:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-01-12 15:13:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-01-12 15:13:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-12 15:08:41 -------- d-----w- c:\users\silver~1\appdata\local\Sunbelt Software

2011-01-12 15:07:59 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-12 15:06:47 -------- d-----w- c:\program files\Lavasoft

2011-01-11 13:04:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ada97913-9b51-48de-a00d-a72fa970e984}\mpengine.dll

2011-01-11 07:54:38 -------- d-----w- c:\program files\Winamp Detect

2011-01-11 07:54:25 -------- d-----w- c:\program files\common files\PX Storage Engine

2011-01-11 07:38:27 -------- d-----w- c:\users\silver~1\appdata\roaming\MusicBrainz

2011-01-11 06:59:55 -------- d-----w- c:\users\silver~1\appdata\local\Apple Computer

2011-01-11 06:59:37 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-01-11 06:59:37 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-01-11 06:59:01 -------- d-----w- c:\program files\iPod

2011-01-11 06:59:00 -------- d-----w- c:\program files\iTunes

2011-01-11 06:59:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-01-11 06:57:41 -------- d-----w- c:\users\silver~1\appdata\local\Apple

2011-01-11 06:57:07 -------- d-----w- c:\program files\Bonjour

2011-01-10 19:18:24 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-01-10 19:18:24 21312 ----a-w- c:\windows\system32\authuitu.dll

2011-01-10 15:11:03 -------- d-----w- c:\users\silver~1\appdata\roaming\Zen of Sudoku

2011-01-10 12:27:00 -------- d-----w- c:\users\silver~1\appdata\local\Diagnostics

2011-01-10 08:28:19 -------- d-----w- c:\program files\common files\xing shared

2011-01-07 23:48:39 -------- d-----w- c:\users\silver~1\appdata\local\Turbine

2011-01-07 23:47:16 -------- d-----w- c:\users\silver~1\appdata\local\ApplicationHistory

2011-01-07 23:45:12 -------- d-----w- c:\windows\system32\URTTEMP

2011-01-05 18:41:25 -------- d-----w- c:\users\silver~1\appdata\local\PhoenixViewer

2011-01-03 17:53:07 -------- d-----w- c:\users\silver~1\appdata\roaming\dBpoweramp

2011-01-03 17:33:44 -------- d-----w- c:\users\silver~1\appdata\roaming\AccurateRip

2011-01-03 17:33:43 949992 ----a-w- c:\windows\system32\SpoonUninstall.exe

2011-01-03 17:33:37 -------- d-----w- c:\program files\Illustrate

2011-01-03 17:28:58 -------- d-----w- c:\windows\system32\appmgmt

2011-01-03 17:26:18 -------- d-----w- c:\program files\Search Settings

2011-01-03 17:26:02 -------- d-----w- c:\program files\Application Updater

2011-01-03 14:42:19 -------- d-----w- c:\users\silver~1\appdata\roaming\LeadMind

2011-01-02 16:14:28 -------- d-----w- c:\users\silver~1\appdata\roaming\LittleGamesCompany

2011-01-02 16:14:28 -------- d-----w- c:\progra~2\LittleGamesCompany

2011-01-01 23:58:44 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2011-01-01 19:28:16 -------- d-----w- c:\program files\StarCraft II

2011-01-01 12:17:45 -------- d-----w- c:\progra~2\SpinTop Games

2011-01-01 12:16:27 -------- d-----w- c:\windows\Zuma's Revenge!

2011-01-01 07:51:54 -------- d-----w- c:\users\silver~1\appdata\local\Namco

2010-12-26 21:59:41 -------- d-----w- c:\users\silver~1\appdata\roaming\runic games

2010-12-26 21:44:18 -------- d-----w- c:\users\silver~1\appdata\local\ElevatedDiagnostics

2010-12-22 23:11:31 -------- d-----w- c:\users\silver~1\appdata\roaming\Big Fish Games

2010-12-22 23:10:10 -------- d-----w- c:\windows\Drawn 2 Dark Flight Collector's Edition [updated]

2010-12-22 21:12:49 -------- d-----w- c:\progra~2\Screentime

2010-12-22 21:12:43 -------- d-----w- c:\users\silver~1\appdata\local\Screentime

2010-12-22 18:12:13 -------- d-----w- c:\users\silver~1\appdata\roaming\Mumble

2010-12-22 18:11:42 -------- d-----w- c:\program files\Mumble

2010-12-20 13:53:20 -------- d-----w- c:\users\silver~1\appdata\roaming\ERS Game Studios

2010-12-19 08:42:03 -------- d-----w- c:\users\silver~1\appdata\roaming\MA2

2010-12-18 12:29:37 -------- d-----w- c:\users\silver~1\appdata\roaming\Avira

2010-12-16 22:48:56 73728 ----a-w- c:\windows\system32\diamondback.cpl

2010-12-16 20:54:12 -------- d-----w- c:\users\silver~1\appdata\roaming\.minecraft

2010-12-15 11:31:13 516096 ----a-w- c:\program files\windows mail\wab.exe

2010-12-15 11:31:10 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-14 14:01:06 -------- d-----w- c:\users\silver~1\appdata\roaming\PrimoPDF

2010-12-14 13:58:33 176235 ----a-w- c:\windows\system32\Primomonnt.dll

2010-12-14 13:58:31 -------- d-----w- c:\program files\Nitro PDF

==================== Find3M ====================

2011-01-10 08:27:58 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-01-10 08:27:58 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-01-01 23:59:18 22328 ----a-w- c:\users\silver~1\appdata\roaming\PnkBstrK.sys

2011-01-01 23:58:53 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-01-01 23:58:46 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0

2010-12-14 13:35:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2010-12-02 16:00:48 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 15:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 15:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-26 15:24:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-11-23 10:48:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-31 22:24:20 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-10-31 22:24:20 13824 ----a-w- c:\windows\system32\slwga.dll

2010-10-31 22:24:19 811520 ----a-w- c:\windows\system32\user32.dll

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-19 08:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll

2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll

2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll

2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll

2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll

2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll

2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll

2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll

2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll

2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll

2010-10-16 10:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe

2010-10-16 10:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-10-16 10:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 10:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll

2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: ST3250824A rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85AF8446]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85afe504]; MOV EAX, [0x85afe580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82A8E458] -> \Device\Harddisk0\DR0[0x85AD7AC8]

3 CLASSPNP[0x88BC559E] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> [0x85AD6408]

5 PCTCore[0x88A19EAE] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> [0x859A1918]

7 ACPI[0x832C03B2] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> \IdeDeviceP0T0L0-0[0x84CAB908]

\Driver\atapi[0x85B0A2D8] -> IRP_MJ_CREATE -> 0x85AF8446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&20f2915f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

sectors 488397166 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 15:18:22.11 ===============

Attach.zip

Link to post
Share on other sites

Hello SilverDwaggy! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Avira AntiVir , so please uninstall Spyware Doctor .

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.