Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

frequent crashes on laptop with vista, sometimes with blue screen

Started by wargoat , Apr 26 2011 08:05 AM

  • This topic is locked This topic is locked

#16
Render
Posted 21 May 2011 - 08:09 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Leave AVP Tool for now and do this:

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

Advertisements

#17
wargoat
Posted 22 May 2011 - 05:42 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ok where did we left off,

Before reading your last post i gave it another try with the kaspersky tool. I scanned only the first three (hidden .., boot.. and startup..). The scan completed and found no infections. Report below

Autoscan: defect (gebeurtenissen: 1, objecten: 0, tijd: Onbekend)
20/05/2011 17:52:25 Taak gestart Standaard actie geselecteerd
Autoscan: voltooid 15 minuten geleden (gebeurtenissen: 6, objecten: 5652, tijd: 00:06:24)
22/05/2011 13:15:36 Taak gestart Standaard actie geselecteerd
21/05/2011 18:57:51 Taak gestopt Standaard actie geselecteerd
21/05/2011 18:46:37 Taak gestart Standaard actie geselecteerd
21/05/2011 18:46:21 Taak gestopt Standaard actie geselecteerd
21/05/2011 15:52:41 Taak gestart Standaard actie geselecteerd
22/05/2011 13:22:01 Taak voltooid Standaard actie geselecteerd

Now I'm trying the gather system information, if that works i'll post the report and after that i'll run that rootkit unhooker.

Thx for your time!
  • 0

#18
wargoat
Posted 22 May 2011 - 06:06 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ok, finished gathering information with the kaspersky tool and this got me:

Verzamelen van Systeeminformatie: voltooid 15116 dagen geleden (gebeurtenissen: 12)
22/05/2011 13:48:18 Verzamelen van Systeeminformatie Taak voltooid
22/05/2011 13:41:18 >> Automatisch afspelen van CD/DVD Uitschakelen
22/05/2011 13:40:14 CmpCallCallBacks = 00000000
22/05/2011 13:38:49 IAT wijziging gedetecteerd: FreeLibrary - 00C80400<>774E3DB4
22/05/2011 13:38:49 IAT wijziging gedetecteerd: GetProcAddress - 00C80390<>774E903B
22/05/2011 13:38:49 IAT wijziging gedetecteerd: LoadLibraryA - 00C80320<>774C94DC
22/05/2011 13:38:49 IAT wijziging gedetecteerd: LoadLibraryW - 00C80240<>774C9362
22/05/2011 13:38:49 IAT wijziging gedetecteerd: CreateProcessW - 00C80160<>774A1BF3
22/05/2011 13:38:49 IAT wijziging gedetecteerd: GetModuleFileNameW - 00C800F0<>774EB27E
22/05/2011 13:38:49 IAT wijziging gedetecteerd: GetModuleFileNameA - 00C80080<>774EB6BD
22/05/2011 13:38:49 IAT wijziging gedetecteerd: CreateProcessA - 00C80010<>774A1C28
22/05/2011 13:38:39 Verzamelen van Systeeminformatie Taak gestart


After that i ran the rootkit unhooker with this result:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x90000000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 8241152 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 167.62 )
0x91C04000 C:\Windows\system32\DRIVERS\93828961.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x91602000 C:\Windows\system32\DRIVERS\kl1.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x8241C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8241C000 PnpManager 3907584 bytes
0x8241C000 RAW 3907584 bytes
0x8241C000 WMIxWDM 3907584 bytes
0x90A0F000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2592768 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x81AC0000 Win32k 2113536 bytes
0x81AC0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0x8AA03000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-bestandssysteemstuurprogramma)
0x8300F000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83200000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code-integriteitsmodule)
0xA1469000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82A05000 C:\Windows\system32\DRIVERS\iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9F001000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x83314000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x90803000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80607000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82B84000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9F108000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-protocolstack)
0x90D2F000 C:\Windows\system32\DRIVERS\itecir.sys 356352 bytes (Windows ® Codename Longhorn DDK provider, SMSC Consumer IR Driver for eHome)
0x91023000 C:\Windows\system32\DRIVERS\9382896.sys 327680 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wlh_x86])
0xA1402000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x90C88000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x80739000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91B22000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80690000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0x80496000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x908BF000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x833B4000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x91BB1000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x83145000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x92124000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0x921BD000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AB13000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0x8318F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x827D6000 ACPI_HAL 208896 bytes
0x807A8000 C:\Windows\system32\drivers\CHDRT32.sys 208896 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x827D6000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82B39000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Bestandssysteemfilterbeheer)
0x910FF000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x90890000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x805B7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x90DA4000 C:\Windows\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8311A000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9099B000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9F0C1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9119A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AB63000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0x9115C000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x82B13000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x831D5000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90922000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8AB9B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9F1C0000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x91002000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x91096000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F1E1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82AD4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9F175000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92185000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterstuurprogramma voor LUA-bestandsvirtualisatie)
0x90CF2000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9F192000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90DE6000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91182000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91145000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82AFC000 C:\Windows\system32\DRIVERS\jraid.sys 94208 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0x90900000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x805E4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x91B6A000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-pakketplanner)
0x910E9000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x921A0000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x9F1AB000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x90968000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90954000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90D1B000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91131000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x90D86000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-poortstuurprogramma)
0x9F0F5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91B8E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8AB8A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x831C4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Stuurprogramma voor platformspecifieke hardwarefouten)
0x82B6B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x807DB000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9F0B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80798000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90CD4000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x9097D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x83305000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x92176000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AB54000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x90945000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90D0C000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x83180000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x90CE4000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81D00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x909C5000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x91B80000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x910D2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8ABC5000 C:\Windows\system32\DRIVERS\93828962.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0x909E5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80683000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA1551000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9108A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x907DC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x909F2000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x90D99000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0x90DD3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0x910C7000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90917000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90A03000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8ABDF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x907E8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80720000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9216C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82AF2000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x909D3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F0EB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x91BED000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA1547000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x91BA1000 C:\Windows\System32\Drivers\udfpt.SYS 40960 bytes
0x8ABBC000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91073000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8ABF7000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x907F3000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, Stuurprogramma voor HID-toetsenbordfilter)
0xA155D000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82B7B000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x910E0000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81CE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ABEA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x90DDE000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x82ACC000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x909DD000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0x806DF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x910B7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x910BF000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AB4C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x91083000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9098D000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80783000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80406000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9107C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x91BAB000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8ABF3000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8071D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x90A00000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0x90DFE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90DD1000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00410000 Hidden Image-->WiFi.resources.dll [ EPROCESS 0x85753830 ] PID: 3064, 184320 bytes
0x00A70000 Hidden Image-->WiFiCore.dll [ EPROCESS 0x85753830 ] PID: 3064, 61440 bytes
  • 0

#19
Render
Posted 22 May 2011 - 06:58 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It seems malware free from logs. Let's try with this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#20
wargoat
Posted 22 May 2011 - 07:42 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Succes, disabled antivir before running but not windows defender, don't know it that's a problem.

ComboFix 11-05-21.03 - Jan 22/05/2011 15:24:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3062.2181 [GMT 2:00]
Gestart vanuit: c:\users\Jan\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
G:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))
.
.
2011-05-22 13:32 . 2011-05-22 13:32 -------- d-----w- c:\users\Jan\AppData\Local\temp
2011-05-20 15:48 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\93828962.sys
2011-05-20 15:48 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\9382896.sys
2011-05-20 15:48 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\93828961.sys
2011-05-20 08:09 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C65C1C2B-5CDC-4CE0-A25B-F79C441F1EA6}\mpengine.dll
2011-05-19 15:58 . 2011-05-19 15:58 -------- d-----w- C:\_OTL
2011-05-16 13:37 . 2011-05-16 13:37 -------- d-----w- c:\users\Jan\AppData\Roaming\Media Player Classic
2011-05-16 13:08 . 2011-05-16 13:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 13:07 . 2011-05-15 13:07 -------- d-----w- c:\users\Jan\AppData\Local\Apps
2011-05-11 07:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:33 . 2011-05-18 20:29 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2011-04-27 13:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:14 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 13:00 . 2011-04-26 13:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Reviversoft
2011-04-26 12:59 . 2011-03-16 11:28 16704 ----a-w- c:\windows\system32\roboot.exe
2011-04-26 11:28 . 2011-04-26 11:28 -------- d-----w- c:\programdata\Media Get LLC
2011-04-25 22:20 . 2011-04-25 22:20 -------- d-----w- C:\Temp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 12:58 . 2010-04-19 22:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 12:51 . 2011-04-06 12:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 12:51 . 2011-04-06 12:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 12:51 . 2011-04-06 12:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 12:51 . 2011-04-06 12:51 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 12:51 . 2011-04-06 12:51 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 12:51 . 2011-04-06 12:51 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 12:51 . 2011-04-06 12:51 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 12:51 . 2011-04-06 12:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 12:51 . 2011-04-06 12:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 12:51 . 2011-04-06 12:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 12:51 . 2011-04-06 12:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 12:51 . 2011-04-06 12:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 12:51 . 2011-04-06 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 12:51 . 2011-04-06 12:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 12:51 . 2011-04-06 12:51 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 12:51 . 2011-04-06 12:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 12:51 . 2011-04-06 12:51 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 12:51 . 2011-04-06 12:51 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 12:51 . 2011-04-06 12:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 11:38 . 2010-04-14 10:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-16 08:41 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-16 08:41 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-16 08:41 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 13:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 13:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 13:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 13:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-16 08:41 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-16 08:41 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13 . 2011-03-23 12:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 12:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 12:47 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-16 08:41 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-16 08:41 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-16 08:41 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-16 08:41 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_20.05.2011_18-09.lnk - c:\users\Jan\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_18-09\startup.exe [2011-5-20 72208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2006-3-11 270336]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WiFiStation.exe [2008-8-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\system32\DRIVERS\cxavsaud_IBV32.sys [2006-11-02 10368]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ccd8f50d9593;Google Updateservice (gupdate1c9ccd8f50d9593);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
R3 PCIUtil;PCI Utility;c:\users\Jan\AppData\Local\Temp\PCIUtil.sys [x]
R3 utyymtcw;AVZ Kernel Driver;c:\windows\system32\Drivers\utyymtcw.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 93828962;93828962 Boot Guard Driver;c:\windows\system32\DRIVERS\93828962.sys [2009-10-22 37392]
S1 93828961;93828961;c:\windows\system32\DRIVERS\93828961.sys [2009-09-25 128016]
S1 setup_9.0.0.722_20.05.2011_18-09drv;setup_9.0.0.722_20.05.2011_18-09drv;c:\windows\system32\DRIVERS\9382896.sys [2009-10-09 311312]
S1 udfpt;udfpt; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-22 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-11 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-Picasa2 - c:\program files\Picasa2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 15:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1783622925-2638716330-3058166797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E559F8D7-0E5D-6498-F750-9B456D0CAA50}*]
"bbonieihmnclcjpeaadihnljobdolabofgcp"=hex:61,61,00,00
"abonieihmnclcjpeaaciepoaenpakljhkl"=hex:61,61,00,00
.
Voltooingstijd: 2011-05-22 15:34:39
ComboFix-quarantined-files.txt 2011-05-22 13:34
.
Pre-Run: 3.300.446.208 bytes beschikbaar
Post-Run: 3.339.653.120 bytes beschikbaar
.
- - End Of File - - 4F5AA8AC685AB90E1DBFE62957D40037
  • 0

#21
Render
Posted 22 May 2011 - 07:54 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try this:

  • Please download WhoCrashed 3.01 from here to your Desktop.
  • Install it and run it.
  • Click on Analyze button.
  • Select all (CTRL+A) and then copy (CTRL+C).
  • Paste (CTRL+V) contents of clipboard in your next reply.

  • 0

#22
wargoat
Posted 22 May 2011 - 08:08 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
--------------------------------------------------------------------------------
Welcome to WhoCrashed HOME EDITION v 3.01
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.


To obtain technical support visit www.resplendence.com/support

To check if an update of this program is available, click here.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should ge the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.



--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: JAN
windows version: Windows Vista Service Pack 2, 6.0, build: 6002
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™2 Duo CPU T5550 @ 1.83GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3210420224 total
VM: 2147352576, free: 1963139072



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  • 0

#23
Render
Posted 22 May 2011 - 11:08 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please download Speccy from here install and run it.
  • Wait a few minutes then click File menu then Save as Text file... and save report to your desktop.
  • Please attach that report in your next reply.

How to add an attachment to a new topic or reply
  • 0

#24
wargoat
Posted 23 May 2011 - 08:09 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here we go
  • 0

#25
Render
Posted 23 May 2011 - 09:07 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.:)
  • 0

Advertisements

#26
wargoat
Posted 23 May 2011 - 09:32 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
third try

I removed the Speccy log because it contains your Vista activation key.


Edited by Render.
  • 0

#27
Render
Posted 23 May 2011 - 09:34 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Do the following now:

Please delete Combo-Fix.exe from your desktop.

Please download ComboFix from Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
During the download, rename Combofix_N.exe to ENG_LANG.exe.
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on ENG_LANG.exe & follow the prompts.
When finished, it will produce a report for you.
Please post that log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • 0

#28
wargoat
Posted 23 May 2011 - 10:07 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello, done running combofix again but ran into a possible issue. During the scan a screen appeared saying PEV.exe stopped working and should be closed. I left the screen as it was and combofix finished the scan as normal. After i got the log i googled the PEV.exe to see what it was and found it is probably related to combofix and although some antivirusprograms see it as a problem, it isn't one somehing something. Anyway, just wanted to tell you i ran into it and the file is on my laptop.

ComboFix 11-05-22.02 - Jan 23/05/2011 17:45:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3062.1764 [GMT 2:00]
Gestart vanuit: c:\users\Jan\Desktop\ENG_LANG.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-23 to 2011-05-23 ))))))))))))))))))))))))))))))
.
.
2011-05-23 15:53 . 2011-05-23 15:53 -------- d-----w- c:\users\Jan\AppData\Local\temp
2011-05-23 15:53 . 2011-05-23 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-23 15:35 . 2011-05-23 15:35 -------- d-----w- c:\program files\Defraggler
2011-05-23 13:57 . 2011-05-23 13:57 -------- d-----w- c:\program files\Speccy
2011-05-22 14:06 . 2011-05-22 14:06 -------- d-----w- c:\program files\WhoCrashed
2011-05-22 13:21 . 2011-05-22 13:34 -------- d-----w- C:\Combo-Fix
2011-05-20 08:09 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C65C1C2B-5CDC-4CE0-A25B-F79C441F1EA6}\mpengine.dll
2011-05-19 15:58 . 2011-05-19 15:58 -------- d-----w- C:\_OTL
2011-05-16 13:37 . 2011-05-16 13:37 -------- d-----w- c:\users\Jan\AppData\Roaming\Media Player Classic
2011-05-16 13:08 . 2011-05-16 13:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 13:07 . 2011-05-15 13:07 -------- d-----w- c:\users\Jan\AppData\Local\Apps
2011-05-11 07:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:33 . 2011-05-18 20:29 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2011-04-27 13:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:14 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 13:00 . 2011-04-26 13:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Reviversoft
2011-04-26 12:59 . 2011-03-16 11:28 16704 ----a-w- c:\windows\system32\roboot.exe
2011-04-26 11:28 . 2011-04-26 11:28 -------- d-----w- c:\programdata\Media Get LLC
2011-04-25 22:20 . 2011-04-25 22:20 -------- d-----w- C:\Temp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 12:58 . 2010-04-19 22:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 12:51 . 2011-04-06 12:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 12:51 . 2011-04-06 12:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 12:51 . 2011-04-06 12:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 12:51 . 2011-04-06 12:51 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 12:51 . 2011-04-06 12:51 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 12:51 . 2011-04-06 12:51 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 12:51 . 2011-04-06 12:51 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 12:51 . 2011-04-06 12:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 12:51 . 2011-04-06 12:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 12:51 . 2011-04-06 12:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 12:51 . 2011-04-06 12:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 12:51 . 2011-04-06 12:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 12:51 . 2011-04-06 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 12:51 . 2011-04-06 12:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 12:51 . 2011-04-06 12:51 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 12:51 . 2011-04-06 12:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 12:51 . 2011-04-06 12:51 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 12:51 . 2011-04-06 12:51 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 12:51 . 2011-04-06 12:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 11:38 . 2010-04-14 10:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-16 08:41 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-16 08:41 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-16 08:41 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 13:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 13:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 13:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 13:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-16 08:41 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-16 08:41 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2006-3-11 270336]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WiFiStation.exe [2008-8-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\system32\DRIVERS\cxavsaud_IBV32.sys [2006-11-02 10368]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ccd8f50d9593;Google Updateservice (gupdate1c9ccd8f50d9593);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
R3 PCIUtil;PCI Utility;c:\users\Jan\AppData\Local\Temp\PCIUtil.sys [x]
R3 utyymtcw;AVZ Kernel Driver;c:\windows\system32\Drivers\utyymtcw.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 udfpt;udfpt; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-23 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-11 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 17:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1783622925-2638716330-3058166797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E559F8D7-0E5D-6498-F750-9B456D0CAA50}*]
"bbonieihmnclcjpeaadihnljobdolabofgcp"=hex:61,61,00,00
"abonieihmnclcjpeaaciepoaenpakljhkl"=hex:61,61,00,00
.
Voltooingstijd: 2011-05-23 17:55:55
ComboFix-quarantined-files.txt 2011-05-23 15:55
ComboFix2.txt 2011-05-22 13:34
.
Pre-Run: 5.273.255.936 bytes beschikbaar
Post-Run: 5.266.657.280 bytes beschikbaar
.
- - End Of File - - 8C8C6FA6327F66F392EA9EC6FF983CF3
  • 0

#29
Render
Posted 23 May 2011 - 04:57 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

RegNull::
[HKEY_USERS\S-1-5-21-1783622925-2638716330-3058166797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E559F8D7-0E5D-6498-F750-9B456D0CAA50}*]

Registry::

Driver::


Save this as CFScript.txt, in the same location as ENG_LANG.exe


Posted Image

Refering to the picture above, drag CFScript into ENG_LANG.exe

When finished, it shall produce a log for you at which I will require in your next reply.
  • 0

#30
wargoat
Posted 24 May 2011 - 02:29 AM

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Done,

I did run into a problem when trying to open my internet explorer, same with google chrome, after the combofix scan. When trying to acces these programs i got the error message: C:\Program Files\Internet Explorer\iexplore.exe
Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Translated in english this should be something like: Illegal operation attempted on a registry key that has been marked for deletion. (google)
When googleing this is found some other people experienced the same problem after using combofix.
I did succeed in opening internet explorer by using 'run as administrator'.
I would of course like to be able to open internet explorer and google chrome again without having to do this 'as administrator'.
In my previous post i also mentioned the PEV.exe file, should i do anything with that?
Thx for all the help so far!

Ok I'm now editing this post: The problem is bigger than only internet explorer or google chrome: I can't open any program without getting the message: Illegal operation attempted on a registry key that has been marked for deletion. I can open programs using 'run as administrator', problem is i don't always get that option, for instance when trying to open a word-document. I'm working on some important things for school now so i really can't have that. Did found a way to get to my word-document by searching one on the internet, downloading it, by doing this microsoft word opens without a problem, and from that document opening the document i need from my laptop. Getting stressed :s

ComboFix 11-05-23.02 - Jan 24/05/2011 10:07:18.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3062.1697 [GMT 2:00]
Gestart vanuit: c:\users\Jan\Desktop\ENG_LANG.exe
gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 ))))))))))))))))))))))))))))))
.
.
2011-05-24 08:13 . 2011-05-24 08:13 -------- d-----w- c:\users\Jan\AppData\Local\temp
2011-05-24 08:13 . 2011-05-24 08:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 08:00 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0162CC0-312F-4C8A-B4F0-10367020E235}\mpengine.dll
2011-05-23 15:43 . 2011-05-23 15:56 -------- d-----w- C:\ENG_LANG
2011-05-23 15:35 . 2011-05-23 15:35 -------- d-----w- c:\program files\Defraggler
2011-05-23 13:57 . 2011-05-23 13:57 -------- d-----w- c:\program files\Speccy
2011-05-22 14:06 . 2011-05-22 14:06 -------- d-----w- c:\program files\WhoCrashed
2011-05-22 13:21 . 2011-05-22 13:34 -------- d-----w- C:\Combo-Fix
2011-05-19 15:58 . 2011-05-19 15:58 -------- d-----w- C:\_OTL
2011-05-16 13:37 . 2011-05-16 13:37 -------- d-----w- c:\users\Jan\AppData\Roaming\Media Player Classic
2011-05-16 13:08 . 2011-05-16 13:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 13:07 . 2011-05-15 13:07 -------- d-----w- c:\users\Jan\AppData\Local\Apps
2011-05-11 07:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 13:33 . 2011-05-18 20:29 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2011-04-27 13:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:14 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 13:00 . 2011-04-26 13:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Reviversoft
2011-04-26 12:59 . 2011-03-16 11:28 16704 ----a-w- c:\windows\system32\roboot.exe
2011-04-26 11:28 . 2011-04-26 11:28 -------- d-----w- c:\programdata\Media Get LLC
2011-04-25 22:20 . 2011-04-25 22:20 -------- d-----w- C:\Temp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 12:58 . 2010-04-19 22:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 12:51 . 2011-04-06 12:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 12:51 . 2011-04-06 12:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 12:51 . 2011-04-06 12:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 12:51 . 2011-04-06 12:51 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 12:51 . 2011-04-06 12:51 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 12:51 . 2011-04-06 12:51 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 12:51 . 2011-04-06 12:51 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 12:51 . 2011-04-06 12:51 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 12:51 . 2011-04-06 12:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 12:51 . 2011-04-06 12:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 12:51 . 2011-04-06 12:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 12:51 . 2011-04-06 12:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 12:51 . 2011-04-06 12:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 12:51 . 2011-04-06 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 12:51 . 2011-04-06 12:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 12:51 . 2011-04-06 12:51 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 12:51 . 2011-04-06 12:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 12:51 . 2011-04-06 12:51 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 12:51 . 2011-04-06 12:51 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 12:51 . 2011-04-06 12:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 11:38 . 2010-04-14 10:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-16 08:41 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-16 08:41 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-16 08:41 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 13:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 13:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 13:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 13:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-16 08:41 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-16 08:41 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2006-3-11 270336]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WiFiStation.exe [2008-8-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\system32\DRIVERS\cxavsaud_IBV32.sys [2006-11-02 10368]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ccd8f50d9593;Google Updateservice (gupdate1c9ccd8f50d9593);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
R3 PCIUtil;PCI Utility;c:\users\Jan\AppData\Local\Temp\PCIUtil.sys [x]
R3 utyymtcw;AVZ Kernel Driver;c:\windows\system32\Drivers\utyymtcw.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 udfpt;udfpt; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 16:53]
.
2011-05-24 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-11 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 10:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2011-05-24 10:15:39
ComboFix-quarantined-files.txt 2011-05-24 08:15
ComboFix2.txt 2011-05-23 15:55
ComboFix3.txt 2011-05-22 13:34
.
Pre-Run: 4.842.569.728 bytes beschikbaar
Post-Run: 4.805.709.824 bytes beschikbaar
.
- - End Of File - - 1B16ACCF742C5F44C07CFF50A84BC977

Edited by wargoat, 24 May 2011 - 03:05 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP