Two Blue Screens

Chivi · 01-17-2009, 10:26 PM

Details:
I got this from my other thread.... located at

Two Blue Screens

I claimed that I would go into the recovery console... but I couldn't find my XP disk.

"ok, so three days ago, I was scanning my computer using malwarebyte anti-spyware

all was going well, I removed about 26 malwares

and I went into safe mode to remove more spywares

then when I went back in by booting the pc normally, I was doing some activities (which, I'm not very sure what it is anymore.... since it happened three days ago) and all of a sudden I get an error like this:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you’ve seen this stop error screen,
Restart your computer. If this screen appears again, follow these
Steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problem continue, disable or remove installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer. Press F8 to select advanced startup options, and then select Safe Mode.

Technical Information:

*** STOP: 0x00000050 (0xE4AE2000,0x000000000,0xBA10D8D6,0x00000001)

Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator or technical support group for futher assistance"

of course, I freaked out and restarted my pc and tested to see if it happened again.... and it happened; moreover it happened about 10 minutes after I started doing my things. I decided to go into safe mode to scan my computer.. Malwarebytes anti-spyware got me nothing... and AVG anti-virus just stopped running without telling me.

I have tried going into safe mode to run memory tests and those types... but I didn't get any of them to work properly (I'm not very good when it comes to these applications)

so, yesterday... I attempted to try fixing my pc again and the error popped up again.
as fed up as I was about the error, I decided to leave the screen on and copied the whole entire error. After that I restarted my pc.. and it got a blue screen this time right after the windows xp loading screen. I got the error saying:
"STOP: 0x0000008E (0xC0000005,0xBA10D8D6, 0xBA2E7BF8. 0x0000000)"
I was scared that my computer had gotten the blue screen of death
so I entered safe mode and the computer got in fine; however, I was now afraid of trying to fix the problem by myself and decided to go to a forum full of people who knows what they're doing.

thanks for listening to my situation, I would really appreciate it if someone helped me out"

also, I got my DDS and Attach files in Safe mode... since when I tried it on normal XP the computer got the blue screen of 0x00000050. I also didn't know which program had a script blocker on it

LOG:

DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Administrator at 23:59:29.84 on 01/17/2009 Sat
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2047.1770 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.FAMILY.001\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: UIHost=vistaui.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: {6b5fdd97-7916-433d-8822-cf53d73edba7} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {D45E5D27-CC58-4F09-A6BC-01064000F5C2} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\ahead\lib\NMFirstStart.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
AppInit_DLLs: c:\windows\system32\jihizeda.dll,c:\windows\system32\pefedamu.dll,c:\windows\system32\dadiwewa.dll dgqaqp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\jihizeda.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.001\applic~1\mozilla\firefox\profiles\en2pik1g.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

============= SERVICES / DRIVERS ===============

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-17 38656]
S0 cuqdl;cuqdl;c:\windows\system32\drivers\ddbcijbs.sys --> c:\windows\system32\drivers\ddbcijbs.sys [?]
S0 irzxqmkz;irzxqmkz;c:\windows\system32\drivers\lwhczqar.sys []
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe" --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-11-15 16512]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\rohan\gameguard\dump_wmimmc.sys --> c:\rohan\gameguard\dump_wmimmc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-17 99376]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090117.021\NAVENG.SYS [2009-1-17 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090117.021\NAVEX15.SYS [2009-1-17 876112]
S3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-1-4 2048]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-17 1251720]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-17 18:11 206,492 a------- c:\windows\system32\nvapps.xml
2009-01-17 18:11 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-17 18:11 18,725 a------- c:\windows\system32\nvdisp.nvu
2009-01-17 18:10 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-17 15:28 <DIR> --d----- c:\program files\Norton AntiVirus
2009-01-17 15:27 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-17 15:27 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-17 15:27 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-17 15:27 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-14 19:32 <DIR> --ds---- c:\documents and settings\administrator.family.001\UserData
2009-01-14 16:17 1 a------- c:\windows\system32\uniq.tll
2009-01-14 16:17 1 a------- c:\windows\system32\test.ttt
2009-01-14 16:17 24,064 a------- c:\windows\system32\pcload.exe
2009-01-14 16:07 2,204 a------- c:\windows\irzxqmkz
2009-01-14 15:59 0 a------- c:\windows\system32\drivers\senekarbqibava.sys
2009-01-10 22:25 33 a------- c:\windows\LVMMail.INI
2009-01-10 22:05 77,824 a------- c:\windows\system32\lvcoinst.dll
2009-01-10 22:05 14,938 a------- c:\windows\system32\lvcoinst.ini
2009-01-10 22:05 12,112 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-01-10 22:05 327,680 a------- c:\windows\system32\LVUI2RC.dll
2009-01-10 22:05 122,880 a------- c:\windows\system32\LVUI2.dll
2009-01-10 22:05 57,344 a------- c:\windows\system32\LVComC.dll
2009-01-10 22:05 472,332 a------- c:\windows\system32\drivers\lvcm.sys
2009-01-10 22:05 172,032 a------- c:\windows\system32\lvcodec2.dll
2009-01-10 22:05 135,214 a------- c:\windows\system32\LVComS.exe
2009-01-10 22:04 <DIR> --d----- c:\program files\common files\Logitech
2009-01-10 22:04 244 a------- c:\windows\_delis32.ini
2009-01-10 22:04 36,864 a----r-- c:\windows\system32\AthUnIns.exe
2009-01-10 01:47 <DIR> --d----- c:\program files\NitroPlus
2009-01-08 18:10 257 a------- c:\windows\system32\BDUpdateV1.xml
2009-01-08 17:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-08 17:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 17:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 16:22 <DIR> --d----- c:\program files\BitDefender
2009-01-07 15:41 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-04 17:46 19,968 a------- c:\windows\system32\portio32.dll
2009-01-04 17:46 2,048 a------- c:\windows\system32\drivers\portio32.sys
2009-01-04 17:46 135 a------- c:\windows\yehal
2009-01-04 03:35 <DIR> --d----- c:\program files\EcoleSoftware
2009-01-02 23:02 <DIR> --d----- c:\docume~1\admini~1.001\applic~1\Malwarebytes
2009-01-02 23:00 <DIR> --d----- c:\documents and settings\administrator.family.001\Contacts
2009-01-02 22:13 98,304 a------- c:\windows\DUMP7270.tmp
2009-01-02 22:13 98,304 a------- c:\windows\DUMP689d.tmp
2008-12-31 19:39 <DIR> --d----- c:\program files\NCH Software
2008-12-23 21:18 <DIR> --d----- c:\program files\Will
2008-12-19 18:28 <DIR> --d----- C:\ai sp@ce

==================== Find3M ====================

2009-01-14 20:16 4,066 a------- c:\windows\system32\tmp.reg
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-10 02:22 4,182 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-06-05 17:37 6,190 a------- c:\program files\INSTALL.LOG

============= FINISH: 23:59:49.59 ===============

Billy O'Neal · 01-18-2009, 06:38 PM

Hello, Chivi
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply, please include the following:
ComboFix.txt

BillyIII

Chivi · 01-18-2009, 07:10 PM

sorry about this, but I am having troubles exiting norton.... the program doesn't have an exit button; and I can't find the name of the program (uiStub2.exe) in the processes section of my task manager

Billy O'Neal · 01-18-2009, 07:18 PM

See this topic for instrucitons on disabling your AV:
http://www.bleepingcomputer.com/forums/topic114351.html

Billy3

Chivi · 01-18-2009, 07:38 PM

At the beginning, MSN messenger opened itself up... I feel that I need to tell you that (incase something went wrong)

ComboFix 09-01-18.01 - d 2009-01-18 21:28:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.1.1033.18.2047.1508 [GMT -5:00]
Running from: c:\documents and settings\d\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\senekarbqibava.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\kmd.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\uyiglupq.job

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-17 19:28 . 2009-01-17 19:28 <DIR> d-------- c:\documents and settings\d\Application Data\vlc
2009-01-17 18:11 . 2008-12-26 00:08 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-01-17 18:11 . 2009-01-18 21:32 206,492 --a------ c:\windows\system32\nvapps.xml
2009-01-17 18:11 . 2008-12-26 00:08 18,725 --a------ c:\windows\system32\nvdisp.nvu
2009-01-17 18:10 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-17 15:28 . 2009-01-17 15:28 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-17 15:28 . 2009-01-17 15:45 <DIR> d-------- c:\program files\Norton AntiVirus
2009-01-17 15:27 . 2009-01-17 15:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-17 15:27 . 2009-01-17 15:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-17 15:27 . 2009-01-17 15:40 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-17 15:27 . 2009-01-17 15:40 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-14 19:57 . 2009-01-14 19:57 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Application Data\ImgBurn
2009-01-14 19:32 . 2009-01-14 19:32 <DIR> d---s---- c:\documents and settings\Administrator.FAMILY.001\UserData
2009-01-14 16:17 . 2009-01-14 16:17 24,064 --a------ c:\windows\system32\pcload.exe
2009-01-14 16:07 . 2009-01-18 21:31 2,204 --a------ c:\windows\irzxqmkz
2009-01-13 23:19 . 2009-01-14 15:51 <DIR> d-------- c:\documents and settings\d\Application Data\Download Manager
2009-01-10 22:25 . 2009-01-10 22:25 33 --a------ c:\windows\LVMMail.INI
2009-01-10 22:05 . 2003-06-26 22:05 472,332 --a------ c:\windows\system32\drivers\lvcm.sys
2009-01-10 22:05 . 2003-06-26 22:12 327,680 --a------ c:\windows\system32\LVUI2RC.dll
2009-01-10 22:05 . 2003-06-26 22:11 172,032 --a------ c:\windows\system32\lvcodec2.dll
2009-01-10 22:05 . 2003-06-26 22:09 135,214 --a------ c:\windows\system32\LVComS.exe
2009-01-10 22:05 . 2003-06-26 22:11 122,880 --a------ c:\windows\system32\LVUI2.dll
2009-01-10 22:05 . 2003-06-26 22:14 77,824 --a------ c:\windows\system32\lvcoinst.dll
2009-01-10 22:05 . 2003-06-26 22:10 57,344 --a------ c:\windows\system32\LVComC.dll
2009-01-10 22:05 . 2003-06-26 21:40 14,938 --a------ c:\windows\system32\lvcoinst.ini
2009-01-10 22:05 . 2003-06-26 22:03 12,112 --a------ c:\windows\system32\drivers\LVUSBSta.sys
2009-01-10 22:04 . 2009-01-10 22:04 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-10 22:04 . 2003-05-20 17:02 36,864 -ra------ c:\windows\system32\AthUnIns.exe
2009-01-10 22:04 . 2009-01-10 22:04 244 --a------ c:\windows\_delis32.ini
2009-01-10 22:03 . 2009-01-10 22:03 <DIR> d-------- c:\program files\Logitech
2009-01-10 01:47 . 2009-01-10 01:47 <DIR> d-------- c:\program files\NitroPlus
2009-01-08 18:10 . 2009-01-08 18:10 257 --a------ c:\windows\system32\BDUpdateV1.xml
2009-01-08 17:19 . 2009-01-17 18:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 17:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 17:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 16:22 . 2009-01-08 16:22 <DIR> d-------- c:\program files\BitDefender
2009-01-07 15:41 . 2009-01-07 15:41 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-06 16:52 . 2009-01-06 16:52 <DIR> d-------- c:\documents and settings\d\Application Data\SummitSoft
2009-01-04 17:46 . 2009-01-04 17:46 19,968 --a------ c:\windows\system32\portio32.dll
2009-01-04 17:46 . 2009-01-04 17:46 2,048 --a------ c:\windows\system32\drivers\portio32.sys
2009-01-04 17:46 . 2009-01-04 17:47 135 --a------ c:\windows\yehal
2009-01-04 03:35 . 2009-01-04 03:35 <DIR> d-------- c:\program files\EcoleSoftware
2009-01-02 23:02 . 2009-01-02 23:02 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Application Data\Malwarebytes
2009-01-02 23:00 . 2009-01-02 23:00 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Contacts
2009-01-02 22:13 . 2009-01-15 18:27 98,304 --a------ c:\windows\DUMP7270.tmp
2009-01-02 22:13 . 2009-01-15 18:26 98,304 --a------ c:\windows\DUMP689d.tmp
2008-12-31 19:40 . 2008-12-31 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-12-31 19:39 . 2008-12-31 21:45 <DIR> d-------- c:\program files\NCH Software
2008-12-31 19:33 . 2008-12-31 19:33 <DIR> d-------- c:\documents and settings\d\Application Data\4Media Software Studio
2008-12-23 21:18 . 2008-12-23 21:18 <DIR> d-------- c:\program files\Will
2008-12-19 18:28 . 2009-01-18 01:18 <DIR> d-------- C:\ai sp@ce

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 02:32 --------- d-----w c:\program files\ViStart
2009-01-19 01:53 --------- d-----w c:\documents and settings\d\Application Data\MegauploadToolbar
2009-01-17 23:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:31 --------- d-----w c:\program files\SpywareBlaster
2009-01-17 23:13 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-17 23:12 --------- d-----w c:\program files\AGEIA Technologies
2009-01-17 20:47 --------- d-----w c:\program files\Project64
2009-01-17 20:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-17 20:40 --------- d-----w c:\program files\Symantec
2009-01-17 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-17 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-15 00:46 --------- d-----w c:\program files\CCleaner
2009-01-10 21:25 --------- d-----w c:\program files\Common Files\BitDefender
2009-01-10 10:27 --------- d-----w c:\program files\Fate
2009-01-10 06:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 01:33 --------- d-----w c:\program files\Panda Security
2009-01-06 21:10 --------- d-----w c:\program files\Kaspersky Lab
2009-01-06 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-04 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-31 02:19 --------- d-----w c:\program files\Common Files\Apple
2008-12-23 02:30 --------- d-----w c:\program files\Tsukihime
2008-12-14 03:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-14 03:28 --------- d-----w c:\program files\QuickTime
2008-12-14 03:28 --------- d-----w c:\program files\Bonjour
2008-12-14 03:27 --------- d-----w c:\program files\Apple Software Update
2008-12-13 03:08 --------- d-----w c:\documents and settings\All Users\Application Data\Megaupload
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 03:09 --------- d-----w c:\program files\Ubisoft
2008-12-11 01:20 --------- d-----w c:\program files\CAPCOM
2008-12-08 04:20 --------- d-----w c:\documents and settings\d\Application Data\Toribash
2008-12-07 05:35 --------- d-----w c:\program files\BestGameEver
2008-11-29 04:57 --------- d-----w c:\documents and settings\d\Application Data\skypePM
2008-11-29 03:36 --------- d-----w c:\program files\Windows Live
2008-11-28 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-28 05:39 --------- d-----w c:\program files\Panasonic
2008-11-28 05:39 --------- d-----w c:\documents and settings\d\Application Data\ANIMO
2008-11-21 20:19 --------- d-----w c:\program files\MegauploadToolbar
2008-11-21 06:48 --------- d-----w c:\program files\Watanabe Productions
2008-11-21 06:26 --------- d-----w c:\program files\渡辺製作所
2008-11-20 04:22 --------- d-----w c:\documents and settings\d\Application Data\Nitroplus
2008-11-10 07:22 4,182 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-02-11 03:00 22,328 ----a-w c:\documents and settings\d\Application Data\PnkBstrK.sys
2004-07-04 05:09 140,800 ----a-w c:\program files\mozilla firefox\plugins\al2np.dll
2008-10-30 22:34 39,424 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 15:44 1947080 --a------ c:\progra~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-26 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-01-14 1273488]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\d\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
PowerReg Scheduler.exe [2008-07-18 256000]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\kav\\kis7.0\\spanish\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CAPCOM\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Lights\\CRUCIS FATAL FAKE\\data\\FF2.exe"=
"c:\\WINDOWS\\system32\\vistaui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13546:TCP"= 13546:TCP:fatal fake

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-17 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-17 99376]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-01-04 2048]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352]
S0 cuqdl;cuqdl;c:\windows\system32\drivers\ddbcijbs.sys --> c:\windows\system32\drivers\ddbcijbs.sys [?]
S0 irzxqmkz;irzxqmkz;c:\windows\system32\drivers\lwhczqar.sys []
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-11-15 16512]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\rohan\GameGuard\dump_wmimmc.sys --> c:\rohan\GameGuard\dump_wmimmc.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-17 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - d.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 20:19]
.
- - - - ORPHANS REMOVED - - - -

BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
BHO-{6b5fdd97-7916-433d-8822-cf53d73edba7} - (no file)
BHO-{D45E5D27-CC58-4F09-A6BC-01064000F5C2} - (no file)
HKLM-Run-TkBellExe - realsched.exe
Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Voice Editing Launcher - c:\program files\Panasonic\Voice Editing\VEd1_IEMenu.html

c:\windows\Downloaded Program Files\NeffyLauncher.dll - O16 -: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C}
hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
c:\windows\Downloaded Program Files\NeffyLauncher.inf

c:\windows\Downloaded Program Files\EconPlayer.ocx - O16 -: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}
hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\8ploximm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://gonintendo.com/
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\8ploximm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 21:32:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\lwhczqar.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\LVComS.exe
c:\program files\Logitech\Video\LowLight.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2009-01-18 21:35:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 02:35:32
ComboFix2.txt 2008-02-28 03:27:35

Pre-Run: 83,528,245,248 bytes free
Post-Run: 84,389,969,920 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
304 --- E O F --- 2009-01-14 18

05

Billy O'Neal · 01-18-2009, 09:16 PM

Hello, Chivi
c:\program files\渡辺製作所 <-- Do you recognise this?

We need to re-run ComboFix with some additonal directives.

Please disable any running anti-virus programs.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/336015-two-blue-screens.html
suspect::[54]
c:\windows\system32\pcload.exe
c:\windows\system32\AthUnIns.exe
folder::
c:\documents and settings\d\Application Data\Download Manager
C:\ai sp@ce
file::
c:\windows\_delis32.ini
c:\windows\system32\ffkuz.dll
c:\windows\yehal
c:\windows\system32\drivers\ddbcijbs.sys
c:\windows\system32\drivers\lwhczqar.sys
registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\CAPCOM\\Bionic Commando Rearmed\\bcr.exe"=-
"c:\\WINDOWS\\system32\\dpnsvr.exe"=-
"c:\\Program Files\\Lights\\CRUCIS FATAL FAKE\\data\\FF2.exe"=-
"c:\\WINDOWS\\system32\\vistaui.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13546:TCP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"bdx"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx]
driver::
cuqdl
irzxqmkz
dump_wmimmc
bdx
rootkit::
c:\windows\system32\drivers\lwhczqar.sys

Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

We need to scan for Rootkits with GMER

Please download GMER from one of the following mirrors:
Close any and all open programs, as this process may crash your computer.
Unzip the downloaded file to your desktop.
Double click on your desktop.
Allow the gmer.sys driver to load if asked.
You may see this window. If you do, click No.
Click on and wait for the scan to finish.
If you see a rootkit warning window, click OK.
Push and save the logfile to your desktop.
Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:
ComboFix.txt

GMER's Log

BillyIII

Chivi · 01-18-2009, 09:25 PM

Billy, I just wanted to ask you before I scan this computer tomorrow
(It's almost time I go to bed, so I will rerun combofix tomorrow)

but in the file you told me to copy, I saw programs which I installed on my own free will (mostly games, like Fatal Fake and Bionic Commando)

also, c:\program files\渡辺製作所 is a game I installed onto my pc

Billy O'Neal · 01-18-2009, 09:26 PM

It's not going to touch the games. It will only affect firewall rules. These programs shouldn't need to open persistent holes in Windows Firewall. If they need access again, then windows firewall will prompt you.

Billy3

Chivi · 01-18-2009, 09:27 PM

OK, thanks for explaining it to me

I will rerun Combofix and Gmer tomorrow

Chivi · 01-19-2009, 01:53 PM

Combofix seems to have deleted a game of mines named Ai Sp@ce..... is it ok if I reinstall it after you're done cleaning my system?

Billy O'Neal · 01-19-2009, 02:45 PM

Hello, Chivi
Sorry... my fault. I can't remember why I added that to the list :(

We'll restore it.

Go ahead and open notepad again, and paste in this script:

Code:

DeQuarantine::
C:\qoobox\Quarantine\C\ai sp@ce
QUIT::

Save it as CFSCRIPT.txt to your desktop.

Drag that one onto combofix again, which should only take a very short time this time.

It will generate a brief log. Please post back with that. Also, please let me know if your game works correctly :)

BillyIII

Chivi · 01-19-2009, 02:58 PM

the game seems to be working fine now

Billy O'Neal · 01-19-2009, 03:32 PM

Hello, Chivi
I would like us to use ESET (NOD32)'s Online Scanner

Please go to ESET OnlineScan (NOD32)
You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start
Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
Click Start
- Note: (the Onlinescanner will now prepare itself for running on your pc)
To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
Press Scan
The Onlinescan will now start and scan your pc (this could take a while)
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scanresults will now open in Notepad
Click into the text area, right-click and chose "select all" (or use <Control>+A)
Right-click again and chose "Copy" (or <Control>+C)
Close/Exit Notepad
Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
ESET OnlineScan's Log

BillyIII

Chivi · 01-19-2009, 04:52 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3778 (20090119)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=fafde791ac5abb4bb6783a7c6d979ad3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-19 11:51:38
# local_time=2009-01-19 06:51:38 (-0500, Eastern Standard Time)
# country="Japan"
# osver=5.1.2600 NT Service Pack 3
# scanned=541517
# found=5
# scan_time=4148
C:\Qoobox\Quarantine\[54]-Submit_2009-01-19@15.32.zip Win32/TrojanDownloader.FakeAlert.QT trojan (deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[54]-Submit_2009-01-19@15.32.zip ≫ZIP ≫Suspect_pcload.exe.vir Win32/TrojanDownloader.FakeAlert.QT trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\ffkuz.dll.vir Win32/BHO.NLI trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\pcload.exe Win32/TrojanDownloader.FakeAlert.QT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\84ZWAGEU\lsp[1].exe Win32/FakeInit.A trojan (unable to clean - deleted) 0000000000000000000000000000000

Billy O'Neal · 01-21-2009, 11:51 AM

Hello, Chivi
Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix

Please go to Start -> Run
Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
Press OK (Or hit enter).
Allow ComboFix to remove itself.

We Need to Clean Up Our Mess

Please download OTCleanIt from one of the following mirrors and save it to your desktop:
- Mirror 1
- Mirror A
Double click the icon.
Push the large "Cleanup" button.
Allow your system to reboot.

Recommendations
Below are some recommendations to lower your chances of (re)infection.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.
Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
Install an Anti-Spyware program, and update it regularly
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
1. Click the "Start Menu" (or Windows Orb)
2. Click "All Programs"
3. Click "Windows Update"
4. On the left, choose "Change Settings"
5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
6. Press OK and accept the UAC prompt.
  Note: You shouldn't need to check this checkbox every single time you update, only the first time.
7. Click "Check for Updates" in the upper left corner.
8. Follow the instructions to install the latest updates.
9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

BillyIII

Chivi · 01-21-2009, 02:25 PM

Thanks alot, everything seems fine right now
I haven't gotten the blue screen for about two or three days now

Billy O'Neal · 01-21-2009, 03:02 PM

Hello, Chivi
Glad I was able to help :)

Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

BillyIII

01-18-2009, 06:38 PM	#2 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi Welcome to TSF My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) Please give me some time to look over your computer's log(s). Please take note of the following: In the meantime, please refrain from making any changes to your computer. Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :) If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Finally, please reply using the button in the lower left hand corner of your screen. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" . We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. In your next reply, please include the following: ComboFix.txt BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-18-2009, 07:10 PM	#3 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens sorry about this, but I am having troubles exiting norton.... the program doesn't have an exit button; and I can't find the name of the program (uiStub2.exe) in the processes section of my task manager

01-18-2009, 07:18 PM	#4 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens See this topic for instrucitons on disabling your AV: http://www.bleepingcomputer.com/forums/topic114351.html Billy3 __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-18-2009, 07:38 PM	#5 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens At the beginning, MSN messenger opened itself up... I feel that I need to tell you that (incase something went wrong) ComboFix 09-01-18.01 - d 2009-01-18 21:28:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.932.1.1033.18.2047.1508 [GMT -5:00] Running from: c:\documents and settings\d\Desktop\ComboFix.exe AV: Norton AntiVirus On-access scanning disabled (Updated) FW: Norton AntiVirus enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\senekarbqibava.sys c:\windows\system32\dumphive.exe c:\windows\system32\kmd.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\test.ttt c:\windows\system32\tmp.reg c:\windows\system32\uniq.tll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\Tasks\uyiglupq.job . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-17 19:28 . 2009-01-17 19:28 <DIR> d-------- c:\documents and settings\d\Application Data\vlc 2009-01-17 18:11 . 2008-12-26 00:08 453,152 --a------ c:\windows\system32\nvudisp.exe 2009-01-17 18:11 . 2009-01-18 21:32 206,492 --a------ c:\windows\system32\nvapps.xml 2009-01-17 18:11 . 2008-12-26 00:08 18,725 --a------ c:\windows\system32\nvdisp.nvu 2009-01-17 18:10 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE 2009-01-17 15:28 . 2009-01-17 15:28 <DIR> d-------- c:\program files\Windows Sidebar 2009-01-17 15:28 . 2009-01-17 15:45 <DIR> d-------- c:\program files\Norton AntiVirus 2009-01-17 15:27 . 2009-01-17 15:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-17 15:27 . 2009-01-17 15:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2009-01-17 15:27 . 2009-01-17 15:40 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-17 15:27 . 2009-01-17 15:40 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2009-01-14 19:57 . 2009-01-14 19:57 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Application Data\ImgBurn 2009-01-14 19:32 . 2009-01-14 19:32 <DIR> d---s---- c:\documents and settings\Administrator.FAMILY.001\UserData 2009-01-14 16:17 . 2009-01-14 16:17 24,064 --a------ c:\windows\system32\pcload.exe 2009-01-14 16:07 . 2009-01-18 21:31 2,204 --a------ c:\windows\irzxqmkz 2009-01-13 23:19 . 2009-01-14 15:51 <DIR> d-------- c:\documents and settings\d\Application Data\Download Manager 2009-01-10 22:25 . 2009-01-10 22:25 33 --a------ c:\windows\LVMMail.INI 2009-01-10 22:05 . 2003-06-26 22:05 472,332 --a------ c:\windows\system32\drivers\lvcm.sys 2009-01-10 22:05 . 2003-06-26 22:12 327,680 --a------ c:\windows\system32\LVUI2RC.dll 2009-01-10 22:05 . 2003-06-26 22:11 172,032 --a------ c:\windows\system32\lvcodec2.dll 2009-01-10 22:05 . 2003-06-26 22:09 135,214 --a------ c:\windows\system32\LVComS.exe 2009-01-10 22:05 . 2003-06-26 22:11 122,880 --a------ c:\windows\system32\LVUI2.dll 2009-01-10 22:05 . 2003-06-26 22:14 77,824 --a------ c:\windows\system32\lvcoinst.dll 2009-01-10 22:05 . 2003-06-26 22:10 57,344 --a------ c:\windows\system32\LVComC.dll 2009-01-10 22:05 . 2003-06-26 21:40 14,938 --a------ c:\windows\system32\lvcoinst.ini 2009-01-10 22:05 . 2003-06-26 22:03 12,112 --a------ c:\windows\system32\drivers\LVUSBSta.sys 2009-01-10 22:04 . 2009-01-10 22:04 <DIR> d-------- c:\program files\Common Files\Logitech 2009-01-10 22:04 . 2003-05-20 17:02 36,864 -ra------ c:\windows\system32\AthUnIns.exe 2009-01-10 22:04 . 2009-01-10 22:04 244 --a------ c:\windows\_delis32.ini 2009-01-10 22:03 . 2009-01-10 22:03 <DIR> d-------- c:\program files\Logitech 2009-01-10 01:47 . 2009-01-10 01:47 <DIR> d-------- c:\program files\NitroPlus 2009-01-08 18:10 . 2009-01-08 18:10 257 --a------ c:\windows\system32\BDUpdateV1.xml 2009-01-08 17:19 . 2009-01-17 18:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-08 17:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-08 17:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-08 16:22 . 2009-01-08 16:22 <DIR> d-------- c:\program files\BitDefender 2009-01-07 15:41 . 2009-01-07 15:41 73,216 --a------ c:\windows\system32\ffkuz.dll 2009-01-06 16:52 . 2009-01-06 16:52 <DIR> d-------- c:\documents and settings\d\Application Data\SummitSoft 2009-01-04 17:46 . 2009-01-04 17:46 19,968 --a------ c:\windows\system32\portio32.dll 2009-01-04 17:46 . 2009-01-04 17:46 2,048 --a------ c:\windows\system32\drivers\portio32.sys 2009-01-04 17:46 . 2009-01-04 17:47 135 --a------ c:\windows\yehal 2009-01-04 03:35 . 2009-01-04 03:35 <DIR> d-------- c:\program files\EcoleSoftware 2009-01-02 23:02 . 2009-01-02 23:02 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Application Data\Malwarebytes 2009-01-02 23:00 . 2009-01-02 23:00 <DIR> d-------- c:\documents and settings\Administrator.FAMILY.001\Contacts 2009-01-02 22:13 . 2009-01-15 18:27 98,304 --a------ c:\windows\DUMP7270.tmp 2009-01-02 22:13 . 2009-01-15 18:26 98,304 --a------ c:\windows\DUMP689d.tmp 2008-12-31 19:40 . 2008-12-31 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software 2008-12-31 19:39 . 2008-12-31 21:45 <DIR> d-------- c:\program files\NCH Software 2008-12-31 19:33 . 2008-12-31 19:33 <DIR> d-------- c:\documents and settings\d\Application Data\4Media Software Studio 2008-12-23 21:18 . 2008-12-23 21:18 <DIR> d-------- c:\program files\Will 2008-12-19 18:28 . 2009-01-18 01:18 <DIR> d-------- C:\ai sp@ce . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 02:32 --------- d-----w c:\program files\ViStart 2009-01-19 01:53 --------- d-----w c:\documents and settings\d\Application Data\MegauploadToolbar 2009-01-17 23:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-17 23:31 --------- d-----w c:\program files\SpywareBlaster 2009-01-17 23:13 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 23:12 --------- d-----w c:\program files\AGEIA Technologies 2009-01-17 20:47 --------- d-----w c:\program files\Project64 2009-01-17 20:46 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-17 20:40 --------- d-----w c:\program files\Symantec 2009-01-17 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-17 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-15 00:46 --------- d-----w c:\program files\CCleaner 2009-01-10 21:25 --------- d-----w c:\program files\Common Files\BitDefender 2009-01-10 10:27 --------- d-----w c:\program files\Fate 2009-01-10 06:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 01:33 --------- d-----w c:\program files\Panda Security 2009-01-06 21:10 --------- d-----w c:\program files\Kaspersky Lab 2009-01-06 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-04 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-31 02:19 --------- d-----w c:\program files\Common Files\Apple 2008-12-23 02:30 --------- d-----w c:\program files\Tsukihime 2008-12-14 03:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-14 03:28 --------- d-----w c:\program files\QuickTime 2008-12-14 03:28 --------- d-----w c:\program files\Bonjour 2008-12-14 03:27 --------- d-----w c:\program files\Apple Software Update 2008-12-13 03:08 --------- d-----w c:\documents and settings\All Users\Application Data\Megaupload 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 03:09 --------- d-----w c:\program files\Ubisoft 2008-12-11 01:20 --------- d-----w c:\program files\CAPCOM 2008-12-08 04:20 --------- d-----w c:\documents and settings\d\Application Data\Toribash 2008-12-07 05:35 --------- d-----w c:\program files\BestGameEver 2008-11-29 04:57 --------- d-----w c:\documents and settings\d\Application Data\skypePM 2008-11-29 03:36 --------- d-----w c:\program files\Windows Live 2008-11-28 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-28 05:39 --------- d-----w c:\program files\Panasonic 2008-11-28 05:39 --------- d-----w c:\documents and settings\d\Application Data\ANIMO 2008-11-21 20:19 --------- d-----w c:\program files\MegauploadToolbar 2008-11-21 06:48 --------- d-----w c:\program files\Watanabe Productions 2008-11-21 06:26 --------- d-----w c:\program files\渡辺製作所 2008-11-20 04:22 --------- d-----w c:\documents and settings\d\Application Data\Nitroplus 2008-11-10 07:22 4,182 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-02-11 03:00 22,328 ----a-w c:\documents and settings\d\Application Data\PnkBstrK.sys 2004-07-04 05:09 140,800 ----a-w c:\program files\mozilla firefox\plugins\al2np.dll 2008-10-30 22:34 39,424 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] 2008-08-04 15:44 1947080 --a------ c:\progra~1\MEGAUP~1\MEGAUP~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}] [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}] [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-26 593920] "ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-01-14 1273488] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] c:\documents and settings\d\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] PowerReg Scheduler.exe [2008-07-18 256000] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.enc"= ITIG726.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\kav\\kis7.0\\spanish\\setup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CAPCOM\\Bionic Commando Rearmed\\bcr.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Lights\\CRUCIS FATAL FAKE\\data\\FF2.exe"= "c:\\WINDOWS\\system32\\vistaui.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= "c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13546:TCP"= 13546:TCP:fatal fake R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-17 38656] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-17 99376] R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-01-04 2048] R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352] S0 cuqdl;cuqdl;c:\windows\system32\drivers\ddbcijbs.sys --> c:\windows\system32\drivers\ddbcijbs.sys [?] S0 irzxqmkz;irzxqmkz;c:\windows\system32\drivers\lwhczqar.sys [] S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-11-15 16512] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888] S3 dump_wmimmc;dump_wmimmc;\??\c:\rohan\GameGuard\dump_wmimmc.sys --> c:\rohan\GameGuard\dump_wmimmc.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-17 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - d.job - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 20:19] . - - - - ORPHANS REMOVED - - - - BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file) BHO-{6b5fdd97-7916-433d-8822-cf53d73edba7} - (no file) BHO-{D45E5D27-CC58-4F09-A6BC-01064000F5C2} - (no file) HKLM-Run-TkBellExe - realsched.exe Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://hotmail.com/ uInternet Settings,ProxyOverride = .local IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Voice Editing Launcher - c:\program files\Panasonic\Voice Editing\VEd1_IEMenu.html c:\windows\Downloaded Program Files\NeffyLauncher.dll - O16 -: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab c:\windows\Downloaded Program Files\NeffyLauncher.inf c:\windows\Downloaded Program Files\EconPlayer.ocx - O16 -: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\8ploximm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://gonintendo.com/ FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\8ploximm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 21:32:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\lwhczqar.sys 25088 bytes executable scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1332) c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\conime.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\LVComS.exe c:\program files\Logitech\Video\LowLight.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe . ************************************************************************ . Completion time: 2009-01-18 21:35:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-19 02:35:32 ComboFix2.txt 2008-02-28 03:27:35 Pre-Run: 83,528,245,248 bytes free Post-Run: 84,389,969,920 bytes free Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7 304 --- E O F --- 2009-01-14 1805

01-18-2009, 09:16 PM	#6 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi c:\program files\渡辺製作所 <-- Do you recognise this? We need to re-run ComboFix with some additonal directives. Please disable any running anti-virus programs. If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/336015-two-blue-screens.html suspect::[54] c:\windows\system32\pcload.exe c:\windows\system32\AthUnIns.exe folder:: c:\documents and settings\d\Application Data\Download Manager C:\ai sp@ce file:: c:\windows\_delis32.ini c:\windows\system32\ffkuz.dll c:\windows\yehal c:\windows\system32\drivers\ddbcijbs.sys c:\windows\system32\drivers\lwhczqar.sys registry:: [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=- "NoActiveDesktopChanges"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\dpvsetup.exe"=- "c:\\Program Files\\DNA\\btdna.exe"=- "c:\\Program Files\\CAPCOM\\Bionic Commando Rearmed\\bcr.exe"=- "c:\\WINDOWS\\system32\\dpnsvr.exe"=- "c:\\Program Files\\Lights\\CRUCIS FATAL FAKE\\data\\FF2.exe"=- "c:\\WINDOWS\\system32\\vistaui.exe"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13546:TCP"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] "bdx"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx] driver:: cuqdl irzxqmkz dump_wmimmc bdx rootkit:: c:\windows\system32\drivers\lwhczqar.sys Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. We need to scan for Rootkits with GMER Please download GMER from one of the following mirrors: This is the Primary mirror This is a Secondary mirror This is a Secondary mirror Close any and all open programs, as this process may crash your computer. Unzip the downloaded file to your desktop. Double click on your desktop. Allow the gmer.sys driver to load if asked. You may see this window. If you do, click No. Click on and wait for the scan to finish. If you see a rootkit warning window, click OK. Push and save the logfile to your desktop. Copy and Paste the contents of that file in your next post. In your next reply, please include the following: ComboFix.txt GMER's Log BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-18-2009, 09:25 PM	#7 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens Billy, I just wanted to ask you before I scan this computer tomorrow (It's almost time I go to bed, so I will rerun combofix tomorrow) but in the file you told me to copy, I saw programs which I installed on my own free will (mostly games, like Fatal Fake and Bionic Commando) also, c:\program files\渡辺製作所 is a game I installed onto my pc

01-18-2009, 09:26 PM	#8 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens It's not going to touch the games. It will only affect firewall rules. These programs shouldn't need to open persistent holes in Windows Firewall. If they need access again, then windows firewall will prompt you. Billy3 __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-18-2009, 09:27 PM	#9 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens OK, thanks for explaining it to me I will rerun Combofix and Gmer tomorrow

01-19-2009, 02:45 PM	#11 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi Sorry... my fault. I can't remember why I added that to the list :( We'll restore it. Go ahead and open notepad again, and paste in this script: Code: DeQuarantine:: C:\qoobox\Quarantine\C\ai sp@ce QUIT:: Save it as CFSCRIPT.txt to your desktop. Drag that one onto combofix again, which should only take a very short time this time. It will generate a brief log. Please post back with that. Also, please let me know if your game works correctly :) BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-19-2009, 03:32 PM	#13 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi I would like us to use ESET (NOD32)'s Online Scanner Please go to ESET OnlineScan (NOD32) You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use Now click Start Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes Click Start Note: (the Onlinescanner will now prepare itself for running on your pc) To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications" Press Scan The Onlinescan will now start and scan your pc (this could take a while) When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt The Scanresults will now open in Notepad Click into the text area, right-click and chose "select all" (or use <Control>+A) Right-click again and chose "Copy" (or <Control>+C) Close/Exit Notepad Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created. Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.) In your next reply, please include the following: ESET OnlineScan's Log BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-19-2009, 04:52 PM	#14 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3778 (20090119) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=fafde791ac5abb4bb6783a7c6d979ad3 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-01-19 11:51:38 # local_time=2009-01-19 06:51:38 (-0500, Eastern Standard Time) # country="Japan" # osver=5.1.2600 NT Service Pack 3 # scanned=541517 # found=5 # scan_time=4148 C:\Qoobox\Quarantine\[54]-Submit_2009-01-19@15.32.zip Win32/TrojanDownloader.FakeAlert.QT trojan (deleted) 00000000000000000000000000000000 C:\Qoobox\Quarantine\[54]-Submit_2009-01-19@15.32.zip ≫ZIP ≫Suspect_pcload.exe.vir Win32/TrojanDownloader.FakeAlert.QT trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\ffkuz.dll.vir Win32/BHO.NLI trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\pcload.exe Win32/TrojanDownloader.FakeAlert.QT trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\84ZWAGEU\lsp[1].exe Win32/FakeInit.A trojan (unable to clean - deleted) 0000000000000000000000000000000

01-21-2009, 11:51 AM	#15 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi Congratulations! You now appear clean! Are things running okay? Do you have any more questions? System Still Slow? You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware We Need to Remove ComboFix Please go to Start -> Run Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there. Press OK (Or hit enter). Allow ComboFix to remove itself. We Need to Clean Up Our Mess Please download OTCleanIt from one of the following mirrors and save it to your desktop: Mirror 1 Mirror A Double click the icon. Push the large "Cleanup" button. Allow your system to reboot. Recommendations Below are some recommendations to lower your chances of (re)infection. Install Spyware Blaster and update it regularly If you wish, the commercial version provides automatic updating. Install the MVPs hosts file, and update it regularly You can use the HostMan host file manager to do this automaticly if you wish. For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file Install an Anti-Spyware program, and update it regularly Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. Keep Windows (and your other Microsoft software) up to date! I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. If you are using Windows XP or earlier Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!! If you are using Windows Vista Click the "Start Menu" (or Windows Orb) Click "All Programs" Click "Windows Update" On the left, choose "Change Settings" Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked. Press OK and accept the UAC prompt. Note: You shouldn't need to check this checkbox every single time you update, only the first time. Click "Check for Updates" in the upper left corner. Follow the instructions to install the latest updates. Reboot and repeat the "Check for Updates" until there are no more critical updates to install Keep your other software up to date as well Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine. Stay up to date! The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(. BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....

01-21-2009, 02:25 PM	#16 (permalink)
Chivi Registered User Join Date: Jan 2008 Posts: 69 OS: Windows XP Service Pack 3	Re: Two Blue Screens Thanks alot, everything seems fine right now I haven't gotten the blue screen for about two or three days now

01-21-2009, 03:02 PM	#17 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,690 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: Two Blue Screens Hello, Chivi Glad I was able to help :) Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html BillyIII __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....