Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: page_fault_in_nonpaged_area  (Read 13783 times)

0 Members and 1 Guest are viewing this topic.

trolo8

    Topic Starter


    Beginner

    Re: page_fault_in_nonpaged_area
    « Reply #15 on: September 28, 2008, 07:01:18 PM »
    Malwarebytes' Anti-Malware 1.28
    Database version: 1221
    Windows 5.1.2600 Service Pack 2

    9/28/2008 10:13:54 PM
    mbam-log-2008-09-28 (22-13-54).txt

    Scan type: Quick Scan
    Objects scanned: 47798
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcnvkj0ejdg (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\paso.el (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\gmrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\iulxfm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\nhfjlb.exe (Trojan.Peed) -> Quarantined and deleted successfully.
    C:\pxmdwdmq.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\PQRHIA26\isbcmzjj[1].htm (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\PQRHIA26\pvwwxk[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\RTPVR6EE\brnby[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\RTPVR6EE\nwgunnool[1].htm (Trojan.Peed) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\RTPVR6EE\vocmzaan[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\X69RF297\leoob[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twain_32\0002939B.uf (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMa3ea94db.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMa3ea94db.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    Logged

    trolo8

      Topic Starter


      Beginner

      Re: page_fault_in_nonpaged_area
      « Reply #16 on: September 28, 2008, 07:08:36 PM »
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:20:31 PM, on 9/28/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\WTablet\TabUserW.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\Tablet.exe
      D:\Program Files\firefox.exe
      C:\Documents and Settings\Oscar\Desktop\sniper.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/ie
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFFB94A-B86B-4769-887E-89459223601D}: NameServer = 4.2.2.1,4.2.2.2
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: pmnoPFyx - pmnoPFyx.dll (file missing)
      O20 - Winlogon Notify: wdgybwva - wdgybwva.dll (file missing)
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

      --
      End of file - 7655 bytes


      Last all 3 files there .. anything i might need to know ??
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: page_fault_in_nonpaged_area
      « Reply #17 on: September 28, 2008, 07:36:03 PM »
      Download ATF Cleaner by Atribune to your Desktop.

      Alternate download link

      Note: Vista users must use Run As Administrator
      • Under Main: Select Files to Delete choose: Select All.
      • Click the Empty Selected button.
      • If you use Firefox browser click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
        If you would like to keep your saved passwords click No at the prompt.
      • If you use Opera browser click Opera at the top and choose: Select All
      • Click the Empty Selected button.
        If you would like to keep your saved passwords click No at the prompt.
      • Click Exit on the Main menu to close the program.
      Note that your system will run slower for a reboot or two after having used this tool so don't panic.

      Important: Restart the computer before continuing.

      ----------

      Download FixWareout by LonnyRJonesfrom from one of the two below links and save it to your Desktop.
      • Run Fixwareout.
      • Click Next
      • then Install
      • Make sure Run fixit is checked
      • Click Finish.
      • The fix will begin; follow the prompts.
      • You will be asked to reboot your computer; please do so.
      • Your system may take longer than usual to load; this is normal.
      When you run Fixwareout, just follow the prompts, you will need to restart when prompted.

      After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.
      • Go into Control Panel > Network Connections.
      • Right click on your connection
      • and click Properties.
      • On the Properties page, highlight Internet Protocol(TCP/IP)
      • Click Properties. This will bring up another page.
      • Select Obtain DNS Server Automatically.
      • Click the OK button. The page will close.
      • Press OK on the page in front of you.
      • Restart the computer.
      • Reconnect to the Internet using Internet Explorer.
      • Add the log from Fixwareout in your next reply.
      • It will be located at c:\fixwareout\report.txt
      Go to Start > Run and type in cmd
      Click OK.
      This will open a command prompt.
      Type or copy and paste the following line in the command window:

      ipconfig /flushdns

      Hit Enter.
      Exit the command window.

      Restart your computer.

      Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
      Logged

      trolo8

        Topic Starter


        Beginner

        Re: page_fault_in_nonpaged_area
        « Reply #18 on: October 01, 2008, 03:13:27 PM »
        Username "Oscar" - 10/01/2008 18:20:47 [Fixwareout edited 9/01/2007]

        ~~~~~ Prerun check

        Could not flush the DNS Resolver Cache: Function failed during execution.


        System was rebooted successfully.
         
        ~~~~~ Postrun check
        HKLM\SOFTWARE\~\Winlogon\ "System"=""
        ....
        ....
        ~~~~~ Misc files.
        ....
        ~~~~~ Checking for older varients.
        ....

        ~~~~~ Current runs (hklm hkcu "run" Keys Only)
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Smart Antivirus-2009.exe"="C:\\Program Files\\Smart Antivirus 2009\\Smart Antivirus-2009.exe"
        ....
        Hosts file was reset, If you use a custom hosts file please replace it...
        ~~~~~ End report ~~~~~
        Logged

        trolo8

          Topic Starter


          Beginner

          Re: page_fault_in_nonpaged_area
          « Reply #19 on: October 01, 2008, 03:14:52 PM »
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 6:27:32 PM, on 10/1/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16705)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\PnkBstrB.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\WINDOWS\system32\WTablet\TabUserW.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\system32\Tablet.exe
          D:\Program Files\firefox.exe
          C:\Documents and Settings\Oscar\Desktop\sniper.exe.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/ie
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          O2 - BHO: (no name) - {1883990C-EB31-499A-81A9-AA821349A344} - C:\WINDOWS\system32\vtUnonmm.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
          O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
          O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKCU\..\Run: [Smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
          O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFFB94A-B86B-4769-887E-89459223601D}: NameServer = 4.2.2.1,4.2.2.2
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O20 - Winlogon Notify: pmnoPFyx - pmnoPFyx.dll (file missing)
          O20 - Winlogon Notify: wdgybwva - wdgybwva.dll (file missing)
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

          --
          End of file - 8294 bytes
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: page_fault_in_nonpaged_area
          « Reply #20 on: October 01, 2008, 03:34:38 PM »
          Open HijackThis and select Do a system scan only.

          Place a check mark next to the following entries: (if there)

          - O2 - BHO: (no name) - {1883990C-EB31-499A-81A9-AA821349A344} - C:\WINDOWS\system32\vtUnonmm.dll
          - O4 - HKCU\..\Run: [Smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
          - O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
          - O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
          - O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          - O20 - Winlogon Notify: pmnoPFyx - pmnoPFyx.dll (file missing)
          - O20 - Winlogon Notify: wdgybwva - wdgybwva.dll (file missing)

          Important: Close all windows except for HijackThis and then click Fix checked.

          Exit HijackThis.

          ----------

          Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

          Link #1
          Link #2

          **Note:  It is important that it is saved directly to your Desktop

          Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

          Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
           
          Double click combofix.exe & follow the prompts.
          When finished ComboFix will produce a log for you.
          Post the ComboFix log in your next reply.

          Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

          Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
          Logged

          trolo8

            Topic Starter


            Beginner

            Re: page_fault_in_nonpaged_area
            « Reply #21 on: October 01, 2008, 04:32:28 PM »
            ComboFix 08-09-30.03 - Oscar 2008-10-01 19:32:38.1 - NTFSx86
            Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.629 [GMT 1:00]
            Running from: C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
             * Created a new restore point

            WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
            .

            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\aoortcfq.ini
            C:\WINDOWS\system32\byXQJDsP.dll
            C:\WINDOWS\system32\cgcwlvki.ini
            C:\WINDOWS\system32\gcccpvsh.ini
            C:\WINDOWS\system32\hmrimfnp.ini
            C:\WINDOWS\system32\hqlqrkla.ini
            C:\WINDOWS\system32\iaoxhlpn.ini
            C:\WINDOWS\system32\ibysuwld.ini
            C:\WINDOWS\system32\iPpYbccf.ini
            C:\WINDOWS\system32\jmsvgyxq.ini
            C:\WINDOWS\system32\jngubkns.ini
            C:\WINDOWS\system32\jnhlqjkp.ini
            C:\WINDOWS\system32\kifsgtcl.ini
            C:\WINDOWS\system32\mmnonUtv.ini
            C:\WINDOWS\system32\mmnonUtv.ini2
            C:\WINDOWS\system32\mVutCJjl.ini
            C:\WINDOWS\system32\nybcdcga.dll
            C:\WINDOWS\system32\oiosevxj.ini
            C:\WINDOWS\system32\opkqqxld.ini
            C:\WINDOWS\system32\pwrxwvhf.dll
            C:\WINDOWS\system32\rqcffhfh.ini
            C:\WINDOWS\system32\rtqbmpvo.ini
            C:\WINDOWS\system32\rvrsvxeo.ini
            C:\WINDOWS\system32\tqgdeovj.ini
            C:\WINDOWS\system32\uoxhavxq.ini
            C:\WINDOWS\system32\uuhikpet.ini
            C:\WINDOWS\system32\vtUnonmm.dll
            C:\WINDOWS\system32\vyufyecb.ini
            C:\WINDOWS\system32\xgxjyaer.ini
            C:\WINDOWS\system32\ymfsgfds.ini
            C:\WINDOWS\system32\yywljdwk.ini
            D:\WinRAR.exe

            .
            (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\Legacy_MCHINJDRV
            -------\Legacy_RESTORE


            (((((((((((((((((((((((((   Files Created from 2008-09-01 to 2008-10-01  )))))))))))))))))))))))))))))))
            .

            2008-10-01 18:20 . 2008-10-01 18:23   <DIR>   d--------   C:\fixwareout
            2008-09-30 23:06 . 2008-09-30 23:06   937,655   --ahs----   C:\WINDOWS\system32\cgcwlvki.tmp
            2008-09-30 22:35 . 2008-09-30 22:35   79,488   --a------   C:\WINDOWS\system32\sdfgsfmy.dll
            2008-09-30 22:31 . 2008-09-30 22:31   79,488   --a------   C:\WINDOWS\system32\lctgsfik.dll
            2008-09-30 10:40 . 2008-09-30 10:40   <DIR>   d--------   C:\Program Files\Common Files\SWF Studio
            2008-09-30 10:40 . 2008-09-30 19:23   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\U3
            2008-09-29 22:20 . 2008-09-29 22:20   <DIR>   d--------   C:\Program Files\Windows Installer Clean Up
            2008-09-29 22:20 . 2008-09-29 22:20   <DIR>   d--------   C:\Program Files\MSECACHE
            2008-09-29 17:47 . 2008-09-29 17:55   <DIR>   d--------   C:\Documents and Settings\Oscar\.scorched3d
            2008-09-29 17:26 . 2008-09-29 17:26   20   --a------   C:\WINDOWS\mafosav.INI
            2008-09-28 21:57 . 2008-09-28 21:58   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
            2008-09-28 21:57 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
            2008-09-28 21:57 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
            2008-09-28 20:45 . 2008-09-28 20:45   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
            2008-09-28 20:44 . 2008-09-28 20:44   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
            2008-09-28 20:34 . 2008-09-28 20:49   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
            2008-09-28 20:33 . 2008-06-23 17:57   6,066,176   --a------   C:\WINDOWS\system32\DllCache\ieframe.dll
            2008-09-28 20:33 . 2007-04-17 10:32   2,455,488   --a------   C:\WINDOWS\system32\DllCache\ieapfltr.dat
            2008-09-28 20:33 . 2007-03-08 06:10   991,232   --a------   C:\WINDOWS\system32\DllCache\ieframe.dll.mui
            2008-09-28 20:33 . 2008-06-23 17:57   459,264   --a------   C:\WINDOWS\system32\DllCache\msfeeds.dll
            2008-09-28 20:33 . 2008-06-23 17:57   383,488   --a------   C:\WINDOWS\system32\DllCache\ieapfltr.dll
            2008-09-28 20:33 . 2008-05-01 15:30   331,776   --a------   C:\WINDOWS\system32\DllCache\msadce.dll
            2008-09-28 20:33 . 2008-06-23 17:57   267,776   --a------   C:\WINDOWS\system32\DllCache\iertutil.dll
            2008-09-28 20:33 . 2008-06-23 17:57   63,488   --a------   C:\WINDOWS\system32\DllCache\icardie.dll
            2008-09-28 20:33 . 2008-06-23 17:57   52,224   --a------   C:\WINDOWS\system32\DllCache\msfeedsbs.dll
            2008-09-28 20:33 . 2008-06-23 10:20   13,824   --a------   C:\WINDOWS\system32\DllCache\ieudinit.exe
            2008-09-28 20:22 . 2008-09-28 20:22   <DIR>   d--------   C:\WINDOWS\ERUNT
            2008-09-28 20:17 . 2008-10-01 18:09   <DIR>   d--------   C:\SDFix
            2008-09-28 20:06 . 2008-09-28 20:06   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
            2008-09-28 13:36 . 2008-09-28 13:36   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\TuneUp Software
            2008-09-28 13:03 . 2008-09-28 20:16   1,536   --a------   C:\WINDOWS\system32\6
            2008-09-28 03:44 . 2008-09-28 03:44   <DIR>   d--------   C:\Program Files\Bonjour
            2008-09-28 02:42 . 2008-09-28 02:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\FLEXnet
            2008-09-28 02:34 . 2008-09-28 02:34   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
            2008-09-28 01:03 . 2008-09-28 01:03   3,420,480   -r-hs----   C:\WINDOWS\tsvss.exe
            2008-09-28 00:16 . 2008-09-28 00:16   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\Ambient Design
            2008-09-10 21:35 . 2008-09-10 22:34   <DIR>   d--------   C:\Program Files\Common Files\DVDVideoSoft
            2008-09-09 21:01 . 2008-09-09 21:01   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
            2008-09-09 20:57 . 2008-09-20 23:21   1,796   --a------   C:\WINDOWS\system32\ealregsnapshot1.reg

            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-10-01 18:36   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\WTablet
            2008-10-01 17:23   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
            2008-09-30 22:22   ---------   d-----w   C:\Program Files\Common Files\Adobe
            2008-09-28 19:45   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\SUPERAntiSpyware.com
            2008-09-20 22:22   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
            2008-09-09 20:28   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\SecondLife
            2008-09-09 19:56   ---------   d-----w   C:\Program Files\Common Files\InstallShield
            2008-08-30 18:56   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
            2008-08-19 20:56   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\WTablet
            .

            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-10-01 15360]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

            C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
            Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
            "ForceClassicControlPanel"= 1 (0x1)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
            "NoResolveTrack"= 1 (0x1)
            "NoResolveSearch"= 1 (0x1)
            "NoSMConfigurePrograms"= 1 (0x1)
            "NoInstrumentation"= 1 (0x1)
            "NoSMBalloonTip"= 1 (0x1)

            [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
            "NoResolveTrack"= 1 (0x1)
            "NoResolveSearch"= 1 (0x1)
            "NoSMConfigurePrograms"= 1 (0x1)
            "NoInstrumentation"= 1 (0x1)
            "NoSMBalloonTip"= 1 (0x1)

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
            "vidc.I420"= i420vfw.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7qexx.sys]
            @="Driver"

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
            path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
            backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
            path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
            backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
            C:\WINDOWS\system32\dumprep 0 -k [X]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            --a------ 2008-01-11 22:16 39792 D:\Program Files\Reader 8.0\Reader\reader_sl.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
            --a------ 2008-02-20 15:33 963072 D:\Program Files\Ares\Ares.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
            --a------ 2007-01-10 08:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
            --a------ 2006-10-01 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
            --a------ 2004-09-13 15:49 49152 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
            --a--c--- 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN]
            -r-hs---- 2008-09-28 01:03 3420480 C:\WINDOWS\tsvss.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
            --a--c--- 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
            --a--c--- 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
            --a--c--- 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
            --a------ 2008-02-22 22:42 3537968 D:\Program Files\VeohClient.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
            --a--c--- 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
            --a--c--- 2006-05-04 15:26 2808832 C:\WINDOWS\ALCWZRD.EXE

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
            --a--c--- 2006-10-01 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
            --a--c--- 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
            --a--c--- 2006-07-21 15:14 86016 C:\WINDOWS\SOUNDMAN.EXE

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
            "DisableMonitoring"=dword:00000001

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "C:\\Program Files\\iTunes\\iTunes.exe"=
            "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
            "D:\Program Files\Combat Arms\Combat Arms\CombatArms.exe"= D:\Program Files\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
            "D:\Program Files\Combat Arms\Combat Arms\Engine.exe"= D:\Program Files\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe
            "D:\\Program Files\\Combat Arms\\Combat Arms\\NMService.exe"=

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
            "8392:TCP"= 8392:TCP:BitComet 8392 TCP
            "8392:UDP"= 8392:UDP:BitComet 8392 UDP

            R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
            R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 6272]
            S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys [ ]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
            \Shell\AutoRun\command - F:\SetupWizard.exe

            *Newly Created Service* - COMHOST
            .
            Contents of the 'Scheduled Tasks' folder
            .
            - - - - ORPHANS REMOVED - - - -

            BHO-{1883990C-EB31-499A-81A9-AA821349A344} - C:\WINDOWS\system32\vtUnonmm.dll
            MSConfigStartUp-a0d9a747 - C:\WINDOWS\system32\ikvlwcgc.dll
            MSConfigStartUp-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
            MSConfigStartUp-BMa3ea94db - C:\WINDOWS\system32\lwiegwvd.dll
            MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            MSConfigStartUp-Jnskdfmf9eldfd - C:\DOCUME~1\Oscar\LOCALS~1\Temp\csrssc.exe
            MSConfigStartUp-ksjf93orkekfniw73nfdd - C:\DOCUME~1\Oscar\LOCALS~1\Temp\winlogen.exe
            MSConfigStartUp-lphcjvkj0ejdg - C:\WINDOWS\system32\lphcjvkj0ejdg.exe
            MSConfigStartUp-rs32net - C:\WINDOWS\System32\rs32net.exe
            MSConfigStartUp-SUPERAntiSpyware - D:\Program Files\Ares Songs\SUPERAntiSpyware.exe


            .
            ------- Supplementary Scan -------
            .
            FireFox -: Profile - C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\tbd6nkx8.default\
            FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.att.net/
            FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
            FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
            FF -: plugin - D:\Program Files\Plugins\noreg\NPVeohVersion.dll
            FF -: plugin - D:\Program Files\plugins\npBitCometAgent.dll
            FF -: plugin - D:\Program Files\plugins\npGoogleGadgetPluginFirefoxWin.dll
            FF -: plugin - D:\Program Files\plugins\npnul32.dll
            FF -: plugin - D:\Program Files\Reader 8.0\Reader\browser\nppdf32.dll
            .

            **************************************************************************

            catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-10-01 19:38:17
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ...

            scanning hidden autostart entries ...

            scanning hidden files ...

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\PnkBstrB.exe
            C:\WINDOWS\system32\Tablet.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\WINDOWS\system32\WTablet\TabUserW.exe
            C:\WINDOWS\system32\Tablet.exe
            .
            **************************************************************************
            .
            Completion time: 2008-10-01 19:42:55 - machine was rebooted
            ComboFix-quarantined-files.txt  2008-10-01 18:42:39

            Pre-Run: 652,840,960 bytes free
            Post-Run: 571,482,112 bytes free

            256   --- E O F ---   2008-09-28 22:53:00


            anything ? that might help u
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: page_fault_in_nonpaged_area
            « Reply #22 on: October 01, 2008, 04:51:25 PM »
            Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

            Delete these files/folders, as follows:

            1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
            It must be Notepad, not Wordpad.
            2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

            Code: [Select]
            KillAll::

            Driver::
            MCHINJDRV
            RESTORE

            File::
            C:\WINDOWS\system32\cgcwlvki.tmp
            C:\WINDOWS\system32\sdfgsfmy.dll
            C:\WINDOWS\system32\lctgsfik.dll
            C:\WINDOWS\tsvss.exe

            Registry::
            [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN]

            [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

            3. Go to the Notepad window and click Edit > Paste
            4. Then click File > Save
            5. Name the file CFScript.txt - Save the file to your Desktop
            6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



            ComboFix will begin to execute, just follow the prompts.
            After reboot (in case it asks to reboot), it will produce a log for you.
            Post that log (Combofix.txt) in your next reply.

            Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
            Logged

            trolo8

              Topic Starter


              Beginner

              Re: page_fault_in_nonpaged_area
              « Reply #23 on: October 01, 2008, 07:32:57 PM »
              Here u go

              ComboFix 08-10-01.02 - Oscar 2008-10-01 22:36:12.2 - NTFSx86
              Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.727 [GMT 1:00]
              Running from: C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Oscar\Desktop\CFScript.txt
               * Created a new restore point

              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

              FILE ::
              C:\WINDOWS\system32\cgcwlvki.tmp
              C:\WINDOWS\system32\lctgsfik.dll
              C:\WINDOWS\system32\sdfgsfmy.dll
              C:\WINDOWS\tsvss.exe
              .

              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\cgcwlvki.tmp
              C:\WINDOWS\system32\lctgsfik.dll
              C:\WINDOWS\system32\sdfgsfmy.dll
              C:\WINDOWS\tsvss.exe

              .
              (((((((((((((((((((((((((   Files Created from 2008-09-01 to 2008-10-01  )))))))))))))))))))))))))))))))
              .

              2008-10-01 18:20 . 2008-10-01 18:23   <DIR>   d--------   C:\fixwareout
              2008-09-30 10:40 . 2008-09-30 10:40   <DIR>   d--------   C:\Program Files\Common Files\SWF Studio
              2008-09-30 10:40 . 2008-09-30 19:23   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\U3
              2008-09-29 22:20 . 2008-09-29 22:20   <DIR>   d--------   C:\Program Files\Windows Installer Clean Up
              2008-09-29 22:20 . 2008-09-29 22:20   <DIR>   d--------   C:\Program Files\MSECACHE
              2008-09-29 17:47 . 2008-09-29 17:55   <DIR>   d--------   C:\Documents and Settings\Oscar\.scorched3d
              2008-09-29 17:26 . 2008-09-29 17:26   20   --a------   C:\WINDOWS\mafosav.INI
              2008-09-28 21:57 . 2008-09-28 21:58   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
              2008-09-28 21:57 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
              2008-09-28 21:57 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
              2008-09-28 20:45 . 2008-09-28 20:45   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
              2008-09-28 20:44 . 2008-09-28 20:44   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
              2008-09-28 20:34 . 2008-09-28 20:49   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
              2008-09-28 20:33 . 2008-06-23 17:57   6,066,176   --a------   C:\WINDOWS\system32\DllCache\ieframe.dll
              2008-09-28 20:33 . 2007-04-17 10:32   2,455,488   --a------   C:\WINDOWS\system32\DllCache\ieapfltr.dat
              2008-09-28 20:33 . 2007-03-08 06:10   991,232   --a------   C:\WINDOWS\system32\DllCache\ieframe.dll.mui
              2008-09-28 20:33 . 2008-06-23 17:57   459,264   --a------   C:\WINDOWS\system32\DllCache\msfeeds.dll
              2008-09-28 20:33 . 2008-06-23 17:57   383,488   --a------   C:\WINDOWS\system32\DllCache\ieapfltr.dll
              2008-09-28 20:33 . 2008-05-01 15:30   331,776   --a------   C:\WINDOWS\system32\DllCache\msadce.dll
              2008-09-28 20:33 . 2008-06-23 17:57   267,776   --a------   C:\WINDOWS\system32\DllCache\iertutil.dll
              2008-09-28 20:33 . 2008-06-23 17:57   63,488   --a------   C:\WINDOWS\system32\DllCache\icardie.dll
              2008-09-28 20:33 . 2008-06-23 17:57   52,224   --a------   C:\WINDOWS\system32\DllCache\msfeedsbs.dll
              2008-09-28 20:33 . 2008-06-23 10:20   13,824   --a------   C:\WINDOWS\system32\DllCache\ieudinit.exe
              2008-09-28 20:22 . 2008-09-28 20:22   <DIR>   d--------   C:\WINDOWS\ERUNT
              2008-09-28 20:17 . 2008-10-01 18:09   <DIR>   d--------   C:\SDFix
              2008-09-28 20:06 . 2008-09-28 20:06   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
              2008-09-28 13:36 . 2008-09-28 13:36   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\TuneUp Software
              2008-09-28 13:03 . 2008-09-28 20:16   1,536   --a------   C:\WINDOWS\system32\6
              2008-09-28 03:44 . 2008-09-28 03:44   <DIR>   d--------   C:\Program Files\Bonjour
              2008-09-28 02:42 . 2008-09-28 02:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\FLEXnet
              2008-09-28 02:34 . 2008-09-28 02:34   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
              2008-09-28 00:16 . 2008-09-28 00:16   <DIR>   d--------   C:\Documents and Settings\Oscar\Application Data\Ambient Design
              2008-09-10 21:35 . 2008-09-10 22:34   <DIR>   d--------   C:\Program Files\Common Files\DVDVideoSoft
              2008-09-09 21:01 . 2008-09-09 21:01   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
              2008-09-09 20:57 . 2008-09-20 23:21   1,796   --a------   C:\WINDOWS\system32\ealregsnapshot1.reg

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-10-01 20:59   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
              2008-10-01 20:58   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\WTablet
              2008-09-30 22:22   ---------   d-----w   C:\Program Files\Common Files\Adobe
              2008-09-28 19:45   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\SUPERAntiSpyware.com
              2008-09-20 22:22   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
              2008-09-09 20:28   ---------   d-----w   C:\Documents and Settings\Oscar\Application Data\SecondLife
              2008-09-09 19:56   ---------   d-----w   C:\Program Files\Common Files\InstallShield
              2008-08-30 18:56   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
              2008-08-19 20:56   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\WTablet
              .

              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-10-01 15360]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

              C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
              Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "ForceClassicControlPanel"= 1 (0x1)

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
              "NoResolveTrack"= 1 (0x1)
              "NoResolveSearch"= 1 (0x1)
              "NoSMConfigurePrograms"= 1 (0x1)
              "NoInstrumentation"= 1 (0x1)
              "NoSMBalloonTip"= 1 (0x1)

              [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
              "NoResolveTrack"= 1 (0x1)
              "NoResolveSearch"= 1 (0x1)
              "NoSMConfigurePrograms"= 1 (0x1)
              "NoInstrumentation"= 1 (0x1)
              "NoSMBalloonTip"= 1 (0x1)

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
              "vidc.I420"= i420vfw.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7qexx.sys]
              @="Driver"

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
              path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
              backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
              path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
              backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
              C:\WINDOWS\system32\dumprep 0 -k [X]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
              --a------ 2008-01-11 22:16 39792 D:\Program Files\Reader 8.0\Reader\reader_sl.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
              --a------ 2008-02-20 15:33 963072 D:\Program Files\Ares\Ares.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
              --a------ 2007-01-10 08:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
              --a------ 2006-10-01 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
              --a------ 2004-09-13 15:49 49152 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
              --a--c--- 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
              --a--c--- 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
              --a--c--- 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
              --a--c--- 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
              --a------ 2008-02-22 22:42 3537968 D:\Program Files\VeohClient.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
              --a--c--- 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
              --a--c--- 2006-05-04 15:26 2808832 C:\WINDOWS\ALCWZRD.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
              --a--c--- 2006-10-01 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
              --a--c--- 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
              --a--c--- 2006-07-21 15:14 86016 C:\WINDOWS\SOUNDMAN.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "C:\\Program Files\\iTunes\\iTunes.exe"=
              "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
              "D:\Program Files\Combat Arms\Combat Arms\CombatArms.exe"= D:\Program Files\Combat Arms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
              "D:\Program Files\Combat Arms\Combat Arms\Engine.exe"= D:\Program Files\Combat Arms\Combat Arms\Engine.exe:*Enabled:Engine.exe
              "D:\\Program Files\\Combat Arms\\Combat Arms\\NMService.exe"=
              "D:\\Program Files\\SecondLife\\SLVoice.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "8392:TCP"= 8392:TCP:BitComet 8392 TCP
              "8392:UDP"= 8392:UDP:BitComet 8392 UDP

              R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
              R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 6272]
              S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Oscar\LOCALS~1\Temp\iMSPCLOj.sys [ ]

              *Newly Created Service* - COMHOST
              .
              Contents of the 'Scheduled Tasks' folder
              .

              **************************************************************************

              catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-10-01 22:39:14
              Windows 5.1.2600 Service Pack 2 NTFS

              scanning hidden processes ...

              scanning hidden autostart entries ...

              scanning hidden files ...

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\system32\PnkBstrB.exe
              C:\WINDOWS\system32\Tablet.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\WINDOWS\system32\WTablet\TabUserW.exe
              C:\WINDOWS\system32\Tablet.exe
              .
              **************************************************************************
              .
              Completion time: 2008-10-01 22:43:50 - machine was rebooted
              ComboFix-quarantined-files.txt  2008-10-01 21:43:26
              ComboFix2.txt  2008-10-01 18:42:56

              Pre-Run: 510,582,784 bytes free
              Post-Run: 496,635,904 bytes free

              200   --- E O F ---   2008-09-28 22:53:00
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: page_fault_in_nonpaged_area
              « Reply #24 on: October 01, 2008, 08:52:17 PM »
              Download ATF Cleaner by Atribune to your Desktop.

              Alternate download link

              Note: Vista users must use Run As Administrator
              • Under Main: Select Files to Delete choose: Select All.
              • Click the Empty Selected button.
              • If you use Firefox browser click Firefox at the top and choose: Select All
              • Click the Empty Selected button.
                If you would like to keep your saved passwords click No at the prompt.
              • If you use Opera browser click Opera at the top and choose: Select All
              • Click the Empty Selected button.
                If you would like to keep your saved passwords click No at the prompt.
              • Click Exit on the Main menu to close the program.
              .
              Note that your system will run slower for a reboot or two after having used this tool so don't panic.

              ----------

              Download OTCleanIt.exe and save it to your Desktop.
              • Double-click OTCleanIt.exe.
              • Click the CleanUp! button.
              • Select Yes when the "Begin cleanup Process?" prompt appears.
              • If you are prompted to Reboot during the cleanup, select Yes.
              • The tool will delete itself once it finishes, if not delete it yourself.
              .
              Important: Restart the computer before continuing.

              ----------

              Run this online scan.

              This scanner requires Internet Explorer

              Use the ESET Nod32 Online Scanner

              1. Check the box next to YES, I accept the Terms of Use.
              2. Click Start
              3. When asked, allow the activex control to install
              4. Click Start
              5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
              6. Click Scan
              7. Wait for the scan to finish
              8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
              9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
              Logged

              trolo8

                Topic Starter


                Beginner

                Re: page_fault_in_nonpaged_area
                « Reply #25 on: October 02, 2008, 12:59:55 PM »
                # version=4
                # OnlineScanner.ocx=1.0.0.635
                # OnlineScannerDLLA.dll=1, 0, 0, 79
                # OnlineScannerDLLW.dll=1, 0, 0, 78
                # OnlineScannerUninstaller.exe=1, 0, 0, 49
                # vers_standard_module=3490 (20081002)
                # vers_arch_module=1.064 (20080214)
                # vers_adv_heur_module=1.066 (20070917)
                # EOSSerial=4bbfda93d792a544996e6bd665ebde14
                # end=stopped
                # remove_checked=true
                # unwanted_checked=true
                # utc_time=2008-10-02 03:10:41
                # local_time=2008-10-02 04:10:41 (+0000, GMT Standard Time)
                # country="United States"
                # osver=5.1.2600 NT Service Pack 2
                # scanned=340458
                # found=1
                # scan_time=2501
                C:\Documents and Settings\Oscar\Desktop\backups\backup-20081001-193110-926.dll   a variant of Win32/Adware.Virtumonde application (unable to clean - deleted)   00000000000000000000000000000000

                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: page_fault_in_nonpaged_area
                « Reply #26 on: October 02, 2008, 01:22:52 PM »
                How is everything now?

                Disable the System Restore Utility to prevent re-infection from an old one

                1) Right click the My Computer icon on the Desktop and click on Properties.
                2) Click on the System Restore tab.
                3) Put a check mark next to Turn off System Restore on All Drives
                4) Click the OK button.
                5) You will be prompted to restart the computer. Click the Yes button.

                Now re-enable System Restore

                To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

                1) Right click the My Computer icon on the Desktop and click on Properties.
                2) Click on the System Restore tab.
                3) Remove the check mark next to Turn off System Restore on All Drives
                4) Click the OK button.

                ----------

                Use the Secunia Software Inspector to check for out of date software.
                • Click Start Now
                • Check the box next to Enable thorough system inspection.
                • Click Start
                • Allow the scan to finish and scroll down to see if any updates are needed.
                • Update anything listed.
                .
                ----------

                Go to Microsoft Windows Update and get all critical updates.
                Logged

                trolo8

                  Topic Starter


                  Beginner

                  Re: page_fault_in_nonpaged_area
                  « Reply #27 on: October 04, 2008, 03:07:45 PM »
                  yeah i got it ooks good but i have one more question idk why but sometimes when am on the pc the fans sound realy loud ? what could be the problem not enough ram ? or like bad cpu ? and thx again all that problem from before is all gone
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: page_fault_in_nonpaged_area
                  « Reply #28 on: October 04, 2008, 04:04:26 PM »
                  Not sure about that, you might want to start a new topic in the Windows forum.
                  Logged

                  trolo8

                    Topic Starter


                    Beginner

                    Re: page_fault_in_nonpaged_area
                    « Reply #29 on: October 06, 2008, 03:29:07 PM »
                    k
                    Logged
                    Pages: 1 [2]  All   Go Up
                    « previous next »