Vista Random Restarts and BSOD

Mystic_Meerkatz · 31-Oct-2011, 11:56 AM #1

Hi, this is my first post, so i'm new here. I am running windows vista home premium 32 bit. I get random BSOD restarts and these can happen from about 20- 180 minutes from the time i boot up the computer. I have Malwarebytes, Superantispyware and IObit Malware Fighter installed, and i managed to run them all once, but just before the scans finished, the programs crashed. I have never been able to start any of the programs again since; every time i try, it just comes up with an error, reading: 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item'. And also, i noticed that my free hard drive space had gone down from 74gb, to 27 gb... i don't know whether that has anything to do with it, but i certainly havnt downloaded anything that size. Thanks

kevinf80 · 31-Oct-2011, 04:55 PM #2

Run the following, copy and paste both logs to your next reply:

Download DDS by sUBs from one of the following links.* Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.* *
When done, DDS will open two (2) logs
* * * * *1. DDS.txt
* * * * *2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.

*
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin

Mystic_Meerkatz · 01-Nov-2011, 01:02 PM #3

Hi Kevin, The scan ran succesfully, and the logs are as follows:

The DDS .txt file contained:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by andrea at 16:50:27 on 2011-11-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1015.244 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\2287287126:2848238199.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k Akamai
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Pavilion&pf=desktop
mSearchAssistant =
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.7\iobitToolbarIE.dll
uURLSearchHooks: H - No File
uWinlogon: Shell=c:\users\andrea\appdata\local\563b5588\X
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.7\iobitToolbarIE.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hyperionics db toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyperionics db toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.7\iobitToolbarIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Facebook Update] "c:\users\andrea\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [0Y4Y3X5Y6DUXWU2WBBXNI] c:\cadat.bin\061327E16B1.exe /q
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{591E5CB6-BA0C-4CFD-9592-9641189BA0A3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F051EF43-EFF3-44CB-9141-0DEE6AD6868F} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\application data\mozilla\firefox\profiles\zmkl9zob.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\andrea\appdata\local\facebook\video\skype\npFacebookVideoCalling.d ll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080305.002\IDSvix86 .sys [2008-3-6 261680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-10-1 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-1 21504]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2011-9-15 464384]
R3 SAAVideo;% SAADriver%;c:\windows\system32\drivers\SAAVideo.sys [2010-4-9 26624]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-9-27 745880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f356f95a1633;Google Update Service (gupdate1c9f356f95a1633);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-10-29 820568]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-10-29 18768]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-10-29 30600]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-5-30 1251720]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-10-29 19792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-11-01 16:45:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f045b0f-be4a-4275-af1b-0baf5ebeca13}\offreg.dll
2011-11-01 16:45:53 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f045b0f-be4a-4275-af1b-0baf5ebeca13}\mpengine.dll
2011-10-30 00:18:45 -------- d-----w- c:\program files\MAXON
2011-10-29 22:31:04 -------- d-----w- c:\program files\facemoods.com
2011-10-29 22:30:28 -------- d-----w- c:\programdata\Premium
2011-10-29 22:30:24 -------- d-----w- c:\programdata\InstallMate
2011-10-26 22:31:51 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.Z...Z.ZZ..Z.Z
2011-10-26 21:54:52 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZ.Z.Z..Z.ZZ
2011-10-26 21:19:14 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZZZ..Z.ZZZ.Z
2011-10-26 10:44:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-25 22:15:06 -------- d-sh--w- c:\users\andrea\appdata\local\563b5588
2011-10-23 20:02:49 -------- d-----w- c:\programdata\MAGIX
2011-10-23 20:02:46 -------- d-----w- c:\program files\common files\MAGIX Services
2011-10-23 13:29:07 -------- d-----w- C:\tmp
2011-10-23 12:28:24 -------- d-----w- c:\users\andrea\.thumbnails
2011-10-23 11:50:32 -------- d-----w- c:\program files\ExperimentalScene
2011-10-13 20:58:54 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 20:58:54 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 20:58:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 20:58:54 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 19:31:11 -------- d-----w- c:\program files\Application Updater
2011-10-12 19:31:10 -------- d-----w- c:\program files\IObit Toolbar
2011-10-12 08:01:33 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 08:01:33 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 08:01:33 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:01:32 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 08:01:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-11 13:38:50 -------- d-----w- C:\a67c1eef30df046e9b42b9b0661c44
2011-10-10 16:05:31 -------- d-----w- c:\program files\Sony
2011-10-09 20:47:34 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-10-09 20:47:16 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-10-09 20:45:29 -------- d-----w- c:\windows\system32\RsFx
2011-10-09 20:44:20 -------- d-----w- c:\windows\system32\1033
2011-10-09 20:38:58 -------- d-----w- c:\program files\Microsoft SQL Server
2011-10-09 20:38:24 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-09 20:37:23 181728 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-10-09 20:34:41 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-10-09 20:34:41 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-10-09 10:11:49 -------- d-----w- c:\users\andrea\appdata\local\GameTuts
2011-10-04 19:34:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-04 19:34:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-02 20:36:50 -------- d-----w- c:\program files\common files\Solveig Multimedia
.
==================== Find3M ====================
.
2011-10-23 16:07:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:53:30.97 ===============

The Attach .txt file contained:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/10/2007 22:51:12
System Uptime: 01/11/2011 16:32:58 (0 hours ago)
.
Motherboard: ECS | | Livermore8
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 26.288 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.954 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Any Video Converter 3.2.3
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AV
Bing Bar Platform
BitTorrent
BT Broadband Desktop Help
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
BufferChm
ccCommon
D1400
D1400_Help
D3DX10
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Facebook Video Calling 1.0.0.8714
Facemoods Toolbar
Free Audio Converter version 2.3.2.804
Free RAR Extract Frog
Game Booster
GameSpy Arcade
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Feedback
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Update
HPAsset component for HP Active Support Library
HPSSupply
HyperCam 3
Hyperionics DB Toolbar
Intel(R) Graphics Media Accelerator Driver
Internet From BT
IObit Malware Fighter
IObit Toolbar v4.7
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
LightScribe 1.8.15.1
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Media Video 9 VCM
Microsoft Works
Mozilla Firefox 7.0.1 (x86 en-GB)
MSRedist
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton PC Checkup
Norton Protection Center
OGA Notifier 2.0.0048.0
Pando Media Booster
PanoStandAlone
PC MightyMax 2011
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Smart Menus (Windows Live Toolbar)
SPBBC 32bit
Sql Server Customer Experience Improvement Program
Status
Steam
swMSM
Symantec Real Time Storage Protection Component
SymNet
Text-To-Speech-Runtime
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 10.0
VideoToolkit01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Youtube Downloader HD v. 2.6
.
==== Event Viewer Messages From Past Week ========
.
31/10/2011 22:26:32, Error: EventLog [6008] - The previous system shutdown at 22:25:26 on 31/10/2011 was unexpected.
31/10/2011 15:37:20, Error: EventLog [6008] - The previous system shutdown at 15:35:20 on 31/10/2011 was unexpected.
30/10/2011 18:47:11, Error: EventLog [6008] - The previous system shutdown at 18:45:40 on 30/10/2011 was unexpected.
30/10/2011 18:14:51, Error: Service Control Manager [7034] - The FABS - Helping agent for MAGIX media database service terminated unexpectedly. It has done this 1 time(s).
30/10/2011 11:26:20, Error: EventLog [6008] - The previous system shutdown at 05:05:47 on 30/10/2011 was unexpected.
30/10/2011 03:03:45, Error: EventLog [6008] - The previous system shutdown at 02:43:08 on 30/10/2011 was unexpected.
30/10/2011 03:03:38, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
30/10/2011 03:03:24, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
29/10/2011 22:33:04, Error: EventLog [6008] - The previous system shutdown at 22:31:40 on 29/10/2011 was unexpected.
29/10/2011 19:02:09, Error: EventLog [6008] - The previous system shutdown at 18:59:48 on 29/10/2011 was unexpected.
27/10/2011 11:48:55, Error: EventLog [6008] - The previous system shutdown at 23:52:12 on 26/10/2011 was unexpected.
26/10/2011 22:57:39, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
26/10/2011 22:51:10, Error: EventLog [6008] - The previous system shutdown at 22:48:37 on 26/10/2011 was unexpected.
26/10/2011 22:15:36, Error: EventLog [6008] - The previous system shutdown at 14:17:53 on 26/10/2011 was unexpected.
26/10/2011 14:16:53, Error: EventLog [6008] - The previous system shutdown at 14:14:21 on 26/10/2011 was unexpected.
26/10/2011 11:19:47, Error: EventLog [6008] - The previous system shutdown at 11:17:54 on 26/10/2011 was unexpected.
26/10/2011 10:18:54, Error: EventLog [6008] - The previous system shutdown at 10:17:12 on 26/10/2011 was unexpected.
26/10/2011 02:23:43, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...hreatid=166941 Scan ID: {D25BD33C-0A7C-484F-A108-BD02B507AA99} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/Sirefef.O ID: 166941 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508017 Error description: Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.
01/11/2011 16:36:45, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2011 16:36:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server VSS Writer service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Updater service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
01/11/2011 16:34:59, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2011 16:34:59, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2011 16:34:59, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2011 16:34:59, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2011 16:33:27, Error: EventLog [6008] - The previous system shutdown at 16:31:57 on 01/11/2011 was unexpected.
01/11/2011 16:23:57, Error: EventLog [6008] - The previous system shutdown at 16:20:51 on 01/11/2011 was unexpected.
.
==== End Of File ===========================

Thanks

Chris

kevinf80 · 04:15 PM

Hiya Chris,

You have zeroaccess rootkit infection, do the following :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Mystic_Meerkatz · 01-Nov-2011, 03:14 PM #5

Ok, i did all of that, and Firefox doesnt seem to be freezing constantly like it did before! My computer had to restart because a rootkit was detected, but after the whole process had complted, no log was shown. What to do?

Thanks again

Chris

kevinf80 · 01-Nov-2011, 04:14 PM #6

Hiya Chris,

Apologies, I gave two sets of instructions for running Combofix. Did you use both or only the first one. If Combofix completed successfully the log will be here C:\Combofix.txt

Select > Start > Computer > double click on C:\ and you should see Combofix.txt you may have to scroll to it...

Mystic_Meerkatz · 01-Nov-2011, 04:41 PM #7

Hi Kevin,

I only used the first set of instructions, and i have looks in C:\ But Failed to find the Combofix.txt file. I found 2 folders: Gotcha.exe, and Gotcha.exe15507G. But neither of these contain the log either. What should i do now?

Chris

kevinf80 · 01-Nov-2011, 04:51 PM #8

Is this folder present C:\Qoobox have a look in there. Also if Combofix-Quarantine-files.txt is in there let me see that.

Mystic_Meerkatz · 01-Nov-2011, 08:03 PM #9

There is a folder called Qoobox, and i have looked through all of its contents and the only .txt file that is in there, is one called catchme.txt. Otherwise, nothing.

Thanks

Chris

kevinf80 · 01-Nov-2011, 08:07 PM **#10**

Re-run Combofix, if it prompts to update allow it. Post the log if produced....

Mystic_Meerkatz · 02-Nov-2011, 04:37 PM **#11**

Ok, i re ran combofix, i did get a log this time, but some serious problems have come with it. It will not let me open or run anything, whether its Google Chrome, Control Panel or ANYTHING. i cant run it. Also, it wont let me use my keyboard at all. i had to use the on screen keyboard just to login!. i am sending this message via my laptop, so there is no way i could give you the log, unless i sat there for hours copying it all out. but i can tell you, that when i click on something to run it, it comes up with an error. For example, i double click google chrome on my desktop, and this error appeares: C:\Users\chris\AppData\Local\Google\Chrome\Application\chrome.exe

Illegal operation attempted on a registry key that has been marked for deletion.

Any ideas?

Chris

kevinf80 · 02-Nov-2011, 04:47 PM **#12**

Did you see this in the instructions for running CF?

If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Re-boot and give an update on issues

Mystic_Meerkatz · 02-Nov-2011, 04:51 PM **#13**

Ah, ok. i did see a warning, but not that one. Ill try restarting now.

Thanks

Mystic_Meerkatz · 02-Nov-2011, 05:00 PM **#14**

Ok, i have restarted my conputer. I was still unable to use my keyboard, and for some reason, my desktop background has been changed to one that i had Around a year and a half ago. It will now let me run things, but as i said, i cannot type using my keyboard. I have searched for the log and have again, failed to find it. I did find 2 more .txt files that werbt there before, in the Quoobox folder. they are named 'Add-Remove Programs' and 'Combofix-quarantined-files'

kevinf80 · 02-Nov-2011, 05:09 PM **#15**

Unplug your Keyboard from the PC and reboot. When Desktop is stable plug Keyboard back in, does windows see it and attribute driver? does it now work.
Let me see the two text files you mentioned if possible....

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Vista Random Restarts and BSOD

Find the solution to your computer problem!

Find the solution to your
computer problem!