Malware problem maybe more?

Solved
By billyd
May 13, 2012
  1. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Re-run OTL with the same settings as in my reply #47.
  2. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    OTL logfile created on: 5/23/2012 2:39:06 PM - Run 2
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.76% Memory free
    6.20 Gb Paging File | 4.71 Gb Available in Paging File | 75.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.85 Gb Total Space | 60.72 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
    Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

    Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: TCPIP.SYS >
    [2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    [2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
    [2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
    [2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
    [2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
    [2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
    [2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
    [2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
    [2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
    [2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
    [2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
    [2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
    [2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
    [2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
    [2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
    [2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
    [2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
    [2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
    [2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    [2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
    [2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
    [2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
    [2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
    [2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
    [2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
    [2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
    [2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
    [2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    That didn't work.

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    CopyFile:
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys C:\Windows\System32\drivers\tcpip.sys
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
  4. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    BlitzBlank 1.0.0.32
    File/Registry Modification Engine native application
    CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys", destinationFile = "\??\c:\windows\system32\drivers\tcpip.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
    CopyFile: ZwCreateFile failed: status = c0000022
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Still didn't work...

    Please download ComboFix from Here or Here to your Desktop.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys | C:\Windows\System32\drivers\tcpip.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  6. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ComboFix 12-05-25.02 - William 05/25/2012 7:05.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1789 [GMT -4:00]
    Running from: c:\users\William\Desktop\ComboFix.exe
    Command switches used :: c:\users\William\Desktop\CFScript.txt.lnk
    AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\William\AppData\Roaming\vso_ts_preview.xml
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\odysseyIM4.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_sandboxu
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
    2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
    2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
    2012-05-22 19:31 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
    2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
    2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
    2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
    2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
    2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
    2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
    2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
    2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
    2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
    2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
    2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
    2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
    2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
    backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    se2Bunic
    ofcpfwsvc
    upsmonservice
    nmservice
    atkkeyboardservice
    SE2Bmdfl
    SE2Dbus
    omsad
    tmtdi
    wscsvc
    wm
    UNDPX2A
    sdcoreservice
    EIO_XP
    ErrDev
    qfcoresvc
    mcdetect.exe
    pelusblf
    DS1410D
    CTMFLT
    EMATCORE
    CVirtA
    mssqlserverolapservice
    pgpsdkservice
    PTDCVsp
    dsNcAdpt
    sisnic
    btnetfilter
    nimcdfxk
    MTC0001_ESB
    SprintRcAppSvc
    pcx1unic
    RDID1027
    pwkntmon
    axsaki
    mwagent
    oracle_load_balancer_60_server-forms6ip9
    rslinxng
    mysql
    teefer
    atixsaudio
    adminserver
    mvserver
    spmd
    bc_filter
    atiavaiw
    UimBus
    sisperf
    imapiservice
    s716mdm
    rt2500usb
    ppped
    tfsnboio
    dlartl_n
    vstor2-ws60
    iPassPeriodicUpdateService
    speakerphone
    ZDPNDIS5
    ISAMSvc
    plsremotesvc
    smartwiservice
    mcdbus
    se45mgmt
    ccflic0
    webdriveservice
    wlluc48b
    webrootenterpriseclientservice
    imagesrv
    flashcom
    ssm_bus
    olapserver
    wintab32
    a016mgmt
    MRV6X32P
    EACSvrMngr
    sglogplayer
    AcronisOSSReinstallSvc
    atdisk
    bantext
    nwlnkspx
    PBADRV
    oraclewebassistant
    sonytvc
    intelroam
    papyjoy
    tfsnudf
    U3sHlpDr
    npapimon
    comhost
    SetupSys
    pdlnatcm
    iPassP
    perc2
    statusagent
    ATWPKT2
    AdobeActiveFileMonitor6.0
    WD_FireWire_HID
    {a7447300-8075-4b0d-83f1-3d75c8ebc623}
    hclinetd
    i81x
    SWUMX51
    MQAC
    UsbserFilt
    dlbu_device
    szkg
    incdsrv
    acrotray
    rootmodem
    nwlnknb
    avgems
    datasvr
    NETw4v32
    cfgwzsvc
    tvtfilter
    USB_NDIS_51
    s125mdfl
    tng-dtmg
    vproeventmonitor
    wmconnectcds
    redbook
    DivisCTS
    NWSAP
    macformatservice
    sit_flt
    EL2000
    ssfs0509
    procexp90
    iksyssec
    starwindservice
    mnsframework
    bwcsrv
    aolservice
    crauto
    nvax
    mctskshd.exe
    ICAM5USB
    LC7981
    razerusb
    EagleNT
    elockservice
    xfilt
    ageremodemaudio
    MA8032U
    fshttps
    slabbus
    useraccess7
    ctljystk
    acermemusagecheckservice
    NVR0Dev
    rnadirectory
    netmdsb
    nm
    bc_pat_f
    MREMP50
    W700mdm
    oraclemtsrecoveryservice
    pduip6000dmemcrdmgr
    roxwatch
    svv
    SMCB000
    vncdrv
    tapeware
    Angel2
    qkbfiltr
    persfw
    cpucoolserver
    elnkservice
    btwusb
    STV680m
    msftpsvc
    mxnic
    ikhfile
    opcenum
    trioservice
    cebdaldr
    winpppoverethernet
    lpx
    TOSHIBASoftModem
    mssql$sqlexpress
    Hotkey
    NITaggerService
    dlcj_device
    slabser
    openldap-slapd
    diskeeper
    WinVd32
    rchost
    w800mdm
    NTIDrvr
    dlcc_device
    server
    SE26mgmt
    z800mgmt
    emitray
    aspi32
    S3GIGP
    tgsrvc_smartagent
    beatjamupnpmusicserver
    iaimfp1
    Slntamr
    defwatch
    sis315
    queuemgr
    penrendezvous
    lktimesync
    bthpan
    ATMsg
    ino_flpy
    cvslock
    dtsrvc
    noipducservice
    WaveFDE
    ntcharge
    se45nd5
    rfcomm
    tavsvc
    SABSVC
    screadspool
    GTSCSER
    mysqlinventime
    modemcsa
    timounter
    NETw3v32
    ma_cmidi_installerservice
    getPlusHelper
    nimxdfk
    tdimsys
    bdselfpr
    PD0620VID
    PGPdisk
    SimpTcp
    mfeavfk
    AVerTV
    SPFDRV
    btwhid
    pcradminserver
    audstub
    mlkkbdntdriver
    WBHWDOCT
    lvprcsrv
    uleadburninghelper
    mwstick
    vsdatant
    hibernation
    lmab_device
    rppkt
    mcsysmon
    UWProSys
    s217nd5
    CX88AUD
    pdlnshay
    monfilt
    lxcj_device
    ntpr_nic_service2
    a016mdm
    iAimTV5
    zpsc
    haspnt
    Jukebox
    VAIOMediaPlatform-MusicServer-HTTP
    FETNDIS
    scsk4
    outpostfirewall
    backupexecalertserver
    nmwcdc
    pavdrv
    slee_503_service
    HIDSwvd
    ssm_mdm
    LVRS
    sifilter
    viaagp1
    ood2000
    STV680
    CnxTrLan
    win32sl
    s116mdm
    cwcwdm
    Pctspk
    jaguar
    ROB_A
    Appn
    hwpsgt
    AVCSTRM
    spcsutilityservice
    nvstor32
    mfesmfk
    roxupnpserver
    avg7rsw
    SWNC5E00
    DNE
    ovsecurityserver
    p2k
    ADIDTSFiltService
    wuolservice
    ggsemc
    winpowerrmi
    GoToAssist
    DgiVecp
    cccredmgr
    srvdpi
    db2das00
    spbbcsvc
    vcommmgr
    SNP2STD
    NIPALK
    hpqddsvc
    harmony
    sshrmd
    GT890x
    winpower
    Slpsvdr
    oracle_load_balancer_60_client-forms6ip9
    APLMp50
    TMKEmu
    HPFECP20
    pcidump
    ftsata2
    UVCFTR
    nbservice
    license
    oracleorahomehttpserver
    DirectUpdate
    PGPsdkDriver
    retroexplauncher
    nfmservice
    tng-dts
    SE2Eobex
    wampmysqld
    s217mdm
    dlcf_device
    rimvserport
    TNaviSrv
    el90xbc
    RESMGR
    SDdriver
    pdlnsx25
    gameenum
    wdica
    AR5523
    picturetaker
    Evian
    btwavdt
    rnadiagnosticsservice
    cusrvc
    Via4in1
    freepops
    nimcrpcsu
    dmio
    TuneUp.Defrag
    iPassPeriodicUpdateApp
    prism_a02
    IFPUSB
    bt3cser
    transarcafsdaemon
    k750mdfl
    USB_RNDIS
    SRTSP
    ifxtcs
    VICESYS
    PTDCBus
    tcsd_win32.exe
    pml
    ScFBPNT3
    UxTuneUp
    vc5secs
    tbhsd
    stacsv
    licensemanagersocket
    avgarcln
    tosrfnds
    ql1280
    s3ssavage
    hmonitor
    wlluc48
    tmmbd
    cbidf
    zebrbus
    dvd_2K
    vsapint
    w200bus
    awhost32
    filechecker
    NsTrcNT
    hsf_dp
    trackcam4
    arcltsrv
    dladresm
    WUSB54GPV4SRV
    us30service
    vvoice
    inotask
    inorpc
    VNUSB
    lxrjd31d
    Ncrc710
    rca
    s125obex
    NxSysMon
    VX3000
    srescan
    {95808DC4-FA4A-4c74-92FE-5B863F82066B}
    isapisearch
    lockmgr
    nvcap
    ss_mdfl
    SRS_SSCFilter
    klif
    DCamUSBSQTECH
    se26unic
    mks_scan
    s7otranx
    SED133x
    ibmcicstransactiongateway
    s7oppitx
    LKbdFlt2
    3comtftp
    UMPass
    U81xobex
    U2SP
    co_mon
    atierecord
    qbfcservice
    tosrfsnd
    openvpnservice
    AmdLLD
    freebsd
    atkdisplf
    se58unic
    RMCAST
    mcnasvc
    cdr4_2k
    avg7updsvc
    cvsnt
    k750mdm
    s616unic
    artourservice
    symmpi
    iastor
    aclient
    BTSLBCSP
    askernel
    acprfmgrsvc
    https-admserv61
    splitter
    SaiU040B
    proxyhostservice
    USB_RNDIS_XP
    nmsaccess
    mfehidk
    snmptrapdservice
    digictrl
    emupia
    rimusb
    array_utility_service4,0,1,3
    gearaspiwdm
    eskerlicensecontrol
    lxbs_device
    nimdbgk
    CTMSHD
    ihcservice
    pavreport
    ATKFUSService
    iomdisk
    se59mdfl
    pnkbstrb
    lp6nds35
    syntp
    SWMX00
    se2Bnd5
    e1express
    w800mdfl
    entech
    T6963C
    hnmsvc
    VCAM
    purgeieservice
    XFX_program
    smcservice
    ldlcserv
    PQNTDrv
    iviaspi
    enxpsvc
    DniVad
    acedrv07
    Subsonic
    iwebmsg
    qmofiltr
    agrsrvce
    SunkFilt39
    TcUsb
    MA_CMIDI
    trcboot
    smsmdd
    iam
    a016mdfl
    db2ntsecserver
    ec2007service
    sqlagent$sony_mediamgr
    soma
    tvs
    ipsraidn
    kservice
    Bcim
    amon
    axinstsv
    btwrchid
    bdfsdrv
    SE2Dmdfl
    MTsensor
    maya70docserver
    ctdvda2k
    wg111nd5
    nchssvad
    SaiNtSub
    cpqarray
    gv3
    UpdateCenterService
    MobilePreInstallerService
    SQLWriter
    iap
    usb20l
    s716nd5
    FireTDI
    pdframe
    HSFHWICH
    yukonwxp
    lvpopflt
    vzcdbsvc
    NVTCP
    SE27mdm
    atalk
    SunkFilt
    NVENET
    ctmmfilt
    cicssfs.scmmc223
    ifxspmgtsrv
    se44nd5
    agentsrv
    ATMsrvc
    nsengine
    s117obex
    aswrdr
    z800obex
    mwspollserver
    lxbu_device
    rtl8139
    se44bus
    USB11LDR
    ramaint
    pfc
    athr
    se59nd5
    sentinel
    ser2pl
    websenselogserver
    ltck000c
    ZuneWlanCfgSvc
    k750mgmt
    Nsynas32
    uclauncherservice
    ossrv
    sprtsvc_smartagent
    autocomplete
    sbhooksvc
    USBCamera
    TestHandler
    adiloader
    elotouchscreen
    cwafrmiregistry
    W55U01
    tvicport
    aec
    ino_fltr
    CTEDSPFX.DLL
    U81xmdm
    HFACSVC
    imaservice
    tmactmon
    MpFilter
    bthusb
    symids
    ASMMAP
    atchksrv
    AKSIFDH
    GV600_4
    nvmpu401
    ASNDIS5
    omniusbl
    papycpu2
    cpuz132
    HECI
    tsdhd
    protexislicensing
    slapd-data52
    tandpl
    dxdebug
    scanwscs
    ntrtscan
    mod7700
    TVALG
    oracle_load_balancer_60_client-forms6ip14
    telnet
    mapserver6.3
    incdfs
    eamon
    GTPTSER
    atmeltpm
    vetmsgnt
    nvsmu
    RSAFAL
    alertmanager
    sysmonlog
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-25 07:17
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\NOD9D7D.tmp 847872 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\dlbacoms.exe
    c:\program files\ESET\ESET Smart Security\ekrn.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Secunia\PSI\PSIA.exe
    c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    c:\program files\Secunia\PSI\sua.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-25 07:25:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-25 11:25
    .
    Pre-Run: 62,952,001,536 bytes free
    Post-Run: 63,107,092,480 bytes free
    .
    - - End Of File - - 8575A95A9CAD471FC66C2E932665130E
  7. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    the latest BSOD

    ==================================================
    Dump File : Mini052512-01.dmp
    Crash Time : 5/25/2012 10:37:53 AM
    Bug Check String : NTFS_FILE_SYSTEM
    Bug Check Code : 0x00000024
    Parameter 1 : 0x001904aa
    Parameter 2 : 0xa852b950
    Parameter 3 : 0xa852b64c
    Parameter 4 : 0x8a423feb
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+16feb
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdabf
    Stack Address 1 : Ntfs.sys+19fff
    Stack Address 2 : Ntfs.sys+27637
    Stack Address 3 : Ntfs.sys+27a7e
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052512-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It doesn't look like you ran my script with Combofix.
    Please redo.
  9. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ComboFix 12-05-25.02 - William 05/25/2012 15:03:10.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1757 [GMT -4:00]
    Running from: c:\users\William\Desktop\ComboFix.exe
    Command switches used :: c:\users\William\Desktop\CFScript.txt
    AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\William\AppData\Local\temp
    2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-25 14:35 . 2012-05-25 14:35 -------- d-----w- C:\found.002
    2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
    2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
    2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
    2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
    2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
    2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
    2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
    2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
    2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
    2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
    2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
    2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
    2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
    2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
    2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
    2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-05-08 16:40 . 2012-05-22 19:31 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
    2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
    backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    se2Bunic
    ofcpfwsvc
    upsmonservice
    nmservice
    atkkeyboardservice
    SE2Bmdfl
    SE2Dbus
    omsad
    tmtdi
    wscsvc
    wm
    UNDPX2A
    sdcoreservice
    EIO_XP
    ErrDev
    qfcoresvc
    mcdetect.exe
    pelusblf
    DS1410D
    CTMFLT
    EMATCORE
    CVirtA
    mssqlserverolapservice
    pgpsdkservice
    PTDCVsp
    dsNcAdpt
    sisnic
    btnetfilter
    nimcdfxk
    MTC0001_ESB
    SprintRcAppSvc
    pcx1unic
    RDID1027
    pwkntmon
    axsaki
    mwagent
    oracle_load_balancer_60_server-forms6ip9
    rslinxng
    mysql
    teefer
    atixsaudio
    adminserver
    mvserver
    spmd
    bc_filter
    atiavaiw
    UimBus
    sisperf
    imapiservice
    s716mdm
    rt2500usb
    ppped
    tfsnboio
    dlartl_n
    vstor2-ws60
    iPassPeriodicUpdateService
    speakerphone
    ZDPNDIS5
    ISAMSvc
    plsremotesvc
    smartwiservice
    mcdbus
    se45mgmt
    ccflic0
    webdriveservice
    wlluc48b
    webrootenterpriseclientservice
    imagesrv
    flashcom
    ssm_bus
    olapserver
    wintab32
    a016mgmt
    MRV6X32P
    EACSvrMngr
    sglogplayer
    AcronisOSSReinstallSvc
    atdisk
    bantext
    nwlnkspx
    PBADRV
    oraclewebassistant
    sonytvc
    intelroam
    papyjoy
    tfsnudf
    U3sHlpDr
    npapimon
    comhost
    SetupSys
    pdlnatcm
    iPassP
    perc2
    statusagent
    ATWPKT2
    AdobeActiveFileMonitor6.0
    WD_FireWire_HID
    {a7447300-8075-4b0d-83f1-3d75c8ebc623}
    hclinetd
    i81x
    SWUMX51
    MQAC
    UsbserFilt
    dlbu_device
    szkg
    incdsrv
    acrotray
    rootmodem
    nwlnknb
    avgems
    datasvr
    NETw4v32
    cfgwzsvc
    tvtfilter
    USB_NDIS_51
    s125mdfl
    tng-dtmg
    vproeventmonitor
    wmconnectcds
    redbook
    DivisCTS
    NWSAP
    macformatservice
    sit_flt
    EL2000
    ssfs0509
    procexp90
    iksyssec
    starwindservice
    mnsframework
    bwcsrv
    aolservice
    crauto
    nvax
    mctskshd.exe
    ICAM5USB
    LC7981
    razerusb
    EagleNT
    elockservice
    xfilt
    ageremodemaudio
    MA8032U
    fshttps
    slabbus
    useraccess7
    ctljystk
    acermemusagecheckservice
    NVR0Dev
    rnadirectory
    netmdsb
    nm
    bc_pat_f
    MREMP50
    W700mdm
    oraclemtsrecoveryservice
    pduip6000dmemcrdmgr
    roxwatch
    svv
    SMCB000
    vncdrv
    tapeware
    Angel2
    qkbfiltr
    persfw
    cpucoolserver
    elnkservice
    btwusb
    STV680m
    msftpsvc
    mxnic
    ikhfile
    opcenum
    trioservice
    cebdaldr
    winpppoverethernet
    lpx
    TOSHIBASoftModem
    mssql$sqlexpress
    Hotkey
    NITaggerService
    dlcj_device
    slabser
    openldap-slapd
    diskeeper
    WinVd32
    rchost
    w800mdm
    NTIDrvr
    dlcc_device
    server
    SE26mgmt
    z800mgmt
    emitray
    aspi32
    S3GIGP
    tgsrvc_smartagent
    beatjamupnpmusicserver
    iaimfp1
    Slntamr
    defwatch
    sis315
    queuemgr
    penrendezvous
    lktimesync
    bthpan
    ATMsg
    ino_flpy
    cvslock
    dtsrvc
    noipducservice
    WaveFDE
    ntcharge
    se45nd5
    rfcomm
    tavsvc
    SABSVC
    screadspool
    GTSCSER
    mysqlinventime
    modemcsa
    timounter
    NETw3v32
    ma_cmidi_installerservice
    getPlusHelper
    nimxdfk
    tdimsys
    bdselfpr
    PD0620VID
    PGPdisk
    SimpTcp
    mfeavfk
    AVerTV
    SPFDRV
    btwhid
    pcradminserver
    audstub
    mlkkbdntdriver
    WBHWDOCT
    lvprcsrv
    uleadburninghelper
    mwstick
    vsdatant
    hibernation
    lmab_device
    rppkt
    mcsysmon
    UWProSys
    s217nd5
    CX88AUD
    pdlnshay
    monfilt
    lxcj_device
    ntpr_nic_service2
    a016mdm
    iAimTV5
    zpsc
    haspnt
    Jukebox
    VAIOMediaPlatform-MusicServer-HTTP
    FETNDIS
    scsk4
    outpostfirewall
    backupexecalertserver
    nmwcdc
    pavdrv
    slee_503_service
    HIDSwvd
    ssm_mdm
    LVRS
    sifilter
    viaagp1
    ood2000
    STV680
    CnxTrLan
    win32sl
    s116mdm
    cwcwdm
    Pctspk
    jaguar
    ROB_A
    Appn
    hwpsgt
    AVCSTRM
    spcsutilityservice
    nvstor32
    mfesmfk
    roxupnpserver
    avg7rsw
    SWNC5E00
    DNE
    ovsecurityserver
    p2k
    ADIDTSFiltService
    wuolservice
    ggsemc
    winpowerrmi
    GoToAssist
    DgiVecp
    cccredmgr
    srvdpi
    db2das00
    spbbcsvc
    vcommmgr
    SNP2STD
    NIPALK
    hpqddsvc
    harmony
    sshrmd
    GT890x
    winpower
    Slpsvdr
    oracle_load_balancer_60_client-forms6ip9
    APLMp50
    TMKEmu
    HPFECP20
    pcidump
    ftsata2
    UVCFTR
    nbservice
    license
    oracleorahomehttpserver
    DirectUpdate
    PGPsdkDriver
    retroexplauncher
    nfmservice
    tng-dts
    SE2Eobex
    wampmysqld
    s217mdm
    dlcf_device
    rimvserport
    TNaviSrv
    el90xbc
    RESMGR
    SDdriver
    pdlnsx25
    gameenum
    wdica
    AR5523
    picturetaker
    Evian
    btwavdt
    rnadiagnosticsservice
    cusrvc
    Via4in1
    freepops
    nimcrpcsu
    dmio
    TuneUp.Defrag
    iPassPeriodicUpdateApp
    prism_a02
    IFPUSB
    bt3cser
    transarcafsdaemon
    k750mdfl
    USB_RNDIS
    SRTSP
    ifxtcs
    VICESYS
    PTDCBus
    tcsd_win32.exe
    pml
    ScFBPNT3
    UxTuneUp
    vc5secs
    tbhsd
    stacsv
    licensemanagersocket
    avgarcln
    tosrfnds
    ql1280
    s3ssavage
    hmonitor
    wlluc48
    tmmbd
    cbidf
    zebrbus
    dvd_2K
    vsapint
    w200bus
    awhost32
    filechecker
    NsTrcNT
    hsf_dp
    trackcam4
    arcltsrv
    dladresm
    WUSB54GPV4SRV
    us30service
    vvoice
    inotask
    inorpc
    VNUSB
    lxrjd31d
    Ncrc710
    rca
    s125obex
    NxSysMon
    VX3000
    srescan
    {95808DC4-FA4A-4c74-92FE-5B863F82066B}
    isapisearch
    lockmgr
    nvcap
    ss_mdfl
    SRS_SSCFilter
    klif
    DCamUSBSQTECH
    se26unic
    mks_scan
    s7otranx
    SED133x
    ibmcicstransactiongateway
    s7oppitx
    LKbdFlt2
    3comtftp
    UMPass
    U81xobex
    U2SP
    co_mon
    atierecord
    qbfcservice
    tosrfsnd
    openvpnservice
    AmdLLD
    freebsd
    atkdisplf
    se58unic
    RMCAST
    mcnasvc
    cdr4_2k
    avg7updsvc
    cvsnt
    k750mdm
    s616unic
    artourservice
    symmpi
    iastor
    aclient
    BTSLBCSP
    askernel
    acprfmgrsvc
    https-admserv61
    splitter
    SaiU040B
    proxyhostservice
    USB_RNDIS_XP
    nmsaccess
    mfehidk
    snmptrapdservice
    digictrl
    emupia
    rimusb
    array_utility_service4,0,1,3
    gearaspiwdm
    eskerlicensecontrol
    lxbs_device
    nimdbgk
    CTMSHD
    ihcservice
    pavreport
    ATKFUSService
    iomdisk
    se59mdfl
    pnkbstrb
    lp6nds35
    syntp
    SWMX00
    se2Bnd5
    e1express
    w800mdfl
    entech
    T6963C
    hnmsvc
    VCAM
    purgeieservice
    XFX_program
    smcservice
    ldlcserv
    PQNTDrv
    iviaspi
    enxpsvc
    DniVad
    acedrv07
    Subsonic
    iwebmsg
    qmofiltr
    agrsrvce
    SunkFilt39
    TcUsb
    MA_CMIDI
    trcboot
    smsmdd
    iam
    a016mdfl
    db2ntsecserver
    ec2007service
    sqlagent$sony_mediamgr
    soma
    tvs
    ipsraidn
    kservice
    Bcim
    amon
    axinstsv
    btwrchid
    bdfsdrv
    SE2Dmdfl
    MTsensor
    maya70docserver
    ctdvda2k
    wg111nd5
    nchssvad
    SaiNtSub
    cpqarray
    gv3
    UpdateCenterService
    MobilePreInstallerService
    SQLWriter
    iap
    usb20l
    s716nd5
    FireTDI
    pdframe
    HSFHWICH
    yukonwxp
    lvpopflt
    vzcdbsvc
    NVTCP
    SE27mdm
    atalk
    SunkFilt
    NVENET
    ctmmfilt
    cicssfs.scmmc223
    ifxspmgtsrv
    se44nd5
    agentsrv
    ATMsrvc
    nsengine
    s117obex
    aswrdr
    z800obex
    mwspollserver
    lxbu_device
    rtl8139
    se44bus
    USB11LDR
    ramaint
    pfc
    athr
    se59nd5
    sentinel
    ser2pl
    websenselogserver
    ltck000c
    ZuneWlanCfgSvc
    k750mgmt
    Nsynas32
    uclauncherservice
    ossrv
    sprtsvc_smartagent
    autocomplete
    sbhooksvc
    USBCamera
    TestHandler
    adiloader
    elotouchscreen
    cwafrmiregistry
    W55U01
    tvicport
    aec
    ino_fltr
    CTEDSPFX.DLL
    U81xmdm
    HFACSVC
    imaservice
    tmactmon
    MpFilter
    bthusb
    symids
    ASMMAP
    atchksrv
    AKSIFDH
    GV600_4
    nvmpu401
    ASNDIS5
    omniusbl
    papycpu2
    cpuz132
    HECI
    tsdhd
    protexislicensing
    slapd-data52
    tandpl
    dxdebug
    scanwscs
    ntrtscan
    mod7700
    TVALG
    oracle_load_balancer_60_client-forms6ip14
    telnet
    mapserver6.3
    incdfs
    eamon
    GTPTSER
    atmeltpm
    vetmsgnt
    nvsmu
    RSAFAL
    alertmanager
    sysmonlog
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-Wdf01000.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-25 15:14
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\dlbacoms.exe
    c:\program files\ESET\ESET Smart Security\ekrn.exe
    c:\program files\Secunia\PSI\PSIA.exe
    c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Secunia\PSI\sua.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-25 15:23:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-25 19:23
    ComboFix2.txt 2012-05-25 11:25
    .
    Pre-Run: 63,374,553,088 bytes free
    Post-Run: 63,265,398,784 bytes free
    .
    - - End Of File - - 7AAFB187946B0A775A07405B77DD7FEA
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Now you're talking.

    Let me know if any more BSOD will happen.
  11. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    will do
    thanks for your help its been a fun learning process :)
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You're very welcome [​IMG]
  13. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ok may havee been a fluke because laptops been running great but had a crash today ?

    ==================================================
    Dump File : Mini060812-01.dmp
    Crash Time : 6/8/2012 5:18:37 PM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00004000
    Parameter 2 : 0x86c212c0
    Parameter 3 : 0x80000000
    Parameter 4 : 0x0023dfed
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+be38a
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdabf
    Stack Address 1 : ntkrnlpa.exe+b674e
    Stack Address 2 : ntkrnlpa.exe+85573
    Stack Address 3 : ntkrnlpa.exe+4ac3a
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini060812-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
     
  14. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    One BSOD is usually meaningless. It happens.
  15. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Ok having a new problem should I start a new thread or continue here?

    getting this pop up over and over again when starting IE9 internet explorer "

    "Microsoft Windows Search Protocol Host has stopped working" popping up every 10 seconds
  16. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  18. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Ok I should also say the "search protocol host stopped working" pop up happens right after boot up ! IE9 starts up but when I go to a sight it acts like its there but the screen is blank !

    now by ALL the steps you mean run the fix it and reset internet explorer and also click the delete personal settings? if so I did this but no luck still have the problem !

    thanks bill
  19. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    I just noticed the windows spider sol and windows freecell sol are coming up blank screen also :S
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
    billyd likes this.
  21. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Ok thanks !
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  23. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Hi just wanted to let you know because no one was replying in the other thread!

    I ran sfc scannow followed by combofix ! seems to have fixed the problem still haven't tried everything though !

    I can post the logs if you want interpret them ? if so word wrap or not ? I've forgotten which way you like them!

    Merry Christmas to you also!:D
  24. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Sure....
  25. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ComboFix 12-12-20.02 - William 12/20/2012 18:21:41.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1929 [GMT -5:00]
    Running from: c:\users\William\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\iWin Games\iWinGamesHookIE.dll
    c:\users\William\AppData\Roaming\vso_ts_preview.xml
    c:\users\William\GoToAssistDownloadHelper.exe
    c:\windows\desktop
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\mscsptisrv.dll
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_server
    -------\Service_timounter
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-20 23:34 . 2012-12-20 23:37 -------- d-----w- c:\users\William\AppData\Local\temp
    2012-12-20 23:34 . 2012-12-20 23:34 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-12-20 23:34 . 2012-12-20 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-20 22:15 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-20 22:15 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-18 19:16 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98BCAFC5-E53A-40A4-9E63-3C4228B96AFF}\mpengine.dll
    2012-12-12 08:03 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-12-12 08:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-12-12 08:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-12-12 08:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
    2012-12-12 08:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-12-12 08:03 . 2012-07-26 03:20 172032 ------w- c:\windows\system32\WUDFPlatform.dll
    2012-12-12 08:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-12-12 08:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-12-12 08:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-12-12 08:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-12-12 08:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2012-12-12 06:57 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 06:57 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-12 06:57 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-12-12 06:57 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-01 08:53 . 2012-12-01 08:53 -------- d-----w- c:\users\William\AppData\Roaming\Big Fish Games
    2012-12-01 08:51 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2012-12-01 08:51 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2012-12-01 08:51 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2012-12-01 08:51 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-12-01 08:51 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2012-12-01 08:51 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2012-12-01 08:51 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2012-12-01 08:51 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 11:58 . 2012-04-04 17:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 11:58 . 2011-12-23 00:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-07 01:19 . 2012-11-07 01:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-07 01:19 . 2012-11-07 01:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-09-29 23:54 . 2012-05-13 23:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-25 16:19 . 2012-11-14 02:32 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-09-24 19:32 . 2012-06-23 20:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-24 19:32 . 2012-03-20 23:22 473072 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "dlbamon.exe"="c:\program files\Dell AIO Printer A940\dlbamon.exe" [2007-03-05 435696]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-07 296096]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
    backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    se2Bunic
    ofcpfwsvc
    upsmonservice
    nmservice
    atkkeyboardservice
    SE2Bmdfl
    SE2Dbus
    omsad
    tmtdi
    wscsvc
    wm
    UNDPX2A
    sdcoreservice
    EIO_XP
    ErrDev
    qfcoresvc
    mcdetect.exe
    pelusblf
    DS1410D
    CTMFLT
    EMATCORE
    CVirtA
    mssqlserverolapservice
    pgpsdkservice
    PTDCVsp
    dsNcAdpt
    sisnic
    btnetfilter
    nimcdfxk
    MTC0001_ESB
    SprintRcAppSvc
    pcx1unic
    RDID1027
    pwkntmon
    axsaki
    mwagent
    oracle_load_balancer_60_server-forms6ip9
    rslinxng
    mysql
    teefer
    atixsaudio
    adminserver
    mvserver
    spmd
    bc_filter
    atiavaiw
    UimBus
    sisperf
    imapiservice
    s716mdm
    rt2500usb
    ppped
    tfsnboio
    dlartl_n
    vstor2-ws60
    iPassPeriodicUpdateService
    speakerphone
    ZDPNDIS5
    ISAMSvc
    plsremotesvc
    smartwiservice
    mcdbus
    se45mgmt
    ccflic0
    webdriveservice
    wlluc48b
    webrootenterpriseclientservice
    imagesrv
    flashcom
    ssm_bus
    olapserver
    wintab32
    a016mgmt
    MRV6X32P
    EACSvrMngr
    sglogplayer
    AcronisOSSReinstallSvc
    atdisk
    bantext
    nwlnkspx
    PBADRV
    oraclewebassistant
    sonytvc
    intelroam
    papyjoy
    tfsnudf
    U3sHlpDr
    npapimon
    comhost
    SetupSys
    pdlnatcm
    iPassP
    perc2
    statusagent
    ATWPKT2
    AdobeActiveFileMonitor6.0
    WD_FireWire_HID
    {a7447300-8075-4b0d-83f1-3d75c8ebc623}
    hclinetd
    i81x
    SWUMX51
    MQAC
    UsbserFilt
    dlbu_device
    szkg
    incdsrv
    acrotray
    rootmodem
    nwlnknb
    avgems
    datasvr
    NETw4v32
    cfgwzsvc
    tvtfilter
    USB_NDIS_51
    s125mdfl
    tng-dtmg
    vproeventmonitor
    wmconnectcds
    redbook
    DivisCTS
    NWSAP
    macformatservice
    sit_flt
    EL2000
    ssfs0509
    procexp90
    iksyssec
    starwindservice
    mnsframework
    bwcsrv
    aolservice
    crauto
    nvax
    mctskshd.exe
    ICAM5USB
    LC7981
    razerusb
    EagleNT
    elockservice
    xfilt
    ageremodemaudio
    MA8032U
    fshttps
    slabbus
    useraccess7
    ctljystk
    acermemusagecheckservice
    NVR0Dev
    rnadirectory
    netmdsb
    nm
    bc_pat_f
    MREMP50
    W700mdm
    oraclemtsrecoveryservice
    pduip6000dmemcrdmgr
    roxwatch
    svv
    SMCB000
    vncdrv
    tapeware
    Angel2
    qkbfiltr
    persfw
    cpucoolserver
    elnkservice
    btwusb
    STV680m
    msftpsvc
    mxnic
    ikhfile
    opcenum
    trioservice
    cebdaldr
    winpppoverethernet
    lpx
    TOSHIBASoftModem
    mssql$sqlexpress
    Hotkey
    NITaggerService
    dlcj_device
    slabser
    openldap-slapd
    diskeeper
    WinVd32
    rchost
    w800mdm
    NTIDrvr
    dlcc_device
    SE26mgmt
    z800mgmt
    emitray
    aspi32
    S3GIGP
    tgsrvc_smartagent
    beatjamupnpmusicserver
    iaimfp1
    Slntamr
    defwatch
    sis315
    queuemgr
    penrendezvous
    lktimesync
    bthpan
    ATMsg
    ino_flpy
    cvslock
    dtsrvc
    noipducservice
    WaveFDE
    ntcharge
    se45nd5
    rfcomm
    tavsvc
    SABSVC
    screadspool
    GTSCSER
    mysqlinventime
    modemcsa
    NETw3v32
    ma_cmidi_installerservice
    getPlusHelper
    nimxdfk
    tdimsys
    bdselfpr
    PD0620VID
    PGPdisk
    SimpTcp
    mfeavfk
    AVerTV
    SPFDRV
    btwhid
    pcradminserver
    audstub
    mlkkbdntdriver
    WBHWDOCT
    lvprcsrv
    uleadburninghelper
    mwstick
    vsdatant
    hibernation
    lmab_device
    rppkt
    mcsysmon
    UWProSys
    s217nd5
    CX88AUD
    pdlnshay
    monfilt
    lxcj_device
    ntpr_nic_service2
    a016mdm
    iAimTV5
    zpsc
    haspnt
    Jukebox
    VAIOMediaPlatform-MusicServer-HTTP
    FETNDIS
    scsk4
    outpostfirewall
    backupexecalertserver
    nmwcdc
    pavdrv
    slee_503_service
    HIDSwvd
    ssm_mdm
    LVRS
    sifilter
    viaagp1
    ood2000
    STV680
    CnxTrLan
    win32sl
    s116mdm
    cwcwdm
    Pctspk
    jaguar
    ROB_A
    Appn
    hwpsgt
    AVCSTRM
    spcsutilityservice
    nvstor32
    mfesmfk
    roxupnpserver
    avg7rsw
    SWNC5E00
    DNE
    ovsecurityserver
    p2k
    ADIDTSFiltService
    wuolservice
    ggsemc
    winpowerrmi
    GoToAssist
    DgiVecp
    cccredmgr
    srvdpi
    db2das00
    spbbcsvc
    vcommmgr
    SNP2STD
    NIPALK
    hpqddsvc
    harmony
    sshrmd
    GT890x
    winpower
    Slpsvdr
    oracle_load_balancer_60_client-forms6ip9
    APLMp50
    TMKEmu
    HPFECP20
    pcidump
    ftsata2
    UVCFTR
    nbservice
    license
    oracleorahomehttpserver
    DirectUpdate
    PGPsdkDriver
    retroexplauncher
    nfmservice
    tng-dts
    SE2Eobex
    wampmysqld
    s217mdm
    dlcf_device
    rimvserport
    TNaviSrv
    el90xbc
    RESMGR
    SDdriver
    pdlnsx25
    gameenum
    wdica
    AR5523
    picturetaker
    Evian
    btwavdt
    rnadiagnosticsservice
    cusrvc
    Via4in1
    freepops
    nimcrpcsu
    dmio
    TuneUp.Defrag
    iPassPeriodicUpdateApp
    prism_a02
    IFPUSB
    bt3cser
    transarcafsdaemon
    k750mdfl
    USB_RNDIS
    SRTSP
    ifxtcs
    VICESYS
    PTDCBus
    tcsd_win32.exe
    pml
    ScFBPNT3
    UxTuneUp
    vc5secs
    tbhsd
    stacsv
    licensemanagersocket
    avgarcln
    tosrfnds
    ql1280
    s3ssavage
    hmonitor
    wlluc48
    tmmbd
    cbidf
    zebrbus
    dvd_2K
    vsapint
    w200bus
    awhost32
    filechecker
    NsTrcNT
    hsf_dp
    trackcam4
    arcltsrv
    dladresm
    WUSB54GPV4SRV
    us30service
    vvoice
    inotask
    inorpc
    VNUSB
    lxrjd31d
    Ncrc710
    rca
    s125obex
    NxSysMon
    VX3000
    srescan
    {95808DC4-FA4A-4c74-92FE-5B863F82066B}
    isapisearch
    lockmgr
    nvcap
    ss_mdfl
    SRS_SSCFilter
    klif
    DCamUSBSQTECH
    se26unic
    mks_scan
    s7otranx
    SED133x
    ibmcicstransactiongateway
    s7oppitx
    LKbdFlt2
    3comtftp
    UMPass
    U81xobex
    U2SP
    co_mon
    atierecord
    qbfcservice
    tosrfsnd
    openvpnservice
    AmdLLD
    freebsd
    atkdisplf
    se58unic
    RMCAST
    mcnasvc
    cdr4_2k
    avg7updsvc
    cvsnt
    k750mdm
    s616unic
    artourservice
    symmpi
    iastor
    aclient
    BTSLBCSP
    askernel
    acprfmgrsvc
    https-admserv61
    splitter
    SaiU040B
    proxyhostservice
    USB_RNDIS_XP
    nmsaccess
    mfehidk
    snmptrapdservice
    digictrl
    emupia
    rimusb
    array_utility_service4,0,1,3
    gearaspiwdm
    eskerlicensecontrol
    lxbs_device
    nimdbgk
    CTMSHD
    ihcservice
    pavreport
    ATKFUSService
    iomdisk
    se59mdfl
    pnkbstrb
    lp6nds35
    syntp
    SWMX00
    se2Bnd5
    e1express
    w800mdfl
    entech
    T6963C
    hnmsvc
    VCAM
    purgeieservice
    XFX_program
    smcservice
    ldlcserv
    PQNTDrv
    iviaspi
    enxpsvc
    DniVad
    acedrv07
    Subsonic
    iwebmsg
    qmofiltr
    agrsrvce
    SunkFilt39
    TcUsb
    MA_CMIDI
    trcboot
    smsmdd
    iam
    a016mdfl
    db2ntsecserver
    ec2007service
    sqlagent$sony_mediamgr
    soma
    tvs
    ipsraidn
    kservice
    Bcim
    amon
    axinstsv
    btwrchid
    bdfsdrv
    SE2Dmdfl
    MTsensor
    maya70docserver
    ctdvda2k
    wg111nd5
    nchssvad
    SaiNtSub
    cpqarray
    gv3
    UpdateCenterService
    MobilePreInstallerService
    SQLWriter
    iap
    usb20l
    s716nd5
    FireTDI
    pdframe
    HSFHWICH
    yukonwxp
    lvpopflt
    vzcdbsvc
    NVTCP
    SE27mdm
    atalk
    SunkFilt
    NVENET
    ctmmfilt
    cicssfs.scmmc223
    ifxspmgtsrv
    se44nd5
    agentsrv
    ATMsrvc
    nsengine
    s117obex
    aswrdr
    z800obex
    mwspollserver
    lxbu_device
    rtl8139
    se44bus
    USB11LDR
    ramaint
    pfc
    athr
    se59nd5
    sentinel
    ser2pl
    websenselogserver
    ltck000c
    ZuneWlanCfgSvc
    k750mgmt
    Nsynas32
    uclauncherservice
    ossrv
    sprtsvc_smartagent
    autocomplete
    sbhooksvc
    USBCamera
    TestHandler
    adiloader
    elotouchscreen
    cwafrmiregistry
    W55U01
    tvicport
    aec
    ino_fltr
    CTEDSPFX.DLL
    U81xmdm
    HFACSVC
    imaservice
    tmactmon
    MpFilter
    bthusb
    symids
    ASMMAP
    atchksrv
    AKSIFDH
    GV600_4
    nvmpu401
    ASNDIS5
    omniusbl
    papycpu2
    cpuz132
    HECI
    tsdhd
    protexislicensing
    slapd-data52
    tandpl
    dxdebug
    scanwscs
    ntrtscan
    mod7700
    TVALG
    oracle_load_balancer_60_client-forms6ip14
    telnet
    mapserver6.3
    incdfs
    eamon
    GTPTSER
    atmeltpm
    vetmsgnt
    nvsmu
    RSAFAL
    alertmanager
    sysmonlog
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:58]
    .
    2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
    .
    2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
    - c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
    .
    2012-12-18 c:\windows\Tasks\ReclaimerUpdateFiles_William.job
    - c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
    .
    2012-12-19 c:\windows\Tasks\ReclaimerUpdateXML_William.job
    - c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
    .
    2012-12-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_William.job
    - c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NortonSupport - c:\program files\Norton Internet Security\Engine\19.1.0.28\symerr.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-20 18:37
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\dlbacoms.exe
    c:\program files\ESET\ESET Smart Security\ekrn.exe
    c:\program files\iWin Games\iWinTrusted.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Secunia\PSI\PSIA.exe
    c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\program files\Secunia\PSI\sua.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-12-20 18:43:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-20 23:43
    ComboFix2.txt 2012-05-25 19:23
    ComboFix3.txt 2012-05-25 11:25
    .
    Pre-Run: 85,502,816,256 bytes free
    Post-Run: 85,457,219,584 bytes free
    .
    - - End Of File - - 5E48F7E7CD0F8286D9073F866A742DA1


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.