[Clean] BSOD and very slowing computer

Inactive
By demonik098
Aug 8, 2011
Topic Status:
Not open for further replies.
  1. My computer has been experiencing many bsod's for about a week or so now so I decided to take a look into it. I have been looking into my processes and heres what I found

    The file smss.exe was found in two places of my computer C:\WINDOWS\system32 and also in C:\WINDOWS\ServicePackFiles\i386

    The file alg.exe also had the same problem as it was in both folders not sure if this is potentially dangerous or not.

    At the moment I have 2 rundll32.exe's running and Im pretty sure that it is always running.

    Here are some logs that I have got from recent scans that Ive done according to a different thread that had been closed like 5 years ago

    This one is from the software DDS

    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
    Run by Don at 20:13:33 on 2011-08-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2340 [GMT -5:00]
    .
    AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Razer\Abyssus\razerhid.exe
    C:\Program Files\Steam\steam.exe
    C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    svchost.exe
    C:\Program Files\GameTracker\GSInGameService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Razer\Abyssus\razerofa.exe
    C:\Program Files\Razer\Abyssus\vdDaemon.exe
    C:\Program Files\Steam\GameOverlayUI.exe
    C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Sunbelt Software\VIPRE\sbamui.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: H - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [Google Update] "c:\documents and settings\don\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [GameTracker] c:\program files\gametracker\GTLite.exe
    uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [snpstd] c:\windows\vsnpstd.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Abyssus] c:\program files\razer\abyssus\razerhid.exe
    mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\documents and settings\don\start menu\programs\startup\CurseClientStartup.ccip
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 172.16.0.1
    TCP: Interfaces\{CA5F1DAE-DF8A-405E-A675-61DCA5D86BBA} : DhcpNameServer = 172.16.0.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\0qjk72t9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - RuneScape Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q=
    FF - plugin: c:\documents and settings\don\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-8-7 21592]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-8-7 212568]
    R2 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2011-4-29 1677096]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-8 366640]
    R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-7-15 2804280]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-7 74200]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-7-15 181584]
    R3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\drivers\Abyssus.sys [2011-7-14 9216]
    R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2011-7-14 6656]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-8 22712]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-3-25 845184]
    R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2011-7-14 10240]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2011-3-25 22784]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-8 41272]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-09 00:54:28 -------- d-----w- c:\documents and settings\don\application data\Malwarebytes
    2011-08-09 00:54:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-09 00:54:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-09 00:54:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-09 00:54:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-09 00:44:26 -------- d-----w- c:\documents and settings\don\application data\DriverFinder
    2011-08-08 03:54:39 74200 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2011-08-08 03:54:38 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2011-08-08 03:51:03 -------- d-----w- c:\documents and settings\all users\application data\Sunbelt
    2011-08-08 03:50:56 -------- d-----w- c:\documents and settings\don\application data\Sunbelt
    2011-08-08 03:49:45 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2011-08-08 03:49:40 -------- d-----w- c:\program files\Sunbelt Software
    2011-08-06 19:26:30 -------- d-----w- c:\documents and settings\don\application data\GameTracker
    2011-08-06 19:26:08 -------- d-----w- c:\program files\GameTracker
    2011-07-15 23:24:08 42832 ----a-w- c:\windows\system32\sbbd.exe
    2011-07-14 05:30:31 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-07-14 05:30:10 9216 ----a-w- c:\windows\system32\drivers\Abyssus.sys
    2011-07-14 05:30:08 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
    2011-07-14 05:30:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-07-14 05:30:08 10240 ----a-w- c:\windows\system32\drivers\VKbms.sys
    2011-07-14 05:30:05 110592 ----a-w- c:\windows\system32\Abyssus.cpl
    .
    ==================== Find3M ====================
    .
    2011-08-02 02:58:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-08-02 02:58:53 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-08-02 02:58:53 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-06-22 22:30:35 280768 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-06-22 03:28:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-06 16:36:00 4005936 ----a-w- c:\windows\system32\GameMon.des
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 20:14:06.09 ===============

    Here is the attach from DDS as well


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/25/2011 3:57:25 PM
    System Uptime: 8/8/2011 6:17:32 PM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3A78-CM
    Processor: AMD Phenom(tm) 9850 Quad-Core Processor | AM2 | 2511/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 165.08 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP68: 5/9/2011 10:33:05 PM - System Checkpoint
    RP69: 5/10/2011 10:48:55 PM - Software Distribution Service 3.0
    RP70: 5/11/2011 1:25:46 PM - Installed WorldWinner Games
    RP71: 5/12/2011 1:48:57 PM - System Checkpoint
    RP72: 5/13/2011 1:58:32 PM - System Checkpoint
    RP73: 5/14/2011 11:14:41 PM - System Checkpoint
    RP74: 5/16/2011 12:25:09 AM - System Checkpoint
    RP75: 5/17/2011 12:56:40 AM - System Checkpoint
    RP76: 5/18/2011 6:27:22 PM - System Checkpoint
    RP77: 5/19/2011 9:13:02 PM - System Checkpoint
    RP78: 5/21/2011 9:16:42 PM - System Checkpoint
    RP79: 5/22/2011 9:51:19 PM - System Checkpoint
    RP80: 5/23/2011 9:52:43 PM - System Checkpoint
    RP81: 5/24/2011 11:23:02 PM - System Checkpoint
    RP82: 5/26/2011 12:49:05 AM - System Checkpoint
    RP83: 5/27/2011 5:48:15 PM - System Checkpoint
    RP84: 5/28/2011 11:14:15 AM - Removed Google Earth Plug-in.
    RP85: 5/30/2011 3:05:04 PM - System Checkpoint
    RP86: 5/31/2011 4:03:46 PM - System Checkpoint
    RP87: 6/1/2011 5:23:38 PM - System Checkpoint
    RP88: 6/2/2011 10:29:51 PM - System Checkpoint
    RP89: 6/4/2011 2:00:43 AM - System Checkpoint
    RP90: 6/4/2011 9:19:44 AM - Removed Ventrilo Client
    RP91: 6/5/2011 8:30:30 AM - Removed Skype™ 5.3
    RP92: 6/6/2011 9:23:14 AM - System Checkpoint
    RP93: 6/7/2011 10:01:30 AM - System Checkpoint
    RP94: 6/8/2011 10:23:59 AM - System Checkpoint
    RP95: 6/10/2011 1:46:00 AM - Installed Oblivion
    RP96: 6/10/2011 1:55:58 AM - Installed DirectX 9.0
    RP97: 6/10/2011 2:05:58 AM - Removed WorldWinner Games
    RP98: 6/10/2011 2:52:51 AM - Removed Skype Toolbars
    RP99: 6/10/2011 5:50:58 AM - Installed DirectX
    RP100: 6/10/2011 5:51:19 AM - Installed DirectX
    RP101: 6/10/2011 5:55:31 AM - Installed DirectX
    RP102: 6/10/2011 6:58:10 PM - Software Distribution Service 3.0
    RP103: 6/12/2011 5:04:46 AM - System Checkpoint
    RP104: 6/13/2011 9:40:08 AM - System Checkpoint
    RP105: 6/14/2011 4:14:42 AM - Software Distribution Service 3.0
    RP106: 6/15/2011 1:17:11 AM - Installed NVIDIA PhysX
    RP107: 6/15/2011 1:17:33 AM - Removed NVIDIA PhysX v8.10.29
    RP108: 6/15/2011 1:22:05 AM - Installed Windows KB954550-v5.
    RP109: 6/15/2011 1:22:12 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP110: 6/15/2011 1:22:23 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP111: 6/15/2011 1:24:48 AM - Installed DirectX
    RP112: 6/16/2011 2:03:21 AM - System Checkpoint
    RP113: 6/17/2011 3:01:36 AM - System Checkpoint
    RP114: 6/18/2011 3:43:01 AM - System Checkpoint
    RP115: 6/18/2011 11:14:07 AM - Installed Java(TM) 6 Update 26
    RP116: 6/19/2011 1:31:23 PM - System Checkpoint
    RP117: 6/20/2011 1:42:38 PM - System Checkpoint
    RP118: 6/21/2011 2:00:57 PM - System Checkpoint
    RP119: 6/22/2011 6:44:34 PM - System Checkpoint
    RP120: 6/23/2011 6:25:06 PM - Installed VIPRE Antivirus.
    RP121: 6/24/2011 5:48:50 PM - Software Distribution Service 3.0
    RP122: 6/25/2011 7:07:57 PM - System Checkpoint
    RP123: 6/27/2011 12:15:22 AM - System Checkpoint
    RP124: 6/28/2011 12:23:35 AM - System Checkpoint
    RP125: 6/28/2011 6:01:21 PM - Software Distribution Service 3.0
    RP126: 7/2/2011 3:52:28 AM - System Checkpoint
    RP127: 7/3/2011 12:57:19 PM - Installed Ventrilo Client
    RP128: 7/4/2011 12:59:55 PM - Removed Skype™ 5.3
    RP129: 7/5/2011 1:17:19 PM - System Checkpoint
    RP130: 7/6/2011 3:06:40 PM - System Checkpoint
    RP131: 7/8/2011 1:40:04 AM - System Checkpoint
    RP132: 7/9/2011 12:54:42 AM - Removed VIPRE Antivirus.
    RP133: 7/9/2011 1:00:13 AM - Installed VIPRE Antivirus Premium.
    RP134: 7/10/2011 6:38:43 PM - System Checkpoint
    RP135: 7/11/2011 7:18:02 PM - System Checkpoint
    RP136: 7/13/2011 12:09:18 AM - System Checkpoint
    RP137: 7/13/2011 2:40:51 AM - Software Distribution Service 3.0
    RP138: 7/14/2011 12:21:50 AM - Installed Razer Abyssus 1800.
    RP139: 7/14/2011 12:25:58 AM - Removed Razer Abyssus 1800.
    RP140: 7/14/2011 12:30:01 AM - Installed Razer Abyssus
    RP141: 7/14/2011 12:30:31 AM - Installed Windows XP Wdf01009.
    RP142: 7/15/2011 9:25:48 AM - System Checkpoint
    RP143: 7/16/2011 4:05:39 PM - System Checkpoint
    RP144: 7/17/2011 4:41:35 PM - System Checkpoint
    RP145: 7/19/2011 9:19:57 PM - System Checkpoint
    RP146: 7/21/2011 11:23:04 PM - System Checkpoint
    RP147: 7/23/2011 1:03:42 AM - Removed VIPRE Antivirus Premium.
    RP148: 7/23/2011 1:09:14 AM - Installed VIPRE Antivirus Premium.
    RP149: 7/24/2011 4:57:25 AM - System Checkpoint
    RP150: 7/25/2011 12:05:12 PM - System Checkpoint
    RP151: 7/26/2011 4:21:48 PM - System Checkpoint
    RP152: 7/28/2011 9:52:23 AM - System Checkpoint
    RP153: 7/29/2011 10:41:16 PM - System Checkpoint
    RP154: 8/1/2011 11:24:31 AM - System Checkpoint
    RP155: 8/2/2011 12:35:29 PM - Removed Razer DeathAdder(TM) Mouse
    RP156: 8/3/2011 7:11:57 PM - System Checkpoint
    RP157: 8/5/2011 11:13:27 AM - System Checkpoint
    RP158: 8/7/2011 5:19:28 AM - System Checkpoint
    RP159: 8/7/2011 10:42:42 PM - Removed VIPRE Antivirus Premium.
    RP160: 8/7/2011 10:49:34 PM - Installed VIPRE Antivirus.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AMD Processor Driver
    Borderlands
    Counter-Strike: Source
    GameTracker Lite
    Garry's Mod
    Google Chrome
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 26
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework Client Profile
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    Oblivion
    Platform
    PunkBuster Services
    Razer Abyssus
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    StarCraft II
    Steam
    Team Fortress 2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    VIA Platform Device Manager
    VIPRE Antivirus
    WebFldrs XP
    Windows Driver Package - Cypress (CyUsb) USB
    Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/8/2011 4:39:55 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf44, parameter3 b84dfa58, parameter4 00000000.
    8/8/2011 1:55:11 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf44, parameter3 b84d7a58, parameter4 00000000.
    8/7/2011 11:42:19 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf44, parameter3 b84e37b4, parameter4 00000000.
    8/7/2011 11:42:15 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd098b60, parameter3 ae72abb8, parameter4 00000000.
    8/7/2011 10:44:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    8/5/2011 5:20:33 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 0000001c, parameter3 00000000, parameter4 804fcf1e.
    8/3/2011 1:30:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf44, parameter3 b84c7a58, parameter4 00000000.
    8/2/2011 5:31:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.
    8/2/2011 5:31:51 PM, error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    This one is form the software GMER


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-08 20:32:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250318AS rev.CC46
    Running: gmer.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\fwtdqpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

    ---- EOF - GMER 1.0.15 ----

    Finally this is the Malewarebyte's log

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7413

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    8/8/2011 8:42:27 PM
    mbam-log-2011-08-08 (20-42-27).txt

    Scan type: Quick scan
    Objects scanned: 164283
    Time elapsed: 6 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -----------------------------------------

    I know this is kind of a pain to go through but im looking for some real help I dont think I have it in my to reinstall windows once again and it probably wont do any good anyways. I was unable to attach pictures of my processes because the files were too large. Although if you need them I can send them some other way. Thank you guys for taking the time to look over this I really appreciate it.
  2. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    So far I don't see much....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. demonik098

    demonik098 Newcomer, in training Topic Starter

    Here are the logs

    These are the logs that have been produced. Im also wondering at the end of this what should I keep for an antivirus/malware to make sure this doesnt happen again? I currently have Vipre and I'm not sure if its doing the trick for me

    aswMBR Log
    -----------------

    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-09 13:12:00
    -----------------------------
    13:12:00.406 OS Version: Windows 5.1.2600 Service Pack 3
    13:12:00.406 Number of processors: 4 586 0x203
    13:12:00.406 ComputerName: GEORGE UserName: Don
    13:12:01.468 Initialize success
    13:12:05.546 AVAST engine defs: 11080901
    13:12:08.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:12:08.859 Disk 0 Vendor: ST3250318AS CC46 Size: 238475MB BusType: 3
    13:12:10.875 Disk 0 MBR read successfully
    13:12:10.875 Disk 0 MBR scan
    13:12:10.890 Disk 0 Windows XP default MBR code
    13:12:10.906 Disk 0 scanning sectors +488376000
    13:12:10.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:12:24.562 Service scanning
    13:12:25.406 Modules scanning
    13:12:39.406 Disk 0 trace - called modules:
    13:12:39.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    13:12:39.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af16ab8]
    13:12:39.421 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8af8fbc8]
    13:12:39.750 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af5a580]
    13:12:40.750 AVAST engine scan C:\WINDOWS
    13:13:00.359 AVAST engine scan C:\WINDOWS\system32
    13:15:21.406 AVAST engine scan C:\WINDOWS\system32\drivers
    13:15:49.546 AVAST engine scan C:\Documents and Settings\Don
    13:28:55.906 AVAST engine scan C:\Documents and Settings\All Users
    13:33:19.109 Scan finished successfully
    13:33:39.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Don\My Documents\MBR.dat"
    13:33:39.984 The log file has been saved successfully to "C:\Documents and Settings\Don\My Documents\aswMBR log.txt"

    ComboFix Log
    --------------------
    ComboFix 11-08-09.02 - Don 08/09/2011 13:39:44.1.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2750 [GMT -5:00]
    Running from: c:\documents and settings\Don\My Documents\Downloads\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Steam\Steam.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-09 00:54 . 2011-08-09 00:54 -------- d-----w- c:\documents and settings\Don\Application Data\Malwarebytes
    2011-08-09 00:54 . 2011-08-09 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-09 00:54 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-09 00:54 . 2011-08-09 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-09 00:54 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-09 00:44 . 2011-08-09 00:52 -------- d-----w- c:\documents and settings\Don\Application Data\DriverFinder
    2011-08-08 03:54 . 2011-06-10 15:23 74200 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2011-08-08 03:54 . 2011-06-10 15:23 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2011-08-08 03:51 . 2011-08-08 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2011-08-08 03:50 . 2011-08-08 03:50 -------- d-----w- c:\documents and settings\Don\Application Data\Sunbelt
    2011-08-08 03:49 . 2011-04-05 21:57 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2011-08-08 03:49 . 2011-08-08 03:49 -------- d-----w- c:\program files\Sunbelt Software
    2011-08-06 19:26 . 2011-08-09 17:47 -------- d-----w- c:\documents and settings\Don\Application Data\GameTracker
    2011-08-06 19:26 . 2011-08-09 17:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\GameTracker
    2011-08-06 19:26 . 2011-08-06 19:26 -------- d-----w- c:\program files\GameTracker
    2011-08-02 16:42 . 2011-08-03 02:28 -------- d-----w- c:\documents and settings\Donald
    2011-07-15 23:24 . 2011-07-15 23:24 42832 ----a-w- c:\windows\system32\sbbd.exe
    2011-07-14 05:30 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-07-14 05:30 . 2009-10-30 17:53 9216 ----a-w- c:\windows\system32\drivers\Abyssus.sys
    2011-07-14 05:30 . 2010-10-01 07:16 10240 ----a-w- c:\windows\system32\drivers\VKbms.sys
    2011-07-14 05:30 . 2010-09-25 19:55 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
    2011-07-14 05:30 . 2009-07-15 11:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-07-14 05:30 . 2009-08-27 21:26 110592 ----a-w- c:\windows\system32\Abyssus.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-02 02:58 . 2011-03-26 00:13 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-08-02 02:58 . 2011-03-26 00:14 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-08-02 02:58 . 2011-03-26 00:13 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-06-22 22:30 . 2011-03-26 00:13 280768 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-06-22 03:28 . 2011-05-31 13:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-06 16:36 . 2011-06-14 20:19 4005936 ----a-w- c:\windows\system32\GameMon.des
    2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-06-23 23:06 . 2011-03-25 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GameTracker"="c:\program files\GameTracker\GTLite.exe" [2011-04-29 4018984]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "snpstd"="c:\windows\vsnpstd.exe" [2004-01-01 40960]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Abyssus"="c:\program files\Razer\Abyssus\razerhid.exe" [2011-03-10 231936]
    "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-07-15 1353040]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Don\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2011-6-29 0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\steamapps\\greeklord\\pirates, vikings, and knights ii\\hl2.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Documents and Settings\\Don\\Local Settings\\Apps\\2.0\\7XEP2C2D.TWN\\C0TH3R2Q.PPJ\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
    "c:\\Program Files\\Steam\\steamapps\\greeklord\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "c:\\Program Files\\Steam\\steamapps\\st33l1991\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
    .
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/7/2011 10:54 PM 21592]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [8/7/2011 10:49 PM 212568]
    R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [4/29/2011 2:16 PM 1677096]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/8/2011 7:54 PM 366640]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/7/2011 10:54 PM 74200]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [7/15/2011 6:22 PM 181584]
    R3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\drivers\Abyssus.sys [7/14/2011 12:30 AM 9216]
    R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [7/14/2011 12:30 AM 6656]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/8/2011 7:54 PM 22712]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/25/2011 4:24 PM 845184]
    R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [7/14/2011 12:30 AM 10240]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:01 PM 101720]
    S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [7/15/2011 6:23 PM 2804280]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/25/2011 2:14 PM 22784]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-926492609-682003330-1004Core.job
    - c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 17:26]
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-926492609-682003330-1004UA.job
    - c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 17:26]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 172.16.0.1
    FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\0qjk72t9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - RuneScape Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Steam - c:\program files\Steam\steam.exe
    HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
    AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
    AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
    AddRemove-Steam App 8980 - c:\program files\Steam\steam.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-09 13:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    Completion time: 2011-08-09 13:43:33
    ComboFix-quarantined-files.txt 2011-08-09 18:43
    .
    Pre-Run: 177,334,030,336 bytes free
    Post-Run: 178,842,083,328 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - FD139A96754C3119FC69BB1F2D3B07C6

    If nothing can be resolved I'm just going to have to reinstall windows please get back as soon as you can
  4. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Firstly, there is no perfect security program.
    It's mostly about your computing habits...

    However I don't see anything malicious on your computer, so I suggest you create new topic in BSOD forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.