1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Blue Screen after Stage 50 Scanning in COMBOFIX

Discussion in 'Malware and Virus Removal Archive' started by aoshi62, 2010/04/29.

Thread Status:
Not open for further replies.
  1. 2010/04/29
    aoshi62

    aoshi62 Inactive Thread Starter

    Joined:
    2010/04/29
    Messages:
    2
    Likes Received:
    0
    [Inactive] Blue Screen after Stage 50 Scanning in COMBOFIX

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by admin at 14:42:59.06 on Thu 04/29/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.594 [GMT 8:00]

    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    svchost.exe
    C:\WINDOWS\system32\dgdersvc.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mdm.exe
    C:\Documents and Settings\admin\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
    uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
    mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: c:\windows\system32\imon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\c50j831o.default\
    FF - plugin: c:\documents and settings\admin\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\admin\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-4-11 15424]
    R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-2-4 95568]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-19 217088]
    R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2010-3-28 552064]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-2-4 18136]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-19 36640]
    S0 CFG_NT4;CFG_NT4; [x]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admin\locals~1\temp\eqv26e.tmp --> c:\docume~1\admin\locals~1\temp\EQV26E.tmp [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-4-19 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-4-19 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-4-19 123648]
    S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-4-19 100224]
    S3 Yonline;Yonline;c:\windows\system32\drivers\Yonline.ahc [2010-4-13 40832]

    =============== Created Last 30 ================

    2010-04-27 04:50:43 0 d-----w- c:\docume~1\admin\applic~1\Facebook
    2010-04-26 18:45:41 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-04-26 18:45:41 1970176 ----a-w- c:\windows\system32\d3dx9.dll
    2010-04-26 18:45:29 0 d-----w- c:\program files\Cheat Engine
    2010-04-26 16:48:33 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
    2010-04-26 16:47:18 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-04-26 15:57:59 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
    2010-04-26 15:57:59 516768 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-04-26 15:57:58 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
    2010-04-26 15:57:58 1888992 ----a-w- c:\windows\system32\ati3duag.dll
    2010-04-26 15:57:41 10 ----a-w- c:\windows\WININIT.INI
    2010-04-26 15:45:22 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
    2010-04-26 15:45:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-26 15:45:05 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
    2010-04-26 15:45:04 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-26 15:45:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 12:45:23 0 d-----w- c:\program files\Seagate
    2010-04-25 12:43:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2010-04-24 07:20:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2010-04-24 07:20:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2010-04-24 07:19:36 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
    2010-04-24 07:19:36 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
    2010-04-24 07:19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2010-04-24 07:19:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2010-04-24 07:18:47 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2010-04-24 06:53:39 0 d-----w- c:\program files\common files\PCSuite
    2010-04-24 06:53:20 0 d-----w- c:\program files\common files\Nokia
    2010-04-24 06:52:40 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-04-24 06:51:18 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
    2010-04-24 06:51:16 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
    2010-04-24 06:51:11 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
    2010-04-24 06:51:11 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-04-24 06:51:11 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
    2010-04-24 06:51:08 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
    2010-04-24 06:51:03 0 d-----w- c:\program files\Nokia
    2010-04-24 06:47:05 0 d-----w- c:\windows\pss
    2010-04-24 06:07:28 0 d-----w- c:\documents and settings\admin\ChikkaDefault
    2010-04-21 16:03:07 0 d-----w- c:\program files\Total Video Converter
    2010-04-21 15:50:25 0 d-----w- c:\docume~1\admin\applic~1\Moyea
    2010-04-21 15:49:49 0 d-----w- c:\program files\Moyea
    2010-04-19 15:53:00 0 d-----w- c:\program files\MyFree Codec
    2010-04-19 15:44:13 100224 ----a-w- c:\windows\system32\drivers\ss_bserd.sys
    2010-04-19 15:44:11 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
    2010-04-19 15:44:11 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
    2010-04-19 15:44:11 12416 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
    2010-04-19 15:44:11 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
    2010-04-19 15:44:10 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
    2010-04-19 15:44:10 12288 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
    2010-04-19 15:44:09 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
    2010-04-19 15:42:29 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
    2010-04-19 15:42:28 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
    2010-04-19 15:42:28 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
    2010-04-19 15:39:55 0 d-----w- c:\program files\PC Connectivity Solution
    2010-04-19 15:38:37 0 d-----w- c:\docume~1\admin\applic~1\Samsung
    2010-04-19 15:38:09 0 d-----w- c:\program files\MarkAny
    2010-04-19 15:38:08 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Samsung
    2010-04-19 15:33:38 89088 -c----w- c:\windows\system32\dllcache\SET8A0.tmp
    2010-04-19 15:33:38 597504 -c----w- c:\windows\system32\dllcache\SET89F.tmp
    2010-04-19 15:33:38 575488 -c----w- c:\windows\system32\dllcache\SET89E.tmp
    2010-04-19 15:33:38 575488 ------w- c:\windows\system32\SET88B.tmp
    2010-04-19 15:33:38 117760 ------w- c:\windows\system32\SET88C.tmp
    2010-04-19 15:33:37 1676288 -c----w- c:\windows\system32\dllcache\SET89D.tmp
    2010-04-19 15:33:37 1676288 ------w- c:\windows\system32\SET88A.tmp
    2010-04-19 15:33:37 0 d-----w- C:\99113db0d4276c018e2c
    2010-04-19 14:54:12 14048 ------w- c:\windows\system32\spmsg2.dll
    2010-04-19 14:20:40 0 d-----w- c:\program files\Samsung
    2010-04-19 13:55:56 0 d-----w- c:\program files\common files\Samsung
    2010-04-19 07:24:29 0 d-----w- c:\windows\system32\NtmsData
    2010-04-14 01:18:07 88566 ----a-w- c:\windows\system32\nvapps.xml
    2010-04-14 01:18:03 17056 ----a-w- c:\windows\system32\nvdisp.nvu
    2010-04-14 01:18:03 0 d-----w- c:\windows\nview
    2010-04-14 01:18:02 208896 ----a-w- c:\windows\system32\nvudisp.exe
    2010-04-14 01:17:44 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-04-14 01:15:03 3994624 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-04-14 01:15:03 3994624 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-04-14 01:15:02 4527488 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2010-04-14 01:15:02 4527488 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-04-13 04:47:38 40832 ----a-w- c:\windows\system32\drivers\Yonline.ahc
    2010-04-13 04:17:11 0 d-----w- c:\program files\BabyRan_En
    2010-04-11 11:04:35 0 d-----w- C:\FarmHelper
    2010-04-11 10:07:29 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-04-11 10:05:08 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2010-04-11 10:05:08 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2010-04-11 09:59:59 263552 -c----w- c:\windows\system32\dllcache\http.sys
    2010-04-11 09:55:22 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
    2010-04-11 09:54:42 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-04-11 09:54:41 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-04-11 09:54:41 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-04-11 09:54:40 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-04-11 09:48:46 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-04-11 09:48:45 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-04-11 09:48:44 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-04-11 09:48:44 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-04-11 09:46:55 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-11 09:44:02 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-04-11 09:44:02 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-04-11 09:40:34 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-04-11 09:38:46 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL
    2010-04-11 09:37:26 0 d-----w- c:\windows\system32\Adobe
    2010-04-11 09:25:44 185 ----a-w- c:\windows\mdm.ini
    2010-04-11 09:17:49 127808 ----a-w- c:\windows\system32\MSWINSCK.OCX
    2010-04-11 09:17:49 10752 ----a-w- c:\windows\system32\aamd532.dll
    2010-04-11 09:09:59 0 ----a-w- c:\windows\ativpsrm.bin
    2010-04-11 08:59:00 0 d-----w- c:\program files\Winamp Detect
    2010-04-11 08:57:42 7356 ----a-w- c:\windows\system32\javasup.vxd
    2010-04-11 08:55:30 0 d-----w- c:\docume~1\alluse~1.win\applic~1\PopCap Games
    2010-04-11 08:55:09 63 ---h--w- c:\windows\popcreg.dat
    2010-04-11 08:55:09 25 ----a-w- c:\windows\popcinfot.dat
    2010-04-11 08:54:37 842 ----a-w- c:\windows\War3Unin.dat
    2010-04-11 08:54:37 139264 ----a-w- c:\windows\War3Unin.exe
    2010-04-11 08:54:31 636 ----a-w- c:\windows\ODBC.INI
    2010-04-11 08:54:23 17920 ----a-w- c:\windows\system32\mdimon.dll
    2010-04-11 08:21:37 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-04-11 08:21:36 38 ----a-w- c:\windows\avisplitter.ini
    2010-04-11 08:21:34 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-04-11 08:21:33 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-04-11 08:21:32 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-04-11 08:21:32 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-04-11 08:21:32 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-04-11 08:21:32 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-04-11 08:21:28 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-04-11 08:21:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-04-11 08:19:01 512096 ----a-w- c:\windows\system32\drivers\amon.sys
    2010-04-11 08:19:01 298104 ----a-w- c:\windows\system32\imon.dll
    2010-04-11 08:19:01 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
    2010-04-11 08:16:56 202112 ----a-r- c:\windows\system32\drivers\vinyl97.sys
    2010-04-11 08:16:53 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2010-04-11 08:16:53 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2010-04-11 08:16:53 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
    2010-04-11 08:16:53 4096 ----a-w- c:\windows\system32\ksuser.dll
    2010-04-11 08:16:53 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2010-04-11 08:16:53 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
    2010-04-11 08:16:53 130048 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
    2010-04-11 08:16:53 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2010-04-11 08:16:49 36864 ----a-w- c:\windows\system32\UnAudioNT.dll
    2010-04-11 08:16:34 306688 ----a-w- c:\windows\IsUninst.exe
    2010-04-11 08:15:33 42496 ----a-r- c:\windows\system32\drivers\fetnd5b.sys
    2010-04-11 08:12:38 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-04-11 08:12:16 36352 ----a-r- c:\windows\system32\drivers\AmdK8.sys
    2010-04-11 08:07:12 8192 ----a-w- c:\windows\REGLOCS.OLD
    2010-04-11 08:03:59 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2010-04-11 08:02:59 7168 -c--a-w- c:\windows\system32\dllcache\f3ahvoas.dll
    2010-04-11 08:01:39 2577 ----a-w- c:\windows\system32\CONFIG.NT
    2010-04-11 08:01:39 0 ----a-w- c:\windows\control.ini
    2010-04-11 08:01:28 23392 ----a-w- c:\windows\system32\nscompat.tlb
    2010-04-11 08:01:28 16832 ----a-w- c:\windows\system32\amcompat.tlb
    2010-04-11 08:01:27 316640 ----a-w- c:\windows\WMSysPr9.prx
    2010-04-11 08:00:17 0 d-sh--w- c:\documents and settings\all users.windows\DRM
    2010-04-11 08:00:05 488 ---ha-r- c:\windows\system32\WindowsLogon.manifest
    2010-04-11 08:00:05 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\WindowsShell.Manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
    2010-04-11 07:59:56 749 ---ha-r- c:\windows\system32\cdplayer.exe.manifest
    2010-04-11 07:59:34 4399505 -c--a-w- c:\windows\system32\dllcache\nls302en.lex
    2010-04-11 07:57:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-04-11 07:56:59 9488 ----a-w- c:\windows\system32\wbem\wmipsess.mfl
    2010-04-11 00:58:21 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
    2010-04-11 00:57:54 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
    2010-04-11 00:57:38 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
    2010-04-11 00:57:38 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
    2010-04-11 00:57:38 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
    2010-04-11 00:57:38 701440 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2010-04-11 00:57:37 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
    2010-04-11 00:57:37 229376 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-04-11 00:57:37 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
    2010-04-11 00:57:37 201728 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-04-11 00:57:20 46464 ----a-w- c:\windows\system32\drivers\GAGP30KX.SYS
    2010-04-11 00:56:57 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
    2010-04-11 00:56:54 74240 ----a-w- c:\windows\system32\usbui.dll
    2010-04-11 00:54:04 0 d-----r- c:\documents and settings\all users.windows\Documents
    2010-04-11 00:53:59 13753 ----a-r- c:\windows\SET8.tmp
    2010-04-11 00:53:56 1086058 ----a-r- c:\windows\SET4.tmp
    2010-04-11 00:53:54 1042903 ----a-r- c:\windows\SET3.tmp
    2010-04-11 00:52:19 261 ----a-w- c:\windows\system32\$winnt$.inf
    2010-04-08 15:33:41 0 d-----w- c:\program files\PowerQuest
    2010-04-07 11:45:28 0 d-----w- c:\program files\Windows Installer Clean Up
    2010-04-07 09:37:46 0 d-----w- c:\program files\Microsoft ActiveSync
    2010-04-07 09:36:24 0 d--h--w- c:\windows\ShellNew
    2010-04-06 18:07:08 0 d-----w- c:\program files\Globe Broadband
    2010-04-02 04:56:03 0 d-----w- C:\logs
    2010-04-01 11:53:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-04-01 11:53:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-04-01 11:52:14 0 d-----w- c:\program files\AutoTunnel GG

    ==================== Find3M ====================

    2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
    2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-02-21 10:43:55 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
    2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-04 11:00:26 95568 ----a-w- c:\windows\system32\dgdersvc.exe
    2010-02-04 11:00:26 669008 ----a-w- c:\windows\system32\dgderapi.dll

    ============= FINISH: 14:43:24.73 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/11/2010 4:05:12 PM
    System Uptime: 4/29/2010 1:36:01 PM (1 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7142
    Processor: AMD Sempron(tm) Processor 2600+ | Socket 940 | 1599/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 56 GiB total, 28.269 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia 6230
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6230
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    BabyRan_En
    CCleaner
    Cheat Engine 5.5
    Chikka Messenger V4
    Compatibility Pack for the 2007 Office system
    Facebook Plug-In
    FarmHelper
    Garena
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB928788)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB929773)
    Hotfix for Windows Media Format 11 SDK (KB932390)
    Hotfix for Windows Media Format 11 SDK (KB933547)
    Hotfix for Windows Media Format 11 SDK (KB935551)
    Hotfix for Windows Media Format 11 SDK (KB935552)
    Hotfix for Windows Media Format 11 SDK (KB939209)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows Media Player 11 (KB944882)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB979306)
    K-Lite Codec Pack 5.8.3 (Full)
    Kies
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 6.0 Enterprise Edition
    Microsoft VM for Java
    Microsoft Web Publishing Wizard 1.53
    Moyea YouTube FLV Downloader version: 3.1.2.21
    Mozilla Firefox (3.6.3)
    MSVC80_x86_v2
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB933579)
    MyFreeCodec
    NOD32 antivirus system
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Drivers
    PartitionMagic
    PC Connectivity Solution
    Plants vs. Zombies
    Platform
    PowerQuest PartitionMagic 8.0 Demo
    SAMSUNG USB Driver for Mobile Phones
    SeaTools for Windows
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975254)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Total Video Converter 3.50
    Update for Windows XP (KB898461)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB958752)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    VIA Platform Device Manager
    VIA Vinyl Audio Codecs Driver Setup Program
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Imaging Component
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! BrowserPlus 2.6.0
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    4/30/2010 12:09:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 001617277365 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    4/29/2010 11:58:34 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    4/29/2010 11:58:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    4/28/2010 9:08:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.50 for the Network Card with network address 001617277365 has been denied by the DHCP server 119.93.254.162 (The DHCP Server sent a DHCPNACK message).
    4/27/2010 7:41:10 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +103984 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.50:123->207.46.197.32:123) is working properly.
    4/27/2010 12:00:39 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati3d1ag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.4071.
    4/27/2010 12:00:38 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ativvaxx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.1.9.
    4/27/2010 12:00:38 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati3duag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.231.
    4/27/2010 12:00:37 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati2dvag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6462.
    4/27/2010 12:00:37 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati2cqag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.233.
    4/26/2010 11:58:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ativvaxx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.1.9.
    4/26/2010 11:58:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati3duag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.231.
    4/26/2010 11:58:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2mtag.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6462.
    4/26/2010 11:58:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2dvag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6462.
    4/26/2010 11:58:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2cqag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.233.
    4/25/2010 8:14:05 PM, error: Service Control Manager [7022] - The NOD32 Kernel Service service hung on starting.
    4/25/2010 7:58:43 PM, error: Dhcp [1002] - The IP address lease 112.203.70.233 for the Network Card with network address 001617277365 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/24/2010 8:01:34 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    4/24/2010 8:00:24 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    4/24/2010 3:35:13 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +99848 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.203.70.233:123->207.46.197.32:123) is working properly.
    4/24/2010 2:50:28 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +99846 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.203.70.233:123->207.46.197.32:123) is working properly.
    4/24/2010 2:47:26 PM, error: Service Control Manager [7034] - The Device Error Recovery Service service terminated unexpectedly. It has done this 1 time(s).
    4/24/2010 2:46:57 PM, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
    4/24/2010 2:36:08 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.
    4/23/2010 11:24:18 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001617277365. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/23/2010 10:06:29 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.

    ==== End Of File ===========================
     
    aoshi62,
    #1
  2. 2010/04/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You shouldn't be running Combofix on your own.
    Provide more info about your issues.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/04/30
    aoshi62

    aoshi62 Inactive Thread Starter

    Joined:
    2010/04/29
    Messages:
    2
    Likes Received:
    0
    I got blue screen after GMER is executed...... :(
     
    aoshi62,
    #3
  5. 2010/04/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you complete step 1?

    As for GMER...
     
    broni,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...