OMG Wtf BBQ

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 5:48 am

My friend is having a billion problems. I can't get MBAM working, I can't get his AVG to respond, and I keep getting pop ups. I can't get HJT to work either. RAP3!$!@#!

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 9:07 am

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 9:11 am

I ran regular, and ran as admin. When I run regular, its asks for permission, I allow, nothing happens. When I run as admin, it says ComboFix.exe has stopped working.

Edit: Here are some processes I'm running on this user only, Idk if that has anything to do with this:


Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 9:51 am

Vista or 7?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 9:59 am

I am running Vista

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 10:00 am

Odd.

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on vtool.zip, and extract the file to your Desktop.
  • Double-click on vtool.cmd to start.
  • At each prompt ("Press any key to continue..."), wait 3 seconds before pressing a key. This tool needs time to process each prompt.
  • It will finish quickly and launch a log. (vtool.txt)
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 10:03 am

V-Tool by DragonMaster Jay

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1360 [GMT -8]

Username: Student - Date: 01/13/2010 - Time: 2:03:05 - Number of processors: 2 - Arch.: x86 SF: NETWORK


((((( Security Software information )))))

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

((((( System File Verify )))))

c:\windows\system32\eventlog.dll is missing! (If XP or lower)

((((( System File Enumeration )))))

Volume in drive C is TI100712V0E
Volume Serial Number is B82B-4BED

Directory of C:\WINDOWS\System32

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 781,824 bytes

EDIT: Im in safe mode, should I go to normal mode?

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 10:10 am

I went out of safe mode and did it again, here you go:

V-Tool by DragonMaster Jay

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.990 [GMT -8:00]

Username: Student - Date: 01/13/2010 - Time: 2:09:54 - Number of processors: 2 - Arch.: x86 SF:


((((( Security Software information )))))

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

((((( System File Verify )))))

c:\windows\system32\eventlog.dll is missing! (If XP or lower)

((((( System File Enumeration )))))

Volume in drive C is TI100712V0E
Volume Serial Number is B82B-4BED


Not sure if it changed.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 1:06 pm

Did you let it run all the way through and it launched a log at the end?

The log shows two core drivers that require the system to start are not showing up in the second part of the log, but the first part of the log does not show they are missing, either.

Try to right-click on it, while in Normal Mode, and click Run as Administrator. Make sure to leave about 5-10 seconds before hitting enter at each prompt.

When the log launches, please post it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 10:49 pm

I think I got it this time.

V-Tool by DragonMaster Jay

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1023 [GMT -8]

Username: Student - Date: 01/13/2010 - Time: 14:43:17 - Number of processors: 2 - Arch.: x86 SF:


((((( Security Software information )))))

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

((((( System File Verify )))))

c:\windows\system32\eventlog.dll is missing! (If XP or lower)

((((( System File Enumeration )))))

Volume in drive C is TI100712V0E
Volume Serial Number is B82B-4BED

Directory of C:\WINDOWS\System32

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 781,824 bytes

Directory of C:\WINDOWS\System32\drivers

atapi.sys beep.sys
2 File(s) 26,088 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9

atapi.sys
1 File(s) 21,560 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84

atapi.sys
1 File(s) 19,944 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6

atapi.sys
1 File(s) 21,560 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

atapi.sys
1 File(s) 19,048 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d

atapi.sys
1 File(s) 21,560 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.nȯne

beep.sys
1 File(s) 6,144 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.nȯne

cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.nȯne

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.nȯne

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.nȯne

netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.nȯne

netlogon.dll
1 File(s) 592,896 bytes




Edit: I see it says Windows Defender is enabled, but on the system security, it shows nothing is enabled. Firewall, Antivirus, everything is disabled.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 11:06 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 11:25 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.0.6002]

********************Drivers list********************


Volume in drive C is TI100712V0E
Volume Serial Number is B82B-4BED

Directory of C:\Windows\System32\Drivers

01/13/2010 03:02 PM .
01/13/2010 03:02 PM ..
05/04/2009 11:13 AM 2 1179_TOSHIBA_Satellite_L500_TI10071200E.MRK
11/02/2006 12:55 AM 53,376 1394bus.sys
04/10/2009 10:32 PM 265,688 acpi.sys
01/20/2008 06:23 PM 422,968 adp94xx.sys
01/20/2008 06:23 PM 300,600 adpahci.sys
01/20/2008 06:23 PM 101,432 adpu160m.sys
01/20/2008 06:23 PM 149,560 adpu320.sys
04/10/2009 08:47 PM 273,920 afd.sys
01/20/2008 06:23 PM 56,376 AGP440.sys
11/28/2006 02:11 PM 1,161,888 AGRSM.sys
01/20/2008 06:23 PM 17,464 aliide.sys
01/20/2008 06:23 PM 57,400 AMDAGP.SYS
01/20/2008 06:23 PM 17,976 amdide.sys
01/20/2008 06:23 PM 41,472 amdk7.sys
01/20/2008 06:23 PM 44,032 amdk8.sys
01/20/2008 06:23 PM 79,416 arc.sys
01/20/2008 06:23 PM 79,928 arcsas.sys
01/20/2008 06:24 PM 17,408 asyncmac.sys
04/10/2009 10:32 PM 19,944 atapi.sys
04/10/2009 10:32 PM 109,032 ataport.sys
01/12/2010 01:51 PM Avg
11/06/2009 02:05 PM 335,240 avgldx86.sys
11/06/2009 02:05 PM 27,784 avgmfx86.sys
07/28/2009 03:33 PM 55,656 avgntflt.sys
11/06/2009 02:05 PM 108,552 avgtdix.sys
03/30/2009 09:33 AM 96,104 avipbb.sys
01/20/2008 06:23 PM 28,216 battc.sys
01/20/2008 06:23 PM 12,288 bdasup.sys
01/20/2008 06:23 PM 6,144 beep.sys
01/20/2008 06:23 PM 45,568 blbdrive.sys
01/20/2008 06:23 PM 69,632 bowser.sys
11/02/2006 12:24 AM 13,568 BrFiltLo.sys
11/02/2006 12:24 AM 5,248 BrFiltUp.sys
04/10/2009 09:42 PM 93,696 bridge.sys
11/02/2006 12:25 AM 71,808 BrSerId.sys
11/02/2006 12:24 AM 62,336 BrSerWdm.sys
11/02/2006 12:24 AM 12,160 BrUsbMdm.sys
11/02/2006 12:24 AM 11,904 BrUsbSer.sys
11/02/2006 12:55 AM 39,936 bthmodem.sys
01/20/2008 06:23 PM 70,144 cdfs.sys
04/10/2009 08:39 PM 67,072 cdrom.sys
01/20/2008 06:23 PM 35,328 circlass.sys
04/10/2009 10:32 PM 125,928 Classpnp.sys
01/20/2008 06:23 PM 14,208 CmBatt.sys
01/20/2008 06:23 PM 19,000 cmdide.sys
01/20/2008 06:23 PM 20,792 compbatt.sys
04/10/2009 10:32 PM 35,304 crashdmp.sys
01/20/2008 06:23 PM 24,632 crcdisk.sys
01/20/2008 06:23 PM 40,960 crusoe.sys
10/10/2009 02:10 PM 50 DCX.LOG
04/10/2009 08:14 PM 75,264 dfsc.sys
04/10/2009 10:32 PM 53,736 disk.sys
04/10/2009 08:39 PM 19,456 Diskdump.sys
11/02/2006 01:50 AM 71,272 djsvs.sys
01/20/2008 06:23 PM 130,048 drmk.sys
01/20/2008 06:23 PM 5,632 drmkaud.sys
04/10/2009 10:32 PM 27,624 Dumpata.sys
01/20/2008 06:24 PM 13,312 dxapi.sys
04/10/2009 08:23 PM 76,288 dxg.sys
09/24/2009 05:27 PM 634,880 dxgkrnl.sys
01/20/2008 06:23 PM 118,784 E1G60I32.sys
04/10/2009 10:32 PM 141,288 ecache.sys
01/20/2008 06:23 PM 342,584 elxstor.sys
11/16/2009 11:18 PM en-US
01/20/2008 06:23 PM 6,656 errdev.sys
11/02/2006 03:18 AM etc
04/10/2009 08:13 PM 136,704 exfat.sys
04/10/2009 08:13 PM 142,848 fastfat.sys
01/20/2008 06:23 PM 25,088 fdc.sys
01/20/2008 06:24 PM 58,936 fileinfo.sys
01/20/2008 06:24 PM 27,648 filetrace.sys
01/20/2008 06:23 PM 20,480 flpydisk.sys
04/10/2009 10:32 PM 190,424 fltMgr.sys
01/20/2008 06:24 PM 12,800 fs_rec.sys
11/20/2006 01:11 PM 7,168 FwLnk.sys
04/10/2009 10:32 PM 99,816 FWPKCLNT.SYS
01/20/2008 06:23 PM 61,496 GAGP30KX.SYS
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
09/18/2006 01:26 PM 3,440,660 gm.dls
09/18/2006 01:26 PM 646 gmreadme.txt
04/10/2009 08:42 PM 561,152 hdaudbus.sys
11/01/2006 11:36 PM 235,520 HdAudio.sys
11/02/2006 12:55 AM 29,184 hidbth.sys
04/10/2009 08:42 PM 39,424 hidclass.sys
11/02/2006 12:55 AM 21,504 hidir.sys
01/20/2008 06:23 PM 25,472 hidparse.sys
04/10/2009 08:42 PM 12,800 hidusb.sys
01/20/2008 06:23 PM 40,504 HpCISSs.sys
11/09/2009 02:36 AM 411,648 http.sys
01/20/2008 06:23 PM 19,000 i2omgmt.sys
01/20/2008 06:23 PM 30,264 i2omp.sys
01/20/2008 06:23 PM 54,784 i8042prt.sys
02/11/2009 04:11 PM 329,752 iaStor.sys
01/20/2008 06:23 PM 235,064 iaStorV.sys
03/03/2009 11:07 AM 2,476,544 igdkmd32.sys
11/02/2006 01:50 AM 41,576 iirsp.sys
01/20/2008 06:23 PM 17,976 intelide.sys
01/20/2008 06:23 PM 41,472 intelppm.sys
01/20/2008 06:24 PM 47,616 ipfltdrv.sys
01/20/2008 06:23 PM 64,512 IPMIDrv.sys
01/20/2008 06:24 PM 100,864 ipnat.sys
01/20/2008 06:24 PM 95,744 irda.sys
01/20/2008 06:23 PM 13,312 irenum.sys
01/20/2008 06:23 PM 49,720 isapnp.sys
11/02/2006 01:50 AM 35,944 iteatapi.sys
11/02/2006 01:50 AM 35,944 iteraid.sys
01/20/2008 06:23 PM 35,384 kbdclass.sys
04/10/2009 08:38 PM 17,408 kbdhid.sys
04/10/2009 08:38 PM 149,504 ks.sys
06/15/2009 03:15 PM 439,864 ksecdd.sys
01/20/2008 06:24 PM 47,104 lltdio.sys
01/20/2008 06:23 PM 96,312 lsi_fc.sys
01/20/2008 06:23 PM 89,656 lsi_sas.sys
01/20/2008 06:23 PM 96,312 lsi_scsi.sys
01/20/2008 06:24 PM 84,480 luafv.sys
01/14/2008 02:06 AM 21,632 ManyCam.sys
01/20/2008 06:24 PM 18,944 mcd.sys
01/20/2008 06:23 PM 31,288 megasas.sys
01/20/2008 06:23 PM 386,616 MegaSR.sys
01/20/2008 06:24 PM 31,744 modem.sys
01/20/2008 06:23 PM 41,984 monitor.sys
01/20/2008 06:23 PM 34,360 mouclass.sys
01/20/2008 06:23 PM 15,872 mouhid.sys
01/20/2008 06:23 PM 57,400 mountmgr.sys
01/20/2008 06:23 PM 105,016 mpio.sys
01/20/2008 06:24 PM 64,000 mpsdrv.sys
11/02/2006 01:49 AM 33,384 Mraid35x.sys
04/10/2009 08:14 PM 114,688 mrxdav.sys
04/10/2009 08:14 PM 105,984 mrxsmb.sys
04/10/2009 08:14 PM 212,992 mrxsmb10.sys
04/10/2009 08:14 PM 79,360 mrxsmb20.sys
06/02/2008 07:29 PM 28,728 msahci.sys
01/20/2008 06:23 PM 94,776 msdsm.sys
01/20/2008 06:23 PM 22,528 msfs.sys
01/20/2008 06:23 PM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/20/2008 06:23 PM 16,440 msisadrv.sys
04/10/2009 10:32 PM 180,712 msiscsi.sys
01/20/2008 06:24 PM 8,192 mskssrv.sys
01/20/2008 06:24 PM 5,888 mspclock.sys
01/20/2008 06:24 PM 5,504 mspqm.sys
04/10/2009 10:32 PM 161,752 msrpc.sys
01/20/2008 06:23 PM 31,288 mssmbios.sys
01/20/2008 06:24 PM 6,016 mstee.sys
04/10/2009 10:32 PM 48,104 mup.sys
04/10/2009 10:32 PM 527,848 ndis.sys
01/20/2008 06:24 PM 20,992 ndistapi.sys
01/20/2008 06:24 PM 16,896 ndisuio.sys
04/10/2009 08:46 PM 121,344 ndiswan.sys
01/20/2008 06:24 PM 49,664 ndproxy.sys
01/20/2008 06:24 PM 35,840 netbios.sys
04/10/2009 08:45 PM 185,856 netbt.sys
04/10/2009 10:32 PM 223,208 netio.sys
11/02/2006 01:50 AM 45,160 nfrd960.sys
04/10/2009 08:14 PM 35,328 npfs.sys
01/20/2008 06:24 PM 16,384 nsiproxy.sys
04/10/2009 10:32 PM 1,083,880 ntfs.sys
11/01/2006 11:36 PM 20,608 ntrigdigi.sys
01/20/2008 06:23 PM 4,608 null.sys
01/20/2008 06:23 PM 102,968 nvraid.sys
01/20/2008 06:23 PM 45,112 nvstor.sys
01/20/2008 06:23 PM 109,112 NV_AGP.SYS
04/10/2009 08:43 PM 148,480 nwifi.sys
11/02/2006 12:55 AM 62,080 ohci1394.sys
04/10/2009 08:45 PM 72,192 pacer.sys
11/02/2006 12:51 AM 79,360 parport.sys
04/10/2009 10:32 PM 54,248 partmgr.sys
11/02/2006 12:51 AM 8,704 parvdm.sys
04/10/2009 10:32 PM 149,480 pci.sys
01/20/2008 06:23 PM 16,440 pciide.sys
06/02/2008 07:29 PM 45,112 pciidex.sys
11/02/2006 01:51 AM 167,528 pcmcia.sys
09/15/2009 02:12 AM 7,412 PCTAppEvent.cat
11/23/2009 01:54 PM 88,040 PCTAppEvent.sys
09/16/2009 03:20 AM 7,383 pctcore.cat
11/09/2009 11:20 AM 207,792 PCTCore.sys
09/15/2009 02:01 AM 7,387 pctgntdi.cat
10/30/2009 11:11 AM 233,136 pctgntdi.sys
09/15/2009 02:10 AM 7,399 pctNdis-DNS.cat
08/14/2009 01:44 PM 32,552 pctNdis-DNS.sys
09/15/2009 02:12 AM 7,435 pctNdis-PacketFilter.cat
11/10/2009 05:11 PM 70,408 pctNdis-PacketFilter.sys
11/24/2009 08:54 AM 56,512 pctNdis.sys
09/15/2009 02:11 AM 7,383 pctplfw.cat
10/16/2009 04:55 PM 115,216 pctplfw.sys
10/30/2009 11:09 AM 98,600 pctwfpfilter.sys
11/02/2006 01:04 AM 878,080 PEAuth.sys
03/18/2009 10:44 AM 22,272 PGEffect.sys
12/19/2009 09:22 PM 139,456 PnkBstrK.sys
04/10/2009 08:42 PM 167,936 portcls.sys
01/20/2008 06:23 PM 40,960 processr.sys
01/20/2008 06:23 PM 1,122,360 ql2300.sys
11/02/2006 01:50 AM 106,088 ql40xx.sys
01/20/2008 06:23 PM 31,232 qwavedrv.sys
01/20/2008 06:24 PM 11,776 rasacd.sys
01/20/2008 06:24 PM 76,288 rasl2tp.sys
04/10/2009 08:46 PM 41,472 raspppoe.sys
01/20/2008 06:24 PM 62,976 raspptp.sys
04/10/2009 08:46 PM 69,120 rassstp.sys
04/10/2009 08:14 PM 225,280 rdbss.sys
01/20/2008 06:24 PM 6,144 RDPCDD.sys
01/20/2008 06:23 PM 248,832 rdpdr.sys
01/20/2008 06:24 PM 6,144 RDPENCDD.sys
04/10/2009 08:51 PM 180,736 rdpwd.sys
04/10/2009 08:45 PM 113,664 rmcast.sys
04/10/2009 08:46 PM 33,280 RNDISMP.sys
01/20/2008 06:24 PM 8,192 rootmdm.sys
01/20/2008 06:24 PM 60,416 rspndr.sys
04/06/2009 09:07 AM 520 RTEQEX0.dat
03/12/2009 04:30 PM 2,342,688 RTKVHDA.sys
03/09/2009 01:39 PM 500,224 rtl819xp.sys
04/24/2009 01:29 PM 163,840 Rtlh86.sys
04/23/2007 09:50 AM 25,896 RtlProt.sys
03/11/2009 03:17 PM 63,488 RTSTOR.sys
11/02/2006 01:50 AM 76,392 sbp2port.sys
01/20/2008 06:23 PM 142,904 scsiport.sys
11/01/2006 10:37 PM 20,480 secdrv.sys
11/02/2006 12:51 AM 17,920 serenum.sys
11/02/2006 12:51 AM 83,456 serial.sys
01/20/2008 06:23 PM 19,968 sermouse.sys
01/20/2008 06:23 PM 13,312 sffdisk.sys
01/20/2008 06:23 PM 12,288 sffp_mmc.sys
01/20/2008 06:23 PM 11,776 sffp_sd.sys
11/02/2006 12:51 AM 13,312 sfloppy.sys
01/20/2008 06:23 PM 55,864 SISAGP.SYS
01/20/2008 06:23 PM 41,016 sisraid2.sys
01/20/2008 06:23 PM 74,808 sisraid4.sys
04/10/2009 08:45 PM 66,560 smb.sys
01/20/2008 06:24 PM 17,408 smclib.sys
01/20/2008 06:24 PM 21,048 spldr.sys
04/10/2009 06:52 PM 684,032 spsys.sys
04/10/2009 08:15 PM 288,768 srv.sys
09/14/2009 01:29 AM 144,896 srv2.sys
04/10/2009 08:15 PM 98,816 srvnet.sys
05/11/2009 09:12 AM 28,520 ssmdrv.sys
04/10/2009 10:32 PM 122,344 Storport.sys
04/10/2009 08:42 PM 52,992 stream.sys
01/20/2008 06:23 PM 15,288 swenum.sys
11/02/2006 01:50 AM 35,944 symc8xx.sys
11/02/2006 01:49 AM 31,848 sym_hi.sys
11/02/2006 01:50 AM 34,920 sym_u3.sys
03/18/2009 09:20 AM 208,304 SynTP.sys
01/20/2008 06:24 PM 24,576 tape.sys
08/14/2009 08:27 AM 904,776 tcpip.sys
08/14/2009 05:48 AM 30,720 tcpipreg.sys
12/14/2007 10:53 AM 24,200 tdcmdpst.sys
01/20/2008 06:24 PM 20,992 tdi.sys
01/20/2008 06:24 PM 17,920 tdpipe.sys
01/20/2008 06:24 PM 29,184 tdtcp.sys
04/10/2009 08:45 PM 72,192 tdx.sys
04/10/2009 10:32 PM 53,224 termdd.sys
01/27/2009 06:12 PM 279,376 tos_sps32.sys
01/20/2008 06:24 PM 23,552 tssecsrv.sys
01/20/2008 06:24 PM 15,360 TUNMP.SYS
01/20/2008 06:24 PM 23,040 tunnel.sys
11/09/2007 01:00 PM 23,640 TVALZ_O.SYS
01/20/2008 06:23 PM 59,448 UAGP35.SYS
04/10/2009 08:13 PM 226,816 udfs.sys
01/20/2008 06:23 PM 60,984 ULIAGPKX.SYS
01/20/2008 06:23 PM 238,648 uliahci.sys
11/02/2006 01:50 AM 98,408 ulsata.sys
01/20/2008 06:23 PM 115,816 ulsata2.sys
01/20/2008 06:23 PM 34,816 umbus.sys
11/16/2009 11:18 PM UMDF
01/20/2008 06:23 PM 7,680 umpass.sys
04/10/2009 08:46 PM 15,872 usb8023.sys
04/10/2009 08:42 PM 25,856 USBCAMD.sys
04/10/2009 08:42 PM 25,856 USBCAMD2.sys
01/20/2008 06:23 PM 73,216 usbccgp.sys
11/02/2006 12:55 AM 68,608 usbcir.sys
01/20/2008 06:23 PM 5,888 usbd.sys
04/10/2009 08:42 PM 39,936 usbehci.sys
04/10/2009 08:43 PM 196,096 usbhub.sys
11/02/2006 12:55 AM 19,456 usbohci.sys
04/10/2009 08:42 PM 226,304 usbport.sys
11/02/2006 01:14 AM 18,944 usbprint.sys
04/10/2009 08:42 PM 65,536 USBSTOR.SYS
01/20/2008 06:23 PM 23,552 usbuhci.sys
01/20/2008 06:23 PM 134,016 usbvideo.sys
01/20/2008 06:24 PM 25,088 vga.sys
01/20/2008 06:23 PM 26,112 vgapnp.sys
01/20/2008 06:23 PM 56,888 VIAAGP.SYS
01/20/2008 06:23 PM 41,472 viac7.sys
01/20/2008 06:23 PM 20,024 viaide.sys
01/20/2008 06:23 PM 110,080 videoprt.sys
01/20/2008 06:23 PM 52,792 volmgr.sys
04/10/2009 10:33 PM 292,840 volmgrx.sys
04/10/2009 10:32 PM 226,280 volsnap.sys
01/20/2008 06:23 PM 130,616 vsmraid.sys
11/02/2006 12:52 AM 20,608 wacompen.sys
01/20/2008 06:24 PM 62,464 wanarp.sys
04/10/2009 08:22 PM 33,280 watchdog.sys
01/20/2008 06:23 PM 22,072 wd.sys
01/20/2008 06:23 PM 503,864 Wdf01000.sys
01/20/2008 06:23 PM 35,896 WdfLdr.sys
01/20/2008 06:23 PM 11,264 wmiacpi.sys
01/20/2008 06:23 PM 17,976 wmilib.sys
01/20/2008 06:24 PM 15,872 ws2ifsl.sys
01/20/2008 06:24 PM 51,200 WUDFPf.sys
01/20/2008 06:24 PM 83,328 WUDFRd.sys
295 File(s) 37,619,944 bytes

Directory of C:\Windows\System32\Drivers\Avg

01/12/2010 01:51 PM .
01/12/2010 01:51 PM ..
10/26/2009 11:52 AM 6,061,540 avi7.avg
01/12/2010 01:51 PM 47,748,671 incavi.avm
01/12/2010 01:51 PM 138,938 microavi.avg
11/06/2009 02:05 PM 492,629 miniavi.avg
4 File(s) 54,441,778 bytes

Directory of C:\Windows\System32\Drivers\en-US

11/16/2009 11:18 PM .
11/16/2009 11:18 PM ..
11/02/2006 04:41 AM 9,728 acpi.sys.mui
11/02/2006 04:41 AM 8,704 afd.sys.mui
11/02/2006 04:41 AM 3,072 AGP440.sys.mui
11/02/2006 04:41 AM 3,072 AMDAGP.SYS.mui
11/02/2006 04:40 AM 2,560 amdide.sys.mui
11/02/2006 04:40 AM 14,848 amdk7.sys.mui
11/02/2006 04:40 AM 14,848 amdk8.sys.mui
11/02/2006 04:41 AM 3,072 ati2mpad.sys.mui
11/02/2006 04:41 AM 3,584 ati2mtag.sys.mui
11/02/2006 04:40 AM 3,072 atikmdag.sys.mui
01/20/2008 06:25 PM 5,120 b57nd60x.sys.mui
11/02/2006 04:40 AM 7,680 battc.sys.mui
11/02/2006 04:40 AM 5,120 bcm4sbxp.sys.mui
11/02/2006 04:40 AM 2,560 BrParwdm.sys.mui
11/02/2006 04:41 AM 10,240 BrSerId.sys.mui
11/02/2006 04:40 AM 5,120 bthpan.sys.mui
04/10/2009 10:22 PM 8,192 bthport.sys.mui
11/02/2006 04:41 AM 3,072 cmbp0wdm.sys.mui
11/02/2006 04:40 AM 14,848 crusoe.sys.mui
11/02/2006 04:41 AM 3,072 cxbp0wdm.sys.mui
11/02/2006 04:40 AM 3,072 Dot4usb.sys.mui
10/08/2009 03:12 PM 4,096 dxgkrnl.sys.mui
11/02/2006 04:41 AM 5,120 e100b325.sys.mui
01/20/2008 06:25 PM 19,968 e1e6032.sys.mui
01/20/2008 06:25 PM 16,896 E1G60I32.sys.mui
11/02/2006 04:40 AM 5,120 fltmgr.sys.mui
11/02/2006 04:40 AM 3,072 GAGP30KX.SYS.mui
11/02/2006 04:41 AM 3,584 gpr400.sys.mui
11/02/2006 04:41 AM 4,096 grserial.sys.mui
04/10/2009 10:24 PM 4,096 hdaudbus.sys.mui
11/02/2006 04:41 AM 3,584 hidbth.sys.mui
01/20/2008 06:25 PM 36,864 http.sys.mui
11/02/2006 04:41 AM 10,752 i8042prt.sys.mui
11/02/2006 04:40 AM 14,848 intelppm.sys.mui
11/02/2006 04:41 AM 6,144 IPMIDrv.sys.mui
11/02/2006 04:41 AM 4,096 ipnat.sys.mui
11/02/2006 04:41 AM 4,096 isapnp.sys.mui
11/02/2006 04:41 AM 4,608 kbdclass.sys.mui
11/02/2006 04:41 AM 3,072 kbdhid.sys.mui
11/02/2006 04:41 AM 9,728 ltmdmnt.sys.mui
01/20/2008 06:25 PM 6,656 luafv.sys.mui
11/02/2006 04:41 AM 4,096 modem.sys.mui
11/02/2006 04:41 AM 4,608 mouclass.sys.mui
11/02/2006 04:41 AM 3,072 mouhid.sys.mui
01/20/2008 06:25 PM 20,480 mpio.sys.mui
11/02/2006 04:41 AM 4,096 msdsm.sys.mui
11/02/2006 04:41 AM 3,584 mssmbios.sys.mui
11/02/2006 04:41 AM 65,536 ntfs.sys.mui
11/02/2006 04:40 AM 4,096 ntrigdigi.sys.mui
11/02/2006 04:41 AM 5,120 nv4_mini.sys.mui
11/02/2006 04:41 AM 3,072 NV_AGP.SYS.mui
11/02/2006 04:40 AM 12,288 ohci1394.sys.mui
11/02/2006 04:41 AM 3,584 pacer.sys.mui
11/02/2006 04:40 AM 4,096 parport.sys.mui
11/02/2006 04:40 AM 3,072 parvdm.sys.mui
11/02/2006 04:41 AM 8,704 pci.sys.mui
11/02/2006 04:41 AM 4,608 pcmcia.sys.mui
11/02/2006 04:41 AM 3,072 pnpmem.sys.mui
11/02/2006 04:40 AM 14,848 processr.sys.mui
11/02/2006 04:41 AM 4,096 pscr.sys.mui
11/02/2006 04:41 AM 3,072 qwavedrv.sys.mui
11/02/2006 04:40 AM 3,584 RNDISMP.sys.mui
11/02/2006 04:41 AM 3,584 rndismpx.sys.mui
11/02/2006 04:41 AM 4,096 scmstcs.sys.mui
11/02/2006 04:41 AM 4,096 SCR111.sys.mui
11/02/2006 04:41 AM 3,584 scsiport.sys.mui
11/02/2006 04:40 AM 10,752 serial.sys.mui
11/02/2006 04:41 AM 5,632 sermouse.sys.mui
11/02/2006 04:41 AM 3,072 serscan.sys.mui
11/02/2006 04:41 AM 3,072 SISAGP.SYS.mui
11/02/2006 04:41 AM 3,072 srv.sys.mui
11/02/2006 04:41 AM 3,072 stcusb.sys.mui
01/20/2008 06:25 PM 5,120 tpm.sys.mui
11/02/2006 04:40 AM 3,072 UAGP35.SYS.mui
11/02/2006 04:41 AM 3,072 ULIAGPKX.SYS.mui
11/02/2006 04:40 AM 3,584 umbus.sys.mui
11/02/2006 04:41 AM 3,072 VIAAGP.SYS.mui
11/02/2006 04:40 AM 14,848 viac7.sys.mui
01/20/2008 06:25 PM 32,768 volsnap.sys.mui
11/02/2006 04:41 AM 4,608 wacompen.sys.mui
11/02/2006 04:41 AM 2,560 wd.sys.mui
01/20/2008 06:25 PM 3,072 wdf01000.sys.mui
11/02/2006 04:41 AM 5,632 yk60x86.sys.mui
83 File(s) 613,376 bytes

Directory of C:\Windows\System32\Drivers\etc

11/02/2006 03:18 AM .
11/02/2006 03:18 AM ..
09/18/2006 01:41 PM 761 hosts
09/18/2006 01:41 PM 3,683 lmhosts.sam
09/18/2006 01:41 PM 407 networks
09/18/2006 01:41 PM 1,358 protocol
09/18/2006 01:41 PM 17,244 services
5 File(s) 23,453 bytes

Directory of C:\Windows\System32\Drivers\UMDF

11/16/2009 11:18 PM .
11/16/2009 11:18 PM ..
11/16/2009 11:18 PM en-US
09/30/2009 05:01 PM 227,840 WpdFs.dll
1 File(s) 227,840 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/16/2009 11:18 PM .
11/16/2009 11:18 PM ..
09/30/2009 05:08 PM 3,072 wpdmtpdr.dll.mui
1 File(s) 3,072 bytes

Total Files Listed:
389 File(s) 92,929,463 bytes
17 Dir(s) 90,629,013,504 bytes free


***********************Hidden Drivers********************
Volume in drive C is TI100712V0E
Volume Serial Number is B82B-4BED

Directory of C:\Windows\System32\Drivers

10/26/2009 11:32 AM 13 fbd.sys
10/10/2009 01:44 PM 0 Msft_Kernel_SynTP_01007.Wdf
05/03/2009 05:45 PM 0 Msft_User_WpdFs_01_00_00.Wdf
11/16/2009 11:18 PM 0 Msft_User_WpdFs_01_07_00.Wdf
10/26/2009 11:31 AM 4 taishop.sys
5 File(s) 17 bytes
0 Dir(s) 90,629,021,696 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
Dwm.exe 1456 High C:\Windows\system32\Dwm.exe
taskeng.exe 1372 Normal C:\Windows\system32\taskeng.exe
Explorer.EXE 2076 Normal C:\Windows\Explorer.EXE
igfxtray.exe 2484 Normal C:\Windows\System32\igfxtray.exe
hkcmd.exe 2492 Normal C:\Windows\System32\hkcmd.exe
igfxpers.exe 2500 Normal C:\Windows\System32\igfxpers.exe
RtHDVCpl.exe 2516 Normal C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
TPwrMain.exe 2572 Normal C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
SmoothView.exe 2636 Normal C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
TCrdMain.exe 2660 Normal C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
SynTPEnh.exe 2692 Above Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NDSTray.exe 2708 Normal C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
TEco.exe 2792 Normal C:\Program Files\TOSHIBA\TECO\TEco.exe
TANU.exe 2872 Normal C:\Program Files\TOSHIBA\TANU\TANU.exe
TosSENotify.exe 2880 Normal C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
avgtray.exe 2896 Normal C:\Program Files\AVG\AVG8\avgtray.exe
jusched.exe 2908 Normal C:\Program Files\Java\jre6\bin\jusched.exe
igfxsrvc.exe 2972 Normal C:\Windows\system32\igfxsrvc.exe
FirewallGUI.exe 3028 Normal C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
robotaskbaricon.exe 3036 Normal C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
Steam.exe 3052 Normal C:\Program Files\Steam\Steam.exe
ManyCam.exe 3060 Normal C:\Program Files\ManyCam 2.4\ManyCam.exe
igfxext.exe 3252 Normal C:\Windows\system32\igfxext.exe
CFSwMgr.exe 2272 Normal C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
wscsvc32.exe 4464 Normal C:\Users\Student\AppData\Local\Temp\wscsvc32.exe
AsirraHashGatherer.exe 4844 Normal C:\Users\Student\Desktop\AsirraHashGatherer\AsirraHashGatherer.exe
firefox.exe 6128 Normal C:\Program Files\Mozilla Firefox\firefox.exe
CLDL.exe 5340 Normal C:\Users\Student\Desktop\CLDLv1.20\CLDL.exe
IEUser.exe 4956 Normal C:\Program Files\Internet Explorer\IEUser.exe
DllHost.exe 5612 Normal C:\Windows\system32\DllHost.exe
cmd.exe 5304 Normal C:\Windows\system32\cmd.exe
processes.exe 6028 Normal C:\Users\Student\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(2076)
MODULE BASE SIZE PATH
Explorer.EXE 6f0000 2936832 C:\Windows\Explorer.EXE 6.0.6000.16386 (vista_rtm.061101-2205) Windows Explorer
ntdll.dll 77070000 1208320 C:\Windows\system32\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NT Layer DLL
kernel32.dll 75b90000 901120 C:\Windows\system32\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT BASE API Client DLL
ADVAPI32.dll 76c30000 811008 C:\Windows\system32\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Advanced Windows 32 Base API
RPCRT4.dll 76ec0000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Procedure Call Runtime
GDI32.dll 76af0000 307200 C:\Windows\system32\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) GDI Client DLL
USER32.dll 76b40000 643072 C:\Windows\system32\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows USER API Client DLL
msvcrt.dll 77220000 696320 C:\Windows\system32\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830) Windows NT CRT DLL
SHLWAPI.dll 76f90000 364544 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 75e60000 11599872 C:\Windows\system32\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Shell Common Dll
ole32.dll 76970000 1331200 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 76d00000 577536 C:\Windows\system32\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
SHDOCVW.dll 6f300000 1081344 C:\Windows\system32\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Doc Object and Control Library
UxTheme.dll 744a0000 258048 C:\Windows\system32\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
POWRPROF.dll 74a30000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Power Profile Helper DLL
dwmapi.dll 6f9a0000 49152 C:\Windows\system32\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Desktop Window Manager API
gdiplus.dll 74140000 1748992 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll 5.2.6002.18005 (lh_sp2rtm.090410-1830) Microsoft GDI+
slc.dll 75050000 237568 C:\Windows\system32\slc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Software Licensing Client Dll
PROPSYS.dll 73e90000 765952 C:\Windows\system32\PROPSYS.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Property System
BROWSEUI.dll 6f1a0000 1335296 C:\Windows\system32\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Browser UI Library
IMM32.dll 771d0000 122880 C:\Windows\system32\IMM32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75ac0000 819200 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
DUser.dll 74700000 196608 C:\Windows\system32\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows DirectUser Engine
LPK.DLL 771b0000 36864 C:\Windows\system32\LPK.DLL 6.0.6002.18051 (vistasp2_gdr.090615-0258) Language Pack
USP10.dll 75d00000 512000 C:\Windows\system32\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-1830) Uniscribe Unicode script processor
avgrsstx.dll 6c1b0000 20480 C:\Windows\system32\avgrsstx.dll 8.5.0.401 AVG Resident Shield Starter
comctl32.dll 75370000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll 6.10 (longhorn_rtm.080118-1840) User Experience Controls Library
WININET.dll 75d80000 856064 C:\Windows\system32\WININET.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Extensions for Win32
Normaliz.dll 771c0000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
iertutil.dll 76be0000 282624 C:\Windows\system32\iertutil.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Run time utility for Internet Explorer
USERENV.dll 75790000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 C:\Windows\system32\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-0258) Security Support Provider Interface
WS2_32.dll 771f0000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 771a0000 24576 C:\Windows\system32\NSI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NSI User-mode interface DLL
WindowsCodecs.dll 715c0000 999424 C:\Windows\system32\WindowsCodecs.dll 7.0.6002.18107 (vistasp2_gdr_win7ip_dgt(wmbla).090924-1550) Microsoft Windows Codecs Library
apphelp.dll 75710000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
CLBCatQ.DLL 75c70000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6931.18000 (longhorn_rtm.080118-1840) COM+ Configuration Catalog
EhStorShell.dll 6ef50000 126976 C:\Windows\system32\EhStorShell.dll 5.2.3790.1830 Windows Enhanced Storage Shell Extension
IconCodecService.dll 6edd0000 24576 C:\Windows\system32\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205) Converts a PNG part of the icon to a legacy bmp icon
rsaenh.dll 74af0000 241664 C:\Windows\system32\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Enhanced Cryptographic Provider
timedate.cpl 6e560000 729088 C:\Windows\system32\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-1840) Time Date Control Panel Applet
ATL.DLL 74390000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETAPI32.dll 755e0000 483328 C:\Windows\system32\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Net Win32 API DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
OLEACC.dll 748c0000 249856 C:\Windows\system32\OLEACC.dll 7.0.6002.18155 (vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active Accessibility Core Component
actxprxy.dll 6e620000 339968 C:\Windows\System32\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ActiveX Interface Marshaling Library
WINBRAND.dll 74bb0000 880640 C:\Windows\system32\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Branding Resources
shacct.dll 73f50000 90112 C:\Windows\System32\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Shell Accounts Classes
SAMLIB.dll 75210000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) SAM Library DLL
msshsq.dll 6e520000 245760 C:\Windows\System32\msshsq.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Structured Query
NaturalLanguage6.dll 6e380000 815104 C:\Windows\System32\NaturalLanguage6.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Natural Language Development Platform 6
CRYPT32.dll 75090000 991232 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751f0000 73728 C:\Windows\System32\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-2340) ASN.1 Runtime APIs
authui.dll 744e0000 1998848 C:\Windows\system32\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Authentication UI
MSIMG32.dll 747d0000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
LINKINFO.dll 6edc0000 36864 C:\Windows\system32\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Volume Tracking
urlmon.dll 76d90000 1220608 C:\Windows\system32\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-1840) OLE32 Extensions for Win32
ieframe.dll 6e680000 6094848 C:\Windows\system32\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
WINMM.dll 74900000 204800 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
msiltcfg.dll 6edb0000 28672 C:\Windows\system32\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205) Windows Installer Configuration API Stub
VERSION.dll 74870000 32768 C:\Windows\system32\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Version Checking and File Installation Libraries
msi.dll 6e150000 2256896 C:\Windows\system32\msi.dll 4.5.6002.18005 Windows Installer
NTMARTA.DLL 74a50000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 75a70000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
wdmaud.drv 73c60000 192512 C:\Windows\system32\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205) Winmm audio system driver
ksuser.dll 742f0000 16384 C:\Windows\system32\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205) User CSA Library
MMDevAPI.DLL 73e60000 163840 C:\Windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
AVRT.dll 74300000 28672 C:\Windows\system32\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multimedia Realtime Runtime
SETUPAPI.dll 758e0000 1613824 C:\Windows\system32\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Setup API
ntshrui.dll 6e100000 303104 C:\Windows\system32\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell extensions for sharing
WINTRUST.dll 73e30000 184320 C:\Windows\system32\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Trust Verification APIs
imagehlp.dll 76ac0000 167936 C:\Windows\system32\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT Image Helper
cscapi.dll 6ed30000 45056 C:\Windows\system32\cscapi.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Offline Files Win32 API
AUDIOSES.DLL 73b70000 135168 C:\Windows\system32\AUDIOSES.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830) Audio Session
audioeng.dll 72fe0000 417792 C:\Windows\system32\audioeng.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Engine
ExplorerFrame.dll 6ed20000 36864 C:\Windows\system32\ExplorerFrame.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) ExplorerFrame
SXS.DLL 756b0000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
msacm32.drv 73da0000 36864 C:\Windows\system32\msacm32.drv 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sound Mapper
MSACM32.dll 72fc0000 81920 C:\Windows\system32\MSACM32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft ACM Audio Filter
midimap.dll 73d90000 28672 C:\Windows\system32\midimap.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft MIDI Mapper
stobject.dll 6a630000 598016 C:\Windows\system32\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205) Systray shell service object
BatMeter.dll 69f90000 745472 C:\Windows\system32\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Battery Meter Helper DLL
WTSAPI32.dll 747c0000 40960 C:\Windows\system32\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Terminal Server SDK APIs
WINSTA.dll 74c90000 151552 C:\Windows\system32\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Winstation Library
es.dll 72dc0000 286720 C:\Windows\system32\es.dll 2001.12.6932.18005 (lh_sp2rtm.090410-1830) COM+
SndVolSSO.dll 69e40000 196608 C:\Windows\System32\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) SCA Volume
ehSSO.dll 69d60000 135168 C:\Windows\ehome\ehSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Media Center Shell Service Object
HID.DLL 73b60000 36864 C:\Windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
FirewallAPI.dll 747e0000 417792 C:\Windows\system32\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Firewall API
netshell.dll 69740000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
IPHLPAPI.DLL 74fe0000 102400 C:\Windows\System32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 74fa0000 217088 C:\Windows\System32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75510000 180224 C:\Windows\System32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 74f90000 28672 C:\Windows\System32\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Store Information RPC interface
dhcpcsvc6.DLL 74f60000 139264 C:\Windows\System32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
nlaapi.dll 748b0000 61440 C:\Windows\System32\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Location Awareness 2
pnidui.dll 69ba0000 1830912 C:\Windows\system32\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network System Icon
QUtil.dll 6a980000 94208 C:\Windows\system32\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Utilities
wevtapi.dll 75000000 262144 C:\Windows\system32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
wlanutil.dll 71230000 24576 C:\Windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 Utility DLL
npmproxy.dll 6ded0000 32768 C:\Windows\System32\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network List Manager Proxy
Wlanapi.dll 6ffb0000 73728 C:\Windows\system32\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 71260000 1556480 C:\Windows\system32\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) IEEE 802.1X supplicant library
eappprxy.dll 72ef0000 57344 C:\Windows\system32\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 714e0000 147456 C:\Windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
bcrypt.dll 74eb0000 282624 C:\Windows\system32\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Windows Cryptographic Primitives Library
AltTab.dll 74020000 53248 C:\Windows\System32\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Alt Tab
wpdshserviceobj.dll 6ed90000 102400 C:\Windows\system32\wpdshserviceobj.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device Shell Service Object
PortableDeviceTypes.dll 6ecb0000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 6ba30000 352256 C:\Windows\system32\PortableDeviceApi.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device API Components
mssprxy.dll 6bba0000 45056 C:\Windows\system32\mssprxy.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Search Proxy
taskschd.dll 6fae0000 368640 C:\Windows\system32\taskschd.dll 6.0.6000.16386 (vista_rtm.061101-2205) Task Scheduler COM API
XmlLite.dll 74360000 192512 C:\Windows\system32\XmlLite.dll 1.2.1009.0 Microsoft XmlLite Library
srchadmin.dll 6ec60000 315392 C:\Windows\System32\srchadmin.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Indexing Options
webcheck.dll 6e480000 245760 C:\Windows\system32\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-2205) Web Site Monitor
SyncCenter.dll 69230000 2211840 C:\Windows\System32\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sync Center
bthprops.cpl 6b2a0000 667648 C:\Windows\system32\bthprops.cpl 6.0.6002.18005 (lh_sp2rtm.090410-1830) Bluetooth Control Panel Applet
QAgent.dll 6a950000 188416 C:\Windows\System32\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Agent Proxy
fwpuclnt.dll 70040000 614400 C:\Windows\System32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
Cabinet.dll 71200000 86016 C:\Windows\system32\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft® Cabinet File API
MPR.dll 75190000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
FunDisc.dll 6f090000 163840 C:\Windows\system32\FunDisc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Function Discovery Dll
fdproxy.dll 6edf0000 40960 C:\Windows\system32\fdproxy.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Function Discovery Proxy Dll
ncrypt.dll 74f00000 217088 C:\Windows\system32\ncrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Windows cryptographic library
GPAPI.dll 74ad0000 86016 C:\Windows\system32\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Group Policy Client API
cryptnet.dll 6e460000 110592 C:\Windows\system32\cryptnet.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Crypto Network Related API
SensApi.dll 6f0c0000 24576 C:\Windows\system32\SensApi.dll 6.0.6000.16386 (vista_rtm.061101-2205) SENS Connectivity API DLL
WINHTTP.dll 70d80000 389120 C:\Windows\system32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
mswsock.dll 74dc0000 241664 C:\Windows\system32\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74db0000 20480 C:\Windows\System32\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv4)
wship6.dll 74da0000 20480 C:\Windows\System32\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv6)
napinsp.dll 74890000 61440 C:\Windows\system32\napinsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) E-mail Naming Shim Provider
pnrpnsp.dll 74850000 73728 C:\Windows\system32\pnrpnsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) PNRP Name Space Provider
winrnr.dll 74880000 32768 C:\Windows\System32\winrnr.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) LDAP RnR Provider DLL
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,6,2 Bonjour Namespace Provider
rasadhlp.dll 748a0000 24576 C:\Windows\system32\rasadhlp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access AutoDial Helper
RASAPI32.dll 74980000 303104 C:\Windows\system32\RASAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access API
rasman.dll 74a10000 81920 C:\Windows\system32\rasman.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Access Connection Manager
TAPI32.dll 74940000 200704 C:\Windows\system32\TAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 74e00000 49152 C:\Windows\system32\rtutils.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Routing Utilities
credssp.dll 74ea0000 28672 C:\Windows\system32\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) TS Single Sign On Security Package
schannel.dll 74b60000 278528 C:\Windows\system32\schannel.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) TLS / SSL Security Provider
rarext.dll 6d1e0000 180224 C:\Program Files\WinRAR\rarext.dll
syncui.dll 6d110000 188416 C:\Windows\system32\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Briefcase
SYNCENG.dll 6d150000 90112 C:\Windows\system32\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Briefcase Engine
avgse.dll 6c330000 118784 C:\Program Files\AVG\AVG8\avgse.dll 8.5.0.401 AVG Shell Extension
MSVCP80.dll 73bd0000 552960 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll 8.00.50727.4053 Microsoft® C++ Runtime Library
MSVCR80.dll 74050000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll 8.00.50727.4053 Microsoft® C Runtime Library
NLSData0009.dll 6da20000 4886528 C:\Windows\System32\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 6d790000 2650112 C:\Windows\System32\NLSLexicons0009.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Microsoft English Natural Language Server Data and Code
MLANG.dll 6e0b0000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
thumbcache.dll 6d000000 90112 C:\Windows\system32\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Thumbnail Cache



******************************************
EOF

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 13, 2010 11:37 pm

Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.

C:\Windows\System32\Drivers\taishop.sys

Do the same for these two files:

C:\windows\system32\user32.dll
C:\Windows\System32\Drivers\fbd.sys


Then click submit.

Please post the results (URL) to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 13, 2010 11:50 pm

[You must be registered and logged in to see this link.]
User32.dll

I do not have the other 2.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Jan 14, 2010 12:26 am

Please try user32.dll again, but this time, have it analyzed again instead of the past analysis.

User32.dll is a core Windows system file and is required for Windows to work. It is important for it not to be infected.

==

The other two are going to have to be scanned.

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 12:40 am

[You must be registered and logged in to see this link.]

Starting scan now.

HOLY BATMAN
The scan says it will take 25 hours?!

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 1:08 am

When I scanned at first it was going smoothly, then it said that system files were damaged and then my computer restarted. I booted into safe mode and I'm going to scan while in safe mode.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 2:15 am

Here we go. Time


00:56:07

Files


477991

Folders


22348

Boot Sectors


0

Archives


2601

Packed Files


12377







Results

Identified Viruses


2

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


4856582

Engine build


AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)

Scan plugins


17

Archive plugins


44

Unpack plugins


8

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Users\Student\AppData\Local\Temp\twunk_32x.exe


Infected with: Trojan.Downloader.FakeAlert.EH

C:\Users\Student\AppData\Local\Temp\twunk_32x.exe


Deleted

C:\Users\Student\AppData\Local\Temp\wscsvc32.exe


Infected with: Gen:Trojan.Heur.Iu0@vzlzr@jkx

C:\Users\Student\AppData\Local\Temp\wscsvc32.exe


Disinfection failed

C:\Users\Student\AppData\Local\Temp\wscsvc32.exe


Deleted

C:\Windows\Temp\{B2E735A5-B280-C2E4-EA55-BB5C5E0E096F}-twunk_32x.exe=>(Quarantine-PE)


Infected with: Trojan.Downloader.FakeAlert.EH

C:\Windows\Temp\{B2E735A5-B280-C2E4-EA55-BB5C5E0E096F}-twunk_32x.exe=>(Quarantine-PE)


Deleted

C:\Windows\Temp\{B2E735A5-B280-C2E4-EA55-BB5C5E0E096F}-twunk_32x.exe


Deleted

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Jan 14, 2010 2:50 am

Please download [You must be registered and logged in to see this link.] and save to your desktop.
[You must be registered and logged in to see this link.]

  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "[You must be registered and logged in to see this link.]".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 2:57 am

When I open it, I get an error "Unable to load nsak.sys. Error (0x00000001)

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Jan 14, 2010 3:01 am

Bring it on

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 5:24 am

Everytime I try to save a log the computer crashes and goes to a memory dump, blue screen thing.

Edit: This program called "Unreal Media Booster v6.0" wont uninstall.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Jan 14, 2010 5:37 am

Download WhoCrashed [You must be registered and logged in to see this link.]
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 5:44 am

Ugh, sorry for all the problems DragonMaster Jay, Thanks for continuing to help.

After installing I get an error:

Unable to execute file:
C:\Program Files\WhoCrashes\whocrashed.exe

CreateProcess failed; code 740.
The requested operation requires elevation.

EDIT: Working now

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Jan 14, 2010 5:47 am

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Thu 1/14/2010 5:22:46 AM your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x19 (0x21, 0xA2FA0000, 0x4B278, 0x3)
Error: BAD_POOL_HEADER
Dump file: C:\Windows\Minidump\Mini011310-04.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Thu 1/14/2010 4:16:09 AM your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x19 (0x21, 0xBE420000, 0x4B278, 0x640065)
Error: BAD_POOL_HEADER
Dump file: C:\Windows\Minidump\Mini011310-03.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Wed 1/13/2010 10:58:07 PM your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x1000008E (0xC0000005, 0x81E640B4, 0xB6E6E3AC, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini011310-02.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Wed 1/13/2010 9:45:36 AM your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x1000008E (0xC0000005, 0x81E9B0B4, 0xBDEE73AC, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini011310-01.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 11/7/2009 5:55:29 AM your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x1000008E (0xC0000005, 0x81C5129E, 0xB0003770, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini110609-01.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

5 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. nȯne it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Jan 14, 2010 1:39 pm

Please download [You must be registered and logged in to see this link.] to your desktop.


Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.


Then, go to [You must be registered and logged in to see this link.], and upload the picture for me please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sun Jan 17, 2010 12:53 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]
I think you wanted this.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Sun Jan 17, 2010 2:38 am

Oh I see.

Most system problems are caused because the user is running as an administrator of the machine. Microsoft explicitly urged all users running Vista or 7 to run a Limited Account not an Administrator Account.

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Let me know how the computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sun Jan 17, 2010 2:42 am

I'm currently scanning, but I have a quick question as it scans. Is this going to fix the pop up problem, and the "... .exe has stopped responding" when I try to run almost everything?

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sun Jan 17, 2010 3:12 am

It said it found some corrupted files but couldn't fix some.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Sun Jan 17, 2010 3:24 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then try the scan and fix again, It should repair them in Safe Mode.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sun Jan 17, 2010 3:57 am

I got the same thing.
I made a standard account also like you said.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Sun Jan 17, 2010 4:20 am

And you for sure do not have the Vista disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sun Jan 17, 2010 4:26 am

100% sure.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Tue Jan 26, 2010 9:02 am

Anything else we can do?

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Tue Jan 26, 2010 3:56 pm

Delete this if you have it.

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Jan 27, 2010 5:51 am

It says "ComboFix.exe" is not working.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Jan 27, 2010 11:44 am

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Fri Jan 29, 2010 5:25 am

1/28/2010 7:48:06 PM Task started
1/28/2010 8:30:48 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:30:49 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:30:49 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 8:32:05 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:32:05 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:33:30 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 8:33:30 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class Postponed
1/28/2010 8:35:29 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:35:29 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:37:52 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 8:37:52 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000 Postponed
1/28/2010 8:37:53 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\Local Settings\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 9:03:55 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0000
1/28/2010 9:04:19 PM Detected: HEUR:Exploit.Script.Generic C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDQWB00\cache_readme[1].pdf/data0001
1/28/2010 9:04:19 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 9:04:26 PM Deleted: Trojan-Downloader.Java.OpenStream.ad C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-4ab90f3a/myf/y/PayloadX.class
1/28/2010 9:04:26 PM Task completed


There was no button that said save log. So I just copied it this stuff.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Fri Jan 29, 2010 11:19 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Wed Feb 03, 2010 12:44 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0c49d8cdf12ded4f855dd327aa192ece
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-03 12:38:34
# local_time=2010-02-03 04:38:34 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 828521 828521 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1866887 101804393 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=137435
# found=1
# cleaned=0
# scan_time=3848
${Memory} a variant of Win32/Kryptik.BXQ trojan 00000000000000000000000000000000 I

Sorry it took so long to reply.

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Wed Feb 03, 2010 4:00 pm

Delete any copies you have.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Feb 04, 2010 7:32 am

For some reason my browser is blocking Bleeping Computer.

Edit: I transferred ComboFix from my desktop to his laptop. I ran it as a regular user on the limited account, I double click it, the hour glass comes up for like 3 seconds and then goes away. I let it sit there just in case, and nothing. I ran as an admin on a limited user, still nothing. I ran on the admin account, and I get the message "ComboFix.exe has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Feb 04, 2010 7:54 am

I got HJT to run!
I thought we hit a dead end, I love you DMJ!

Here is the log, maybe we can get somewhere now.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:53:14 PM, on 2/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 9990 bytes

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Thu Feb 04, 2010 4:14 pm

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):


  • Ask Toolbar


Please re-open HijackThis and click Do a System Scan only. Check the boxes to the left of all the entries listed below.

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Ask.com


Please reboot your computer again, and post a new HijackThis log here in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Thu Feb 04, 2010 9:37 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:36:00 PM, on 2/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 9749 bytes


Everytime I start up my computer, I get a "... has stopped working"
Like windows defender, and stuff like that. I also got a MSASCui.exe failed to initialize

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Fri Feb 05, 2010 12:52 am

Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Fri Feb 05, 2010 5:02 am

That also comes up as "SmitfraudFix.exe has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Fri Feb 05, 2010 5:53 pm

Haha...

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Sat Feb 06, 2010 7:54 am

DAMN!
I forgot to save file before I rebooted!
I know it deleted around 15 things, and I can now run stuff and don't get the "... has stopped working"

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28788
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum