Windows loads PC Reboots or Blue Screens

[squishyj]

Win XP Pro SP 3 this resulted from a download. File was not detected as a virus, but when executed, behavior began. Windows loads, or partially loads, and after approx 45 seconds, the machine restarts. If in safe mode I select disable autostart after system failure I get BSOD with the stop error of 0x0000008Ex0XAD590B8Ax0XAA2A57E8x0x00000000

Last known good configuration fails. Ran chkdsk /r and while errors were found, no change in boot.


DDS (Version 1.0) - NTFSx86 MINIMAL
Run by at 14:57:22.60 on Sun 12/07/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2804 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jeff S Innis\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.f880.mail.yahoo.com/dc/launch?.rand=3261pnd6ggbff
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [\\Temppc\EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\docume~1\jeffsi~1\locals~1\temp\E_S4.tmp" /EF "HKCU"
mRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 85.255.116.164;85.255.112.131
TCP: {3423E659-ED43-4C3E-879F-11AC5A021583} = 85.255.116.164;85.255.112.131
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-5 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-5 26824]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-4-6 127768]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-10 394952]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-5 231704]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys [2007-8-3 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-3-16 47640]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-12-19 37376]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-8-3 12192]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S4 LMIRfsClientNP;LMIRfsClientNP; []

=============== Created Last 30 ================

2008-12-07 14:21 <DIR> --d----- c:\windows\system32\xircom
2008-12-07 14:12 1,508 a------- c:\windows\system32\tmp.reg
2008-12-07 14:01 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-12-07 13:59 <DIR> --d----- c:\windows\ERUNT
2008-12-07 09:15 27,904 a------- c:\windows\system32\drivers\Ndisprot.sys
2008-12-07 08:24 <DIR> --d----- c:\docume~1\jeffsi~1\applic~1\Nuance
2008-12-07 08:21 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2008-12-07 08:21 <DIR> --d----- c:\program files\common files\Nuance
2008-12-07 08:21 <DIR> --d----- c:\program files\Nuance
2008-12-07 08:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nuance
2008-12-07 08:20 <DIR> --d----- c:\windows\speech
2008-12-04 17:52 <DIR> --d----- c:\program files\MSECache
2008-11-17 14:51 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-17 14:51 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2008-11-07 22:38 44 a------- c:\windows\EPWF500.ini

==================== Find3M ====================

2008-12-07 13:46 289,144 a------- c:\windows\system32\VCCLSID.exe
2008-12-07 13:46 25,600 a------- c:\windows\system32\WS2Fix.exe
2008-12-07 13:46 87,552 a------- c:\windows\system32\VACFix.exe
2008-12-07 13:46 79,360 a------- c:\windows\system32\swxcacls.exe
2008-12-07 13:46 288,417 a------- c:\windows\system32\SrchSTS.exe
2008-12-07 13:46 135,168 a------- c:\windows\system32\swreg.exe
2008-12-07 13:46 53,248 a------- c:\windows\system32\Process.exe
2008-12-07 13:46 82,944 a------- c:\windows\system32\o4Patch.exe
2008-12-07 13:46 82,944 a------- c:\windows\system32\IEDFix.exe
2008-12-07 13:46 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-12-07 13:46 82,432 a------- c:\windows\system32\404Fix.exe
2008-12-07 13:46 51,200 a------- c:\windows\system32\dumphive.exe
2008-12-07 09:17 103,307,296 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-07 09:17 1,219,016 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 21:49 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 21:49 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-17 21:49 87,352 a------- c:\windows\system32\LMIinit.dll
2008-10-17 21:49 28,984 a------- c:\windows\system32\LMIport.dll
2008-10-17 21:49 23,736 a------- c:\windows\system32\lmimirr.dll
2008-10-17 21:49 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-11 21:51 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-03-14 16:34 87,608 a------- c:\docume~1\jeffsi~1\applic~1\inst.exe
2008-03-14 16:34 47,360 a------- c:\docume~1\jeffsi~1\applic~1\pcouffin.sys
2006-06-23 17:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-03-14 15:27 163 a--shr-- c:\windows\Regbak.dat

============= FINISH: 14:57:55.12 ===============

Been a while since I've been here, I hope I have done this properly. Please let me know if you need additional information.

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/321200-windows-loads-pc-reboots-blue-screens.html
Driver::
msqpdxserv.sys
Collect::
C:\Windows\system32\drivers\msqpdxrfdtedwv.sys
C:\Windows\system32\msqpdxfvfepuaq.dll
Registry::
[-HKEY_CLASSES_ROOT\msqpdxvx]

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

[squishyj]

as requested.......


ComboFix 08-12-07.01 - Administrator 2008-12-08 10:47:52.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2799 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff S Innis\Application Data\inst.exe
c:\documents and settings\Jeff S Innis\Favorites\Online Security Guide.lnk
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\windows\system32\drivers\msqpdxrfdtedwv.sys
c:\windows\system32\msqpdxfvfepuaq.dll
D:\resycled
d:\resycled\boot.com
e:\recycler\AnyDVD & HD v.6.1.9.3 + Crack [App][www.zonatorrent.com].rar
e:\recycler\AnyDVD.HD.v6.1.9.3.FiNAL.Cracked-RESURRECTiON.zip
e:\recycler\AVS Video Converter 4.lnk
e:\recycler\AVS Video Tools 5.1 Full by ALCapone.zip
e:\recycler\AVS Video Tools 5.1.rar
e:\recycler\AVS Video Tools 5.1Full + crack 100%.rar
e:\recycler\AVS Video Tools 5.1Full+crack.zip
e:\recycler\AVS Video Tools.lnk
e:\recycler\AVSCAN-20071102.LOG
e:\recycler\AVSVideoConverter.exe
e:\recycler\CloneDVD 2.9.1.2.rar
e:\recycler\Desktop_Software_v4.2_SP2_(English).exe
e:\recycler\dvdshrink32setup.zip
e:\recycler\Nero-8.1.1.0_eng_trial_wch.exe
e:\recycler\SetupAnyDVD6193.exe
e:\recycler\SetupCloneDVD2912Slysoft.exe
e:\recycler\vsoConvertXtoDVD2_setup.exe
e:\recycler\WinZip_11.1_Build_7466 (Works great per Jeff).rar
e:\recycler\wrar371.exe
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-08 10:44 . 2008-12-08 10:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2008-12-07 14:59 . 2008-12-07 15:07 250 --a------ c:\windows\gmer.ini
2008-12-07 14:21 . 2008-12-07 14:21 <DIR> d-------- c:\windows\system32\xircom
2008-12-07 14:21 . 2008-12-07 14:21 <DIR> d-------- c:\program files\microsoft frontpage
2008-12-07 14:12 . 2008-12-07 14:17 1,508 --a------ c:\windows\system32\tmp.reg
2008-12-07 14:01 . 2008-12-07 14:01 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-07 13:59 . 2008-12-07 14:00 <DIR> d-------- c:\windows\ERUNT
2008-12-07 13:53 . 2008-12-07 13:46 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-07 13:53 . 2008-12-07 13:46 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-07 13:53 . 2008-12-07 13:46 87,552 --a------ c:\windows\system32\VACFix.exe
2008-12-07 13:53 . 2008-12-07 13:46 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-12-07 13:53 . 2008-12-07 13:46 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-07 13:53 . 2008-12-07 13:46 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-12-07 13:53 . 2008-12-07 13:46 82,432 --a------ c:\windows\system32\404Fix.exe
2008-12-07 13:53 . 2008-12-07 13:46 53,248 --a------ c:\windows\system32\Process.exe
2008-12-07 13:53 . 2008-12-07 13:46 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-07 13:53 . 2008-12-07 13:46 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-12-07 09:15 . 2008-12-07 09:15 41,984 --a------ c:\windows\system32\msqpdxnerohrgi.dll
2008-12-07 09:15 . 2008-12-07 09:15 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-07 08:25 . 2008-12-07 09:26 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 08:24 . 2008-12-07 08:24 <DIR> d-------- c:\documents and settings\Jeff S Innis\Application Data\Nuance
2008-12-07 08:21 . 2008-12-07 08:21 <DIR> d-------- c:\program files\Nuance
2008-12-07 08:21 . 2008-12-07 08:21 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-12-07 08:21 . 2008-12-07 08:21 <DIR> d-------- c:\program files\Common Files\Nuance
2008-12-07 08:21 . 2008-12-07 08:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-07 08:21 . 2008-12-07 08:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nuance
2008-12-07 08:20 . 2008-12-07 08:25 <DIR> d-------- c:\windows\speech
2008-12-04 17:52 . 2008-12-04 17:52 <DIR> d-------- c:\program files\MSECache
2008-11-17 14:51 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-17 14:51 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 15:37 --------- d-----w c:\program files\LogMeIn
2008-12-07 14:17 103,307,296 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-07 14:17 1,219,016 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-07 14:16 --------- d-----w c:\documents and settings\Jeff S Innis\Application Data\uTorrent
2008-11-09 01:27 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-11-08 03:46 --------- d-----w c:\documents and settings\Jeff S Innis\Application Data\Leadertech
2008-11-08 03:40 --------- d-----w c:\documents and settings\Jeff S Innis\Application Data\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 22:39 --------- d-----w c:\documents and settings\Jeff S Innis\Application Data\Vso
2008-10-18 02:49 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-17 19:27 --------- d-----w c:\program files\PokerStars
2008-10-16 16:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 16:48 --------- d-----w c:\program files\D-Link
2008-10-16 16:48 --------- d-----w c:\program files\ANI
2008-10-12 02:51 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-03-14 21:34 47,360 ----a-w c:\documents and settings\Jeff S Innis\Application Data\pcouffin.sys
2008-03-14 20:27 163 --sha-r c:\windows\Regbak.dat
.

------- Sigcheck -------

2007-12-23 10:10 361344 9a1c4c386789b9e0663635e157ebacfb c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-03-20 459264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 21:49 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58581:TCP"= 58581:TCP:uTorrent
"58581:UDP"= 58581:UDP:uTorrent
"48481:TCP"= 48481:TCP:Limewire
"48481:UDP"= 48481:UDP:Limewire

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-05 97928]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 231704]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-08-03 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-03-16 47640]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2007-12-19 37376]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2007-08-03 12192]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 10:56:01
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxrfdtedwv.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2008-12-08 10:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 15:59:55

Pre-Run: 303,472,988,160 bytes free
Post-Run: 303,448,502,272 bytes free

164 --- E O F --- 2008-11-22 05:50:54

[sUBs]

Did ComboFix ask you to submit some files? If so, have you done so?

[squishyj]

No sir, it did not.....

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/321200-windows-loads-pc-reboots-blue-screens.html
File::
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Process.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\drivers\Ndisprot.sys
Collect::
c:\windows\system32\msqpdxnerohrgi.dll
Driver::
Ndisprot

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include fresh logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[sUBs]

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.