Gofergal Posted November 29, 2008 ID:36921 Share Posted November 29, 2008 HelloI am new to the forum and I am hoping you will be able to help me. A few weeks ago I had some trouble with my network controller. I would get the BSOD and it would work for awhile. I finally switched to a wireless adapter but would like to go back. I tried upgrading the drivers for the NIC and lost the original ones. I can't find them to download them again. They are NVIDIE nForce Networking Controller 50.0.9.0I was able to copy the message I got last time it shut down: DRIVER_IRQL_NOT_LESS_OR_EQUAL and the file is: NVENETFD.SYSThere were a bunch of numbers also. One of them is: 0X000000D1 and another was 8X1917C14ANow, today I got the BSOD and have no idea what to do next. The message today was: DRIVER_UNLOADED_WITHOUT_CANCELLING the file is: mbam.sysOne number I wrote down is: 0XB94B5AFA and another is 0X000000XCECan anyone help? Thanks Link to post Share on other sites More sharing options...
exile360 Posted November 30, 2008 ID:36928 Share Posted November 30, 2008 Unfortunately, it sounds like the root cause of your issue may be bad memory, not bad drivers. I would try running a utility like memtest to see if it finds any errors, and if so, replace the faulty ram stick. If you don't get any memory errors and you suspect this may be malware related please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing. Link to post Share on other sites More sharing options...
Gofergal Posted November 30, 2008 Author ID:36978 Share Posted November 30, 2008 Well I ran the memory scan and it came back clean. I also ran malwarebytes and it discovered 4 items which I cleaned. I have kept this machine pretty clean but that doesn't mean I am immune from infection. anymore ideas? Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 30, 2008 Root Admin ID:36987 Share Posted November 30, 2008 Well the best way we can assist you is to review some logs of the system. If it turns out not to be Malware we still may be able to locate the issue from some of the more advanced logs. Please read and follow the instructions provided here: Pre- HJT Post InstructionsWhen ready please post your logs here: Malware Removal - HijackThis LogsSomeone will be happy to assist you further with cleaning your system.During this scan and cleanup process you should not install any other software unless requested to do so. Link to post Share on other sites More sharing options...
Gofergal Posted November 30, 2008 Author ID:37044 Share Posted November 30, 2008 Ok here is the scan from Malwarebytes. Malwarebytes' Anti-Malware 1.30Database version: 1439Windows 5.1.2600 Service Pack 22008-11-30 3:24:52 PMmbam-log-2008-11-30 (15-24-52).txtScan type: Quick ScanObjects scanned: 69955Time elapsed: 7 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 4Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 1Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Documents and Settings\Alice\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\Alice\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot. Link to post Share on other sites More sharing options...
Gofergal Posted November 30, 2008 Author ID:37050 Share Posted November 30, 2008 Here is the HJT scanI am still running the Panda scanLogfile of HijackThis v1.99.1Scan saved at 4:08:26 PM, on 2008-11-30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\tlntsvr.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Webshots\Webshots.scrC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\WINDOWS\system32\rsvp.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\Explorer.EXEC:\MGtools.exeC:\WINDOWS\system32\cmd.exeC:\WINDOWS\system32\ntvdm.exeC:\MGtools\vfind.exeC:\HJT\Alice.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheckO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://ra.qwest.com/sdccommon/download/tgctlcm.cabO16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - http://e2icommconf.e2impact.com/download/ilinci86.dllO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now