Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anti Virus agent pro/Spooldr.sys/Bsod

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Anti Virus agent pro/Spooldr.sys/Bsod

Unread postby outerdrake » July 22nd, 2009, 8:49 pm

Hello there.

Got this rogue anti virus without downloading a dam thing and now i'm at my last hope. Immediately started getting the pop up and the nasty sound effect from Anti Virus agent pro. Shortly, the bsod appeared and so i rebooted my pc.


First i thought i could easily solve this problem by running malware bytes and removing all effected files, but even after removing the malwares(i know now that i should not have scan and instead waited for instructions 1st) The BSOD kept appearing. Once in a while i get an error message and i send report to microsoft. Microsoft reads. "Problem was caused by Spooldr.sys . A known virus/malware file. I searched my pc for spooldr.sys and nothing appears. The BSOD appears at random sometimes or when i'm running a software like maya or wmp power dvd etc..

I also ran debugger tools for windows. loaded the memory dump, it says often "problem caused by ntkrnlpa.exe"

I then tried driver verifier and tested all the drivers at a time. Non activated the BSOD. Some times the BSOD appears when i'm using a drawing tablet, and the error message reads "not_enough_or_equal_to(something like that)

Most stop codes:0x00000050

Malwarebytes took care of antivirus agent

but i still get BSOD
And i cant get this pc to standby.(stays on windows is shutting down)


..HELP!! appreciated !!!-Drake
-------------------------------------------------------------------



StartupList report, 7/22/2009, 8:44:09 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
WTClient = WTClient.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AMTDeviceService = "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /H
AlcoholAutomount = "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
Google Update = "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
WormRadar.com IESiteBlocker.NavFilter - (no file) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
(no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003Core.job
GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003UA.job
Schedule Task Weekly.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/s ... wflash.cab

[get_atlcom Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gp.ocx
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,381 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
You do not have the required permissions to view the files attached to this post.
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm
Advertisement
Register to Remove

Re: Anti Virus agent pro/Spooldr.sys/Bsod

Unread postby NonSuch » July 23rd, 2009, 12:13 am

In order for us to help you it is necessary that you provide us with a HijackThis log, not a startup list. Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware