1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

windows not starting--possible infection

Discussion in 'Virus & Other Malware Removal' started by karkalec, Nov 8, 2011.

Thread Status:
Not open for further replies.
  1. karkalec

    karkalec Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    1
    I'm running Windows 7 Home Premium SP1 on a Dell Desktop, dual core Pentium 2.4 ghz. Yesterday it started freezing and I got a Windows error message about my Nvidia drivers, then a BSOD. Restarted ok after that. This morning when I attempted to start it up it started but on the bootup screen there were little blue dots all over the normally black background on the initial bootup page, and on the next bootup screen little white exclamation marks all over it. I am also seeing typos in the menus on the screen, "Use!Up/Eown asrows to highlight desired item." for example. Then the bootup froze. I attempted a hard restart and it booted into Startup repair automatically which failed before the screen simply turned grey. Now I can't get it to start at all except in safe mode. I have uninstalled and reinstalled video, also run system file checker from install disc and it found nothing.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:44:46 PM, on 11/8/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Justin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tffgwannabe.league.fantasy.nfl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 6227 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Justin at 15:45:17 on 2011-11-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2379 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://tffgwannabe.league.fantasy.nfl.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [GrpConv] grpconv -o
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    TCP: Interfaces\{59EA9BCB-53A0-48EB-ACB8-3A89DC130BBD} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: acaptuser32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\gsgggaiz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - component: c:\users\justin\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\justin\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-26 16184]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-8-4 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-8-4 744568]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-6-8 752128]
    S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
    S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111025.030\IDSvix86.sys [2011-10-26 368248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-8-4 136312]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-8-4 299640]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-10 3246040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-8-1 89376]
    S2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-8-4 130008]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2253120]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-14 381248]
    S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-10 167968]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-4 105592]
    S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [2009-2-8 99968]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-24 52224]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-16 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-11-06 14:49:52 -------- d-----w- c:\program files\SpeedFan
    2011-11-06 14:21:10 -------- d-----w- c:\users\justin\appdata\local\ElevatedDiagnostics
    2011-11-05 18:53:54 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-11-04 22:41:18 -------- d-----w- c:\program files\Techland
    2011-10-27 00:20:24 -------- d-----w- c:\users\justin\appdata\roaming\Ashampoo
    2011-10-27 00:20:17 -------- d-----w- c:\users\justin\appdata\local\ashampoo
    2011-10-27 00:20:17 -------- d-----w- c:\programdata\ashampoo
    2011-10-27 00:20:01 -------- d-----w- c:\program files\Ashampoo
    2011-10-25 22:58:27 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-25 22:58:27 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-25 22:58:27 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-25 22:58:27 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-25 22:58:27 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-10-25 22:58:27 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-25 22:58:27 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-10-25 22:58:27 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-10-17 20:25:58 -------- d-----w- c:\program files\iTunes
    2011-10-17 20:25:58 -------- d-----w- c:\program files\iPod
    2011-10-17 20:24:09 -------- d-----w- c:\program files\Bonjour
    2011-10-15 04:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
    2011-10-11 20:36:08 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-11 20:36:08 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-11 20:36:07 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-11 20:36:07 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-11 20:36:01 2334720 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-06 14:37:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-15 08:53:00 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-10-15 08:53:00 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-10-15 08:53:00 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53:00 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-10 23:10:58 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-08-10 23:10:54 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-08-10 23:10:53 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-08-10 23:10:49 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
    .
    ============= FINISH: 15:45:27.35 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-08 16:14:50
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 WDC_WD15 rev.04.0
    Running: k2tkpfvo.exe; Driver: C:\Users\Justin\AppData\Local\Temp\pxdiqpow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x01 \??\C:\Users\Justin\AppData\Local\Temp\mbr.sys 9865EC42

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 81A40349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A79D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\Justin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[508] USER32.dll!SetWindowLongA 76288BA3 5 Bytes JMP 6C30E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[508] USER32.dll!SetWindowLongW 76294449 5 Bytes JMP 6C30E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[508] USER32.dll!GetWindowInfo 76294B5E 5 Bytes JMP 6C0C89A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[508] USER32.dll!TrackPopupMenu 762A2228 5 Bytes JMP 6C0C8F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1684] ntdll.dll!LdrLoadDll 77A922B8 5 Bytes JMP 6BF4FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

    Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026027

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice