robsad
2011-02-04, 02:55
Here's the situation...
I downloaded a .exe and dbl clicked it. As soon as I double clicked it, it disappeared and my computer rebooted itself. It took forever to start back up and then it blue screened shortly after starting up. I restarted it in safe mode and attempted to do a system restore to my most recent point and the computer started up but was still extremely slow so I assumed something was wrong. I made my way here, downloaded DDS and attempted to run it. As I ran DDS I started getting multiple error messages about programs closing, nircmd.exe, sed.dat, and something along the lines of "Freeware implementation of REG.EXE." Before DDS could finish and produce a log, my computer bluescreened again. I went back to safe mode and tried to run DDS with the same result, a bluescreen error. I'm currently doing a full scan of my computer with malwarebyte in safe mode, but as of yet its not showing any infections.
Please help! and thank you!
Update: I ran spybot and it came up with 7 entries, and fixed them.
I was then able to run DDS and get a log without crashing. Log below:
DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
Run by Robert at 19:14:23.19 on Thu 02/03/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4091.3260 [GMT -6:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Robert\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
uPolicies-system: qskhomddbsacdctmfqofTaskMgr = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 85.17.162.237 l2authd.lineage2.com
Hosts: 85.17.162.237 l2patcher.lineage2.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\fra4kn9z.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYUS&ptb=yd.RMYRPxlLo_OWZ.gowpw&psa=&ind=2010041613&ptnrS=ZUxdm080YYUS&si=&st=kwd&n=77cecd0d&searchfor=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: XULRunner: {019E72A5-C434-4AAE-8E36-281B3288E1BF} - C:\Users\Robert\AppData\Local\{019E72A5-C434-4AAE-8E36-281B3288E1BF}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-11-14 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-11-14 35536]
S1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-11-14 317520]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-6 202752]
S2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-9-10 212232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-4-6 6659072]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-6 195584]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-6-27 12744]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-25 155752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 89920]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2010-9-30 23680]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-02-03 21:20:20 -------- d-----w- C:\Users\Robert\AppData\Roaming\Softplicity
2011-02-03 21:17:15 -------- d-----w- C:\Program Files (x86)\A-PDF Merger
2011-02-03 20:57:54 -------- d-----w- C:\Users\Robert\AppData\Roaming\PrimoPDF
2011-02-03 20:57:26 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-02-02 00:02:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-02 00:01:15 -------- d-----w- C:\Users\Robert\AppData\Local\Microsoft Help
2011-02-01 16:27:54 -------- d-----w- C:\Program Files (x86)\TrueGames
2011-01-26 18:48:16 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-01-25 19:20:02 -------- d-----w- C:\Users\Robert\AppData\Roaming\Yammer
2011-01-25 19:19:55 -------- d-----w- C:\Program Files (x86)\Yammer
2011-01-24 17:11:52 -------- d-----w- C:\Program Files (x86)\Guild Wars
2011-01-22 17:51:01 -------- d-----w- C:\Users\Robert\AppData\Roaming\RIFT
2011-01-22 17:50:55 -------- d-----w- C:\Program Files (x86)\RIFT
2011-01-13 16:09:19 -------- d-----w- C:\Users\Robert\AppData\Local\CRASH_DUMPS
2011-01-13 16:08:42 -------- d-----w- C:\Users\Robert\AppData\Local\SimuBugCatcher
2011-01-12 20:51:34 -------- d-----w- C:\Users\Robert\AppData\Local\player_client.exe
2011-01-12 06:29:31 -------- d-----w- C:\550a2a91129b02a23cb8cbd8ca92
2011-01-12 04:20:20 466944 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 04:20:19 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 04:20:19 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:20:19 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 04:20:19 253952 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:20:18 69632 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-01-12 04:20:18 57344 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-01-12 04:20:18 286720 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 04:20:18 278528 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 04:20:18 241664 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:20:18 208896 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 04:20:18 180224 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 04:18:46 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2011-01-11 22:49:04 -------- d-----w- C:\Users\Robert\AppData\Local\HeroEngine
2011-01-08 02:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-08 02:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-08 02:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-08 02:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-08 02:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-01-06 04:23:21 0 ----a-w- C:\Users\Robert\AppData\Local\Bcoqilitaci.bin
2011-01-06 04:23:19 -------- d-----w- C:\Users\Robert\AppData\Local\{019E72A5-C434-4AAE-8E36-281B3288E1BF}
2011-01-05 21:12:19 -------- d-----w- C:\Program Files (x86)\Black Isle
2011-01-05 21:11:59 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-01-05 05:56:26 -------- d-----w- C:\Program Files (x86)\Shadowbane - Throne of Oblivion
==================== Find3M ====================
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2010-11-12 00:44:54 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-11-08 22:57:04 353592 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
============= FINISH: 19:15:22.63 ===============
I downloaded a .exe and dbl clicked it. As soon as I double clicked it, it disappeared and my computer rebooted itself. It took forever to start back up and then it blue screened shortly after starting up. I restarted it in safe mode and attempted to do a system restore to my most recent point and the computer started up but was still extremely slow so I assumed something was wrong. I made my way here, downloaded DDS and attempted to run it. As I ran DDS I started getting multiple error messages about programs closing, nircmd.exe, sed.dat, and something along the lines of "Freeware implementation of REG.EXE." Before DDS could finish and produce a log, my computer bluescreened again. I went back to safe mode and tried to run DDS with the same result, a bluescreen error. I'm currently doing a full scan of my computer with malwarebyte in safe mode, but as of yet its not showing any infections.
Please help! and thank you!
Update: I ran spybot and it came up with 7 entries, and fixed them.
I was then able to run DDS and get a log without crashing. Log below:
DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
Run by Robert at 19:14:23.19 on Thu 02/03/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4091.3260 [GMT -6:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Robert\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
uPolicies-system: qskhomddbsacdctmfqofTaskMgr = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 85.17.162.237 l2authd.lineage2.com
Hosts: 85.17.162.237 l2patcher.lineage2.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\fra4kn9z.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYUS&ptb=yd.RMYRPxlLo_OWZ.gowpw&psa=&ind=2010041613&ptnrS=ZUxdm080YYUS&si=&st=kwd&n=77cecd0d&searchfor=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: XULRunner: {019E72A5-C434-4AAE-8E36-281B3288E1BF} - C:\Users\Robert\AppData\Local\{019E72A5-C434-4AAE-8E36-281B3288E1BF}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-11-14 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-11-14 35536]
S1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-11-14 317520]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-6 202752]
S2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-9-10 212232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-4-6 6659072]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-6 195584]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-6-27 12744]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-25 155752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 89920]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2010-9-30 23680]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-02-03 21:20:20 -------- d-----w- C:\Users\Robert\AppData\Roaming\Softplicity
2011-02-03 21:17:15 -------- d-----w- C:\Program Files (x86)\A-PDF Merger
2011-02-03 20:57:54 -------- d-----w- C:\Users\Robert\AppData\Roaming\PrimoPDF
2011-02-03 20:57:26 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-02-02 00:02:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-02 00:01:15 -------- d-----w- C:\Users\Robert\AppData\Local\Microsoft Help
2011-02-01 16:27:54 -------- d-----w- C:\Program Files (x86)\TrueGames
2011-01-26 18:48:16 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-01-25 19:20:02 -------- d-----w- C:\Users\Robert\AppData\Roaming\Yammer
2011-01-25 19:19:55 -------- d-----w- C:\Program Files (x86)\Yammer
2011-01-24 17:11:52 -------- d-----w- C:\Program Files (x86)\Guild Wars
2011-01-22 17:51:01 -------- d-----w- C:\Users\Robert\AppData\Roaming\RIFT
2011-01-22 17:50:55 -------- d-----w- C:\Program Files (x86)\RIFT
2011-01-13 16:09:19 -------- d-----w- C:\Users\Robert\AppData\Local\CRASH_DUMPS
2011-01-13 16:08:42 -------- d-----w- C:\Users\Robert\AppData\Local\SimuBugCatcher
2011-01-12 20:51:34 -------- d-----w- C:\Users\Robert\AppData\Local\player_client.exe
2011-01-12 06:29:31 -------- d-----w- C:\550a2a91129b02a23cb8cbd8ca92
2011-01-12 04:20:20 466944 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 04:20:19 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 04:20:19 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:20:19 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 04:20:19 253952 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:20:18 69632 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-01-12 04:20:18 57344 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-01-12 04:20:18 286720 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 04:20:18 278528 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 04:20:18 241664 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:20:18 208896 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 04:20:18 180224 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 04:18:46 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2011-01-11 22:49:04 -------- d-----w- C:\Users\Robert\AppData\Local\HeroEngine
2011-01-08 02:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-08 02:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-08 02:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-08 02:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-08 02:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-01-06 04:23:21 0 ----a-w- C:\Users\Robert\AppData\Local\Bcoqilitaci.bin
2011-01-06 04:23:19 -------- d-----w- C:\Users\Robert\AppData\Local\{019E72A5-C434-4AAE-8E36-281B3288E1BF}
2011-01-05 21:12:19 -------- d-----w- C:\Program Files (x86)\Black Isle
2011-01-05 21:11:59 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-01-05 05:56:26 -------- d-----w- C:\Program Files (x86)\Shadowbane - Throne of Oblivion
==================== Find3M ====================
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2010-11-12 00:44:54 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-11-08 22:57:04 353592 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
============= FINISH: 19:15:22.63 ===============