Solved Malware problem maybe more?

OTL logfile created on: 5/23/2012 2:39:06 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.76% Memory free
6.20 Gb Paging File | 4.71 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 60.72 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< End of report >
 
That didn't work.

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

  • Click OK at the warning.
  • Click the Script tab and copy/paste the following text there:
Code: 
CopyFile:
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys C:\Windows\System32\drivers\tcpip.sys
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
BlitzBlank 1.0.0.32
File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys", destinationFile = "\??\c:\windows\system32\drivers\tcpip.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c0000022
 
Still didn't work...

Please download ComboFix from Here or Here to your Desktop.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys | C:\Windows\System32\drivers\tcpip.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-05-25.02 - William 05/25/2012 7:05.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1789 [GMT -4:00]
Running from: c:\users\William\Desktop\ComboFix.exe
Command switches used :: c:\users\William\Desktop\CFScript.txt.lnk
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\William\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\odysseyIM4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sandboxu
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
2012-05-22 19:31 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se2Bunic
ofcpfwsvc
upsmonservice
nmservice
atkkeyboardservice
SE2Bmdfl
SE2Dbus
omsad
tmtdi
wscsvc
wm
UNDPX2A
sdcoreservice
EIO_XP
ErrDev
qfcoresvc
mcdetect.exe
pelusblf
DS1410D
CTMFLT
EMATCORE
CVirtA
mssqlserverolapservice
pgpsdkservice
PTDCVsp
dsNcAdpt
sisnic
btnetfilter
nimcdfxk
MTC0001_ESB
SprintRcAppSvc
pcx1unic
RDID1027
pwkntmon
axsaki
mwagent
oracle_load_balancer_60_server-forms6ip9
rslinxng
mysql
teefer
atixsaudio
adminserver
mvserver
spmd
bc_filter
atiavaiw
UimBus
sisperf
imapiservice
s716mdm
rt2500usb
ppped
tfsnboio
dlartl_n
vstor2-ws60
iPassPeriodicUpdateService
speakerphone
ZDPNDIS5
ISAMSvc
plsremotesvc
smartwiservice
mcdbus
se45mgmt
ccflic0
webdriveservice
wlluc48b
webrootenterpriseclientservice
imagesrv
flashcom
ssm_bus
olapserver
wintab32
a016mgmt
MRV6X32P
EACSvrMngr
sglogplayer
AcronisOSSReinstallSvc
atdisk
bantext
nwlnkspx
PBADRV
oraclewebassistant
sonytvc
intelroam
papyjoy
tfsnudf
U3sHlpDr
npapimon
comhost
SetupSys
pdlnatcm
iPassP
perc2
statusagent
ATWPKT2
AdobeActiveFileMonitor6.0
WD_FireWire_HID
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
hclinetd
i81x
SWUMX51
MQAC
UsbserFilt
dlbu_device
szkg
incdsrv
acrotray
rootmodem
nwlnknb
avgems
datasvr
NETw4v32
cfgwzsvc
tvtfilter
USB_NDIS_51
s125mdfl
tng-dtmg
vproeventmonitor
wmconnectcds
redbook
DivisCTS
NWSAP
macformatservice
sit_flt
EL2000
ssfs0509
procexp90
iksyssec
starwindservice
mnsframework
bwcsrv
aolservice
crauto
nvax
mctskshd.exe
ICAM5USB
LC7981
razerusb
EagleNT
elockservice
xfilt
ageremodemaudio
MA8032U
fshttps
slabbus
useraccess7
ctljystk
acermemusagecheckservice
NVR0Dev
rnadirectory
netmdsb
nm
bc_pat_f
MREMP50
W700mdm
oraclemtsrecoveryservice
pduip6000dmemcrdmgr
roxwatch
svv
SMCB000
vncdrv
tapeware
Angel2
qkbfiltr
persfw
cpucoolserver
elnkservice
btwusb
STV680m
msftpsvc
mxnic
ikhfile
opcenum
trioservice
cebdaldr
winpppoverethernet
lpx
TOSHIBASoftModem
mssql$sqlexpress
Hotkey
NITaggerService
dlcj_device
slabser
openldap-slapd
diskeeper
WinVd32
rchost
w800mdm
NTIDrvr
dlcc_device
server
SE26mgmt
z800mgmt
emitray
aspi32
S3GIGP
tgsrvc_smartagent
beatjamupnpmusicserver
iaimfp1
Slntamr
defwatch
sis315
queuemgr
penrendezvous
lktimesync
bthpan
ATMsg
ino_flpy
cvslock
dtsrvc
noipducservice
WaveFDE
ntcharge
se45nd5
rfcomm
tavsvc
SABSVC
screadspool
GTSCSER
mysqlinventime
modemcsa
timounter
NETw3v32
ma_cmidi_installerservice
getPlusHelper
nimxdfk
tdimsys
bdselfpr
PD0620VID
PGPdisk
SimpTcp
mfeavfk
AVerTV
SPFDRV
btwhid
pcradminserver
audstub
mlkkbdntdriver
WBHWDOCT
lvprcsrv
uleadburninghelper
mwstick
vsdatant
hibernation
lmab_device
rppkt
mcsysmon
UWProSys
s217nd5
CX88AUD
pdlnshay
monfilt
lxcj_device
ntpr_nic_service2
a016mdm
iAimTV5
zpsc
haspnt
Jukebox
VAIOMediaPlatform-MusicServer-HTTP
FETNDIS
scsk4
outpostfirewall
backupexecalertserver
nmwcdc
pavdrv
slee_503_service
HIDSwvd
ssm_mdm
LVRS
sifilter
viaagp1
ood2000
STV680
CnxTrLan
win32sl
s116mdm
cwcwdm
Pctspk
jaguar
ROB_A
Appn
hwpsgt
AVCSTRM
spcsutilityservice
nvstor32
mfesmfk
roxupnpserver
avg7rsw
SWNC5E00
DNE
ovsecurityserver
p2k
ADIDTSFiltService
wuolservice
ggsemc
winpowerrmi
GoToAssist
DgiVecp
cccredmgr
srvdpi
db2das00
spbbcsvc
vcommmgr
SNP2STD
NIPALK
hpqddsvc
harmony
sshrmd
GT890x
winpower
Slpsvdr
oracle_load_balancer_60_client-forms6ip9
APLMp50
TMKEmu
HPFECP20
pcidump
ftsata2
UVCFTR
nbservice
license
oracleorahomehttpserver
DirectUpdate
PGPsdkDriver
retroexplauncher
nfmservice
tng-dts
SE2Eobex
wampmysqld
s217mdm
dlcf_device
rimvserport
TNaviSrv
el90xbc
RESMGR
SDdriver
pdlnsx25
gameenum
wdica
AR5523
picturetaker
Evian
btwavdt
rnadiagnosticsservice
cusrvc
Via4in1
freepops
nimcrpcsu
dmio
TuneUp.Defrag
iPassPeriodicUpdateApp
prism_a02
IFPUSB
bt3cser
transarcafsdaemon
k750mdfl
USB_RNDIS
SRTSP
ifxtcs
VICESYS
PTDCBus
tcsd_win32.exe
pml
ScFBPNT3
UxTuneUp
vc5secs
tbhsd
stacsv
licensemanagersocket
avgarcln
tosrfnds
ql1280
s3ssavage
hmonitor
wlluc48
tmmbd
cbidf
zebrbus
dvd_2K
vsapint
w200bus
awhost32
filechecker
NsTrcNT
hsf_dp
trackcam4
arcltsrv
dladresm
WUSB54GPV4SRV
us30service
vvoice
inotask
inorpc
VNUSB
lxrjd31d
Ncrc710
rca
s125obex
NxSysMon
VX3000
srescan
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
isapisearch
lockmgr
nvcap
ss_mdfl
SRS_SSCFilter
klif
DCamUSBSQTECH
se26unic
mks_scan
s7otranx
SED133x
ibmcicstransactiongateway
s7oppitx
LKbdFlt2
3comtftp
UMPass
U81xobex
U2SP
co_mon
atierecord
qbfcservice
tosrfsnd
openvpnservice
AmdLLD
freebsd
atkdisplf
se58unic
RMCAST
mcnasvc
cdr4_2k
avg7updsvc
cvsnt
k750mdm
s616unic
artourservice
symmpi
iastor
aclient
BTSLBCSP
askernel
acprfmgrsvc
https-admserv61
splitter
SaiU040B
proxyhostservice
USB_RNDIS_XP
nmsaccess
mfehidk
snmptrapdservice
digictrl
emupia
rimusb
array_utility_service4,0,1,3
gearaspiwdm
eskerlicensecontrol
lxbs_device
nimdbgk
CTMSHD
ihcservice
pavreport
ATKFUSService
iomdisk
se59mdfl
pnkbstrb
lp6nds35
syntp
SWMX00
se2Bnd5
e1express
w800mdfl
entech
T6963C
hnmsvc
VCAM
purgeieservice
XFX_program
smcservice
ldlcserv
PQNTDrv
iviaspi
enxpsvc
DniVad
acedrv07
Subsonic
iwebmsg
qmofiltr
agrsrvce
SunkFilt39
TcUsb
MA_CMIDI
trcboot
smsmdd
iam
a016mdfl
db2ntsecserver
ec2007service
sqlagent$sony_mediamgr
soma
tvs
ipsraidn
kservice
Bcim
amon
axinstsv
btwrchid
bdfsdrv
SE2Dmdfl
MTsensor
maya70docserver
ctdvda2k
wg111nd5
nchssvad
SaiNtSub
cpqarray
gv3
UpdateCenterService
MobilePreInstallerService
SQLWriter
iap
usb20l
s716nd5
FireTDI
pdframe
HSFHWICH
yukonwxp
lvpopflt
vzcdbsvc
NVTCP
SE27mdm
atalk
SunkFilt
NVENET
ctmmfilt
cicssfs.scmmc223
ifxspmgtsrv
se44nd5
agentsrv
ATMsrvc
nsengine
s117obex
aswrdr
z800obex
mwspollserver
lxbu_device
rtl8139
se44bus
USB11LDR
ramaint
pfc
athr
se59nd5
sentinel
ser2pl
websenselogserver
ltck000c
ZuneWlanCfgSvc
k750mgmt
Nsynas32
uclauncherservice
ossrv
sprtsvc_smartagent
autocomplete
sbhooksvc
USBCamera
TestHandler
adiloader
elotouchscreen
cwafrmiregistry
W55U01
tvicport
aec
ino_fltr
CTEDSPFX.DLL
U81xmdm
HFACSVC
imaservice
tmactmon
MpFilter
bthusb
symids
ASMMAP
atchksrv
AKSIFDH
GV600_4
nvmpu401
ASNDIS5
omniusbl
papycpu2
cpuz132
HECI
tsdhd
protexislicensing
slapd-data52
tandpl
dxdebug
scanwscs
ntrtscan
mod7700
TVALG
oracle_load_balancer_60_client-forms6ip14
telnet
mapserver6.3
incdfs
eamon
GTPTSER
atmeltpm
vetmsgnt
nvsmu
RSAFAL
alertmanager
sysmonlog
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 07:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\NOD9D7D.tmp 847872 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\dlbacoms.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\msiexec.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 07:25:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 11:25
.
Pre-Run: 62,952,001,536 bytes free
Post-Run: 63,107,092,480 bytes free
.
- - End Of File - - 8575A95A9CAD471FC66C2E932665130E
 
the latest BSOD

==================================================
Dump File : Mini052512-01.dmp
Crash Time : 5/25/2012 10:37:53 AM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904aa
Parameter 2 : 0xa852b950
Parameter 3 : 0xa852b64c
Parameter 4 : 0x8a423feb
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+16feb
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : Ntfs.sys+19fff
Stack Address 2 : Ntfs.sys+27637
Stack Address 3 : Ntfs.sys+27a7e
Computer Name :
Full Path : C:\Windows\Minidump\Mini052512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
 
ComboFix 12-05-25.02 - William 05/25/2012 15:03:10.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1757 [GMT -4:00]
Running from: c:\users\William\Desktop\ComboFix.exe
Command switches used :: c:\users\William\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\William\AppData\Local\temp
2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 14:35 . 2012-05-25 14:35 -------- d-----w- C:\found.002
2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-08 16:40 . 2012-05-22 19:31 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se2Bunic
ofcpfwsvc
upsmonservice
nmservice
atkkeyboardservice
SE2Bmdfl
SE2Dbus
omsad
tmtdi
wscsvc
wm
UNDPX2A
sdcoreservice
EIO_XP
ErrDev
qfcoresvc
mcdetect.exe
pelusblf
DS1410D
CTMFLT
EMATCORE
CVirtA
mssqlserverolapservice
pgpsdkservice
PTDCVsp
dsNcAdpt
sisnic
btnetfilter
nimcdfxk
MTC0001_ESB
SprintRcAppSvc
pcx1unic
RDID1027
pwkntmon
axsaki
mwagent
oracle_load_balancer_60_server-forms6ip9
rslinxng
mysql
teefer
atixsaudio
adminserver
mvserver
spmd
bc_filter
atiavaiw
UimBus
sisperf
imapiservice
s716mdm
rt2500usb
ppped
tfsnboio
dlartl_n
vstor2-ws60
iPassPeriodicUpdateService
speakerphone
ZDPNDIS5
ISAMSvc
plsremotesvc
smartwiservice
mcdbus
se45mgmt
ccflic0
webdriveservice
wlluc48b
webrootenterpriseclientservice
imagesrv
flashcom
ssm_bus
olapserver
wintab32
a016mgmt
MRV6X32P
EACSvrMngr
sglogplayer
AcronisOSSReinstallSvc
atdisk
bantext
nwlnkspx
PBADRV
oraclewebassistant
sonytvc
intelroam
papyjoy
tfsnudf
U3sHlpDr
npapimon
comhost
SetupSys
pdlnatcm
iPassP
perc2
statusagent
ATWPKT2
AdobeActiveFileMonitor6.0
WD_FireWire_HID
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
hclinetd
i81x
SWUMX51
MQAC
UsbserFilt
dlbu_device
szkg
incdsrv
acrotray
rootmodem
nwlnknb
avgems
datasvr
NETw4v32
cfgwzsvc
tvtfilter
USB_NDIS_51
s125mdfl
tng-dtmg
vproeventmonitor
wmconnectcds
redbook
DivisCTS
NWSAP
macformatservice
sit_flt
EL2000
ssfs0509
procexp90
iksyssec
starwindservice
mnsframework
bwcsrv
aolservice
crauto
nvax
mctskshd.exe
ICAM5USB
LC7981
razerusb
EagleNT
elockservice
xfilt
ageremodemaudio
MA8032U
fshttps
slabbus
useraccess7
ctljystk
acermemusagecheckservice
NVR0Dev
rnadirectory
netmdsb
nm
bc_pat_f
MREMP50
W700mdm
oraclemtsrecoveryservice
pduip6000dmemcrdmgr
roxwatch
svv
SMCB000
vncdrv
tapeware
Angel2
qkbfiltr
persfw
cpucoolserver
elnkservice
btwusb
STV680m
msftpsvc
mxnic
ikhfile
opcenum
trioservice
cebdaldr
winpppoverethernet
lpx
TOSHIBASoftModem
mssql$sqlexpress
Hotkey
NITaggerService
dlcj_device
slabser
openldap-slapd
diskeeper
WinVd32
rchost
w800mdm
NTIDrvr
dlcc_device
server
SE26mgmt
z800mgmt
emitray
aspi32
S3GIGP
tgsrvc_smartagent
beatjamupnpmusicserver
iaimfp1
Slntamr
defwatch
sis315
queuemgr
penrendezvous
lktimesync
bthpan
ATMsg
ino_flpy
cvslock
dtsrvc
noipducservice
WaveFDE
ntcharge
se45nd5
rfcomm
tavsvc
SABSVC
screadspool
GTSCSER
mysqlinventime
modemcsa
timounter
NETw3v32
ma_cmidi_installerservice
getPlusHelper
nimxdfk
tdimsys
bdselfpr
PD0620VID
PGPdisk
SimpTcp
mfeavfk
AVerTV
SPFDRV
btwhid
pcradminserver
audstub
mlkkbdntdriver
WBHWDOCT
lvprcsrv
uleadburninghelper
mwstick
vsdatant
hibernation
lmab_device
rppkt
mcsysmon
UWProSys
s217nd5
CX88AUD
pdlnshay
monfilt
lxcj_device
ntpr_nic_service2
a016mdm
iAimTV5
zpsc
haspnt
Jukebox
VAIOMediaPlatform-MusicServer-HTTP
FETNDIS
scsk4
outpostfirewall
backupexecalertserver
nmwcdc
pavdrv
slee_503_service
HIDSwvd
ssm_mdm
LVRS
sifilter
viaagp1
ood2000
STV680
CnxTrLan
win32sl
s116mdm
cwcwdm
Pctspk
jaguar
ROB_A
Appn
hwpsgt
AVCSTRM
spcsutilityservice
nvstor32
mfesmfk
roxupnpserver
avg7rsw
SWNC5E00
DNE
ovsecurityserver
p2k
ADIDTSFiltService
wuolservice
ggsemc
winpowerrmi
GoToAssist
DgiVecp
cccredmgr
srvdpi
db2das00
spbbcsvc
vcommmgr
SNP2STD
NIPALK
hpqddsvc
harmony
sshrmd
GT890x
winpower
Slpsvdr
oracle_load_balancer_60_client-forms6ip9
APLMp50
TMKEmu
HPFECP20
pcidump
ftsata2
UVCFTR
nbservice
license
oracleorahomehttpserver
DirectUpdate
PGPsdkDriver
retroexplauncher
nfmservice
tng-dts
SE2Eobex
wampmysqld
s217mdm
dlcf_device
rimvserport
TNaviSrv
el90xbc
RESMGR
SDdriver
pdlnsx25
gameenum
wdica
AR5523
picturetaker
Evian
btwavdt
rnadiagnosticsservice
cusrvc
Via4in1
freepops
nimcrpcsu
dmio
TuneUp.Defrag
iPassPeriodicUpdateApp
prism_a02
IFPUSB
bt3cser
transarcafsdaemon
k750mdfl
USB_RNDIS
SRTSP
ifxtcs
VICESYS
PTDCBus
tcsd_win32.exe
pml
ScFBPNT3
UxTuneUp
vc5secs
tbhsd
stacsv
licensemanagersocket
avgarcln
tosrfnds
ql1280
s3ssavage
hmonitor
wlluc48
tmmbd
cbidf
zebrbus
dvd_2K
vsapint
w200bus
awhost32
filechecker
NsTrcNT
hsf_dp
trackcam4
arcltsrv
dladresm
WUSB54GPV4SRV
us30service
vvoice
inotask
inorpc
VNUSB
lxrjd31d
Ncrc710
rca
s125obex
NxSysMon
VX3000
srescan
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
isapisearch
lockmgr
nvcap
ss_mdfl
SRS_SSCFilter
klif
DCamUSBSQTECH
se26unic
mks_scan
s7otranx
SED133x
ibmcicstransactiongateway
s7oppitx
LKbdFlt2
3comtftp
UMPass
U81xobex
U2SP
co_mon
atierecord
qbfcservice
tosrfsnd
openvpnservice
AmdLLD
freebsd
atkdisplf
se58unic
RMCAST
mcnasvc
cdr4_2k
avg7updsvc
cvsnt
k750mdm
s616unic
artourservice
symmpi
iastor
aclient
BTSLBCSP
askernel
acprfmgrsvc
https-admserv61
splitter
SaiU040B
proxyhostservice
USB_RNDIS_XP
nmsaccess
mfehidk
snmptrapdservice
digictrl
emupia
rimusb
array_utility_service4,0,1,3
gearaspiwdm
eskerlicensecontrol
lxbs_device
nimdbgk
CTMSHD
ihcservice
pavreport
ATKFUSService
iomdisk
se59mdfl
pnkbstrb
lp6nds35
syntp
SWMX00
se2Bnd5
e1express
w800mdfl
entech
T6963C
hnmsvc
VCAM
purgeieservice
XFX_program
smcservice
ldlcserv
PQNTDrv
iviaspi
enxpsvc
DniVad
acedrv07
Subsonic
iwebmsg
qmofiltr
agrsrvce
SunkFilt39
TcUsb
MA_CMIDI
trcboot
smsmdd
iam
a016mdfl
db2ntsecserver
ec2007service
sqlagent$sony_mediamgr
soma
tvs
ipsraidn
kservice
Bcim
amon
axinstsv
btwrchid
bdfsdrv
SE2Dmdfl
MTsensor
maya70docserver
ctdvda2k
wg111nd5
nchssvad
SaiNtSub
cpqarray
gv3
UpdateCenterService
MobilePreInstallerService
SQLWriter
iap
usb20l
s716nd5
FireTDI
pdframe
HSFHWICH
yukonwxp
lvpopflt
vzcdbsvc
NVTCP
SE27mdm
atalk
SunkFilt
NVENET
ctmmfilt
cicssfs.scmmc223
ifxspmgtsrv
se44nd5
agentsrv
ATMsrvc
nsengine
s117obex
aswrdr
z800obex
mwspollserver
lxbu_device
rtl8139
se44bus
USB11LDR
ramaint
pfc
athr
se59nd5
sentinel
ser2pl
websenselogserver
ltck000c
ZuneWlanCfgSvc
k750mgmt
Nsynas32
uclauncherservice
ossrv
sprtsvc_smartagent
autocomplete
sbhooksvc
USBCamera
TestHandler
adiloader
elotouchscreen
cwafrmiregistry
W55U01
tvicport
aec
ino_fltr
CTEDSPFX.DLL
U81xmdm
HFACSVC
imaservice
tmactmon
MpFilter
bthusb
symids
ASMMAP
atchksrv
AKSIFDH
GV600_4
nvmpu401
ASNDIS5
omniusbl
papycpu2
cpuz132
HECI
tsdhd
protexislicensing
slapd-data52
tandpl
dxdebug
scanwscs
ntrtscan
mod7700
TVALG
oracle_load_balancer_60_client-forms6ip14
telnet
mapserver6.3
incdfs
eamon
GTPTSER
atmeltpm
vetmsgnt
nvsmu
RSAFAL
alertmanager
sysmonlog
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 15:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\dlbacoms.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 15:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 19:23
ComboFix2.txt 2012-05-25 11:25
.
Pre-Run: 63,374,553,088 bytes free
Post-Run: 63,265,398,784 bytes free
.
- - End Of File - - 7AAFB187946B0A775A07405B77DD7FEA
 
ok may havee been a fluke because laptops been running great but had a crash today ?

==================================================
Dump File : Mini060812-01.dmp
Crash Time : 6/8/2012 5:18:37 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00004000
Parameter 2 : 0x86c212c0
Parameter 3 : 0x80000000
Parameter 4 : 0x0023dfed
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+be38a
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : ntkrnlpa.exe+b674e
Stack Address 2 : ntkrnlpa.exe+85573
Stack Address 3 : ntkrnlpa.exe+4ac3a
Computer Name :
Full Path : C:\Windows\Minidump\Mini060812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
 
Ok having a new problem should I start a new thread or continue here?

getting this pop up over and over again when starting IE9 internet explorer "

[FONT=Segoe UI]"Microsoft Windows Search Protocol Host has stopped working" popping up every 10 seconds [/FONT]
[FONT=Segoe UI] [/FONT]
 
Ok I should also say the "search protocol host stopped working" pop up happens right after boot up ! IE9 starts up but when I go to a sight it acts like its there but the screen is blank !

now by ALL the steps you mean run the fix it and reset internet explorer and also click the delete personal settings? if so I did this but no luck still have the problem !

thanks bill
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
  • Like
Reactions: billyd
Hi just wanted to let you know because no one was replying in the other thread!

I ran sfc scannow followed by combofix ! seems to have fixed the problem still haven't tried everything though !
I can post the logs if you want interpret them ? if so word wrap or not ? I've forgotten which way you like them!
Merry Christmas to you also!:D
 
ComboFix 12-12-20.02 - William 12/20/2012 18:21:41.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1929 [GMT -5:00]
Running from: c:\users\William\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\users\William\AppData\Roaming\vso_ts_preview.xml
c:\users\William\GoToAssistDownloadHelper.exe
c:\windows\desktop
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\mscsptisrv.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_server
-------\Service_timounter
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 23:34 . 2012-12-20 23:37 -------- d-----w- c:\users\William\AppData\Local\temp
2012-12-20 23:34 . 2012-12-20 23:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-20 23:34 . 2012-12-20 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 22:15 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 22:15 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 19:16 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98BCAFC5-E53A-40A4-9E63-3C4228B96AFF}\mpengine.dll
2012-12-12 08:03 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 08:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 08:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 08:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 08:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 08:03 . 2012-07-26 03:20 172032 ------w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 08:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 08:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 08:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 08:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 08:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 06:57 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 06:57 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:57 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 06:57 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-01 08:53 . 2012-12-01 08:53 -------- d-----w- c:\users\William\AppData\Roaming\Big Fish Games
2012-12-01 08:51 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-01 08:51 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-01 08:51 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-12-01 08:51 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-01 08:51 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-12-01 08:51 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-12-01 08:51 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-12-01 08:51 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 11:58 . 2012-04-04 17:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:58 . 2011-12-23 00:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 01:19 . 2012-11-07 01:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-07 01:19 . 2012-11-07 01:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-29 23:54 . 2012-05-13 23:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 16:19 . 2012-11-14 02:32 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 19:32 . 2012-06-23 20:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2012-03-20 23:22 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"dlbamon.exe"="c:\program files\Dell AIO Printer A940\dlbamon.exe" [2007-03-05 435696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-07 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se2Bunic
ofcpfwsvc
upsmonservice
nmservice
atkkeyboardservice
SE2Bmdfl
SE2Dbus
omsad
tmtdi
wscsvc
wm
UNDPX2A
sdcoreservice
EIO_XP
ErrDev
qfcoresvc
mcdetect.exe
pelusblf
DS1410D
CTMFLT
EMATCORE
CVirtA
mssqlserverolapservice
pgpsdkservice
PTDCVsp
dsNcAdpt
sisnic
btnetfilter
nimcdfxk
MTC0001_ESB
SprintRcAppSvc
pcx1unic
RDID1027
pwkntmon
axsaki
mwagent
oracle_load_balancer_60_server-forms6ip9
rslinxng
mysql
teefer
atixsaudio
adminserver
mvserver
spmd
bc_filter
atiavaiw
UimBus
sisperf
imapiservice
s716mdm
rt2500usb
ppped
tfsnboio
dlartl_n
vstor2-ws60
iPassPeriodicUpdateService
speakerphone
ZDPNDIS5
ISAMSvc
plsremotesvc
smartwiservice
mcdbus
se45mgmt
ccflic0
webdriveservice
wlluc48b
webrootenterpriseclientservice
imagesrv
flashcom
ssm_bus
olapserver
wintab32
a016mgmt
MRV6X32P
EACSvrMngr
sglogplayer
AcronisOSSReinstallSvc
atdisk
bantext
nwlnkspx
PBADRV
oraclewebassistant
sonytvc
intelroam
papyjoy
tfsnudf
U3sHlpDr
npapimon
comhost
SetupSys
pdlnatcm
iPassP
perc2
statusagent
ATWPKT2
AdobeActiveFileMonitor6.0
WD_FireWire_HID
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
hclinetd
i81x
SWUMX51
MQAC
UsbserFilt
dlbu_device
szkg
incdsrv
acrotray
rootmodem
nwlnknb
avgems
datasvr
NETw4v32
cfgwzsvc
tvtfilter
USB_NDIS_51
s125mdfl
tng-dtmg
vproeventmonitor
wmconnectcds
redbook
DivisCTS
NWSAP
macformatservice
sit_flt
EL2000
ssfs0509
procexp90
iksyssec
starwindservice
mnsframework
bwcsrv
aolservice
crauto
nvax
mctskshd.exe
ICAM5USB
LC7981
razerusb
EagleNT
elockservice
xfilt
ageremodemaudio
MA8032U
fshttps
slabbus
useraccess7
ctljystk
acermemusagecheckservice
NVR0Dev
rnadirectory
netmdsb
nm
bc_pat_f
MREMP50
W700mdm
oraclemtsrecoveryservice
pduip6000dmemcrdmgr
roxwatch
svv
SMCB000
vncdrv
tapeware
Angel2
qkbfiltr
persfw
cpucoolserver
elnkservice
btwusb
STV680m
msftpsvc
mxnic
ikhfile
opcenum
trioservice
cebdaldr
winpppoverethernet
lpx
TOSHIBASoftModem
mssql$sqlexpress
Hotkey
NITaggerService
dlcj_device
slabser
openldap-slapd
diskeeper
WinVd32
rchost
w800mdm
NTIDrvr
dlcc_device
SE26mgmt
z800mgmt
emitray
aspi32
S3GIGP
tgsrvc_smartagent
beatjamupnpmusicserver
iaimfp1
Slntamr
defwatch
sis315
queuemgr
penrendezvous
lktimesync
bthpan
ATMsg
ino_flpy
cvslock
dtsrvc
noipducservice
WaveFDE
ntcharge
se45nd5
rfcomm
tavsvc
SABSVC
screadspool
GTSCSER
mysqlinventime
modemcsa
NETw3v32
ma_cmidi_installerservice
getPlusHelper
nimxdfk
tdimsys
bdselfpr
PD0620VID
PGPdisk
SimpTcp
mfeavfk
AVerTV
SPFDRV
btwhid
pcradminserver
audstub
mlkkbdntdriver
WBHWDOCT
lvprcsrv
uleadburninghelper
mwstick
vsdatant
hibernation
lmab_device
rppkt
mcsysmon
UWProSys
s217nd5
CX88AUD
pdlnshay
monfilt
lxcj_device
ntpr_nic_service2
a016mdm
iAimTV5
zpsc
haspnt
Jukebox
VAIOMediaPlatform-MusicServer-HTTP
FETNDIS
scsk4
outpostfirewall
backupexecalertserver
nmwcdc
pavdrv
slee_503_service
HIDSwvd
ssm_mdm
LVRS
sifilter
viaagp1
ood2000
STV680
CnxTrLan
win32sl
s116mdm
cwcwdm
Pctspk
jaguar
ROB_A
Appn
hwpsgt
AVCSTRM
spcsutilityservice
nvstor32
mfesmfk
roxupnpserver
avg7rsw
SWNC5E00
DNE
ovsecurityserver
p2k
ADIDTSFiltService
wuolservice
ggsemc
winpowerrmi
GoToAssist
DgiVecp
cccredmgr
srvdpi
db2das00
spbbcsvc
vcommmgr
SNP2STD
NIPALK
hpqddsvc
harmony
sshrmd
GT890x
winpower
Slpsvdr
oracle_load_balancer_60_client-forms6ip9
APLMp50
TMKEmu
HPFECP20
pcidump
ftsata2
UVCFTR
nbservice
license
oracleorahomehttpserver
DirectUpdate
PGPsdkDriver
retroexplauncher
nfmservice
tng-dts
SE2Eobex
wampmysqld
s217mdm
dlcf_device
rimvserport
TNaviSrv
el90xbc
RESMGR
SDdriver
pdlnsx25
gameenum
wdica
AR5523
picturetaker
Evian
btwavdt
rnadiagnosticsservice
cusrvc
Via4in1
freepops
nimcrpcsu
dmio
TuneUp.Defrag
iPassPeriodicUpdateApp
prism_a02
IFPUSB
bt3cser
transarcafsdaemon
k750mdfl
USB_RNDIS
SRTSP
ifxtcs
VICESYS
PTDCBus
tcsd_win32.exe
pml
ScFBPNT3
UxTuneUp
vc5secs
tbhsd
stacsv
licensemanagersocket
avgarcln
tosrfnds
ql1280
s3ssavage
hmonitor
wlluc48
tmmbd
cbidf
zebrbus
dvd_2K
vsapint
w200bus
awhost32
filechecker
NsTrcNT
hsf_dp
trackcam4
arcltsrv
dladresm
WUSB54GPV4SRV
us30service
vvoice
inotask
inorpc
VNUSB
lxrjd31d
Ncrc710
rca
s125obex
NxSysMon
VX3000
srescan
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
isapisearch
lockmgr
nvcap
ss_mdfl
SRS_SSCFilter
klif
DCamUSBSQTECH
se26unic
mks_scan
s7otranx
SED133x
ibmcicstransactiongateway
s7oppitx
LKbdFlt2
3comtftp
UMPass
U81xobex
U2SP
co_mon
atierecord
qbfcservice
tosrfsnd
openvpnservice
AmdLLD
freebsd
atkdisplf
se58unic
RMCAST
mcnasvc
cdr4_2k
avg7updsvc
cvsnt
k750mdm
s616unic
artourservice
symmpi
iastor
aclient
BTSLBCSP
askernel
acprfmgrsvc
https-admserv61
splitter
SaiU040B
proxyhostservice
USB_RNDIS_XP
nmsaccess
mfehidk
snmptrapdservice
digictrl
emupia
rimusb
array_utility_service4,0,1,3
gearaspiwdm
eskerlicensecontrol
lxbs_device
nimdbgk
CTMSHD
ihcservice
pavreport
ATKFUSService
iomdisk
se59mdfl
pnkbstrb
lp6nds35
syntp
SWMX00
se2Bnd5
e1express
w800mdfl
entech
T6963C
hnmsvc
VCAM
purgeieservice
XFX_program
smcservice
ldlcserv
PQNTDrv
iviaspi
enxpsvc
DniVad
acedrv07
Subsonic
iwebmsg
qmofiltr
agrsrvce
SunkFilt39
TcUsb
MA_CMIDI
trcboot
smsmdd
iam
a016mdfl
db2ntsecserver
ec2007service
sqlagent$sony_mediamgr
soma
tvs
ipsraidn
kservice
Bcim
amon
axinstsv
btwrchid
bdfsdrv
SE2Dmdfl
MTsensor
maya70docserver
ctdvda2k
wg111nd5
nchssvad
SaiNtSub
cpqarray
gv3
UpdateCenterService
MobilePreInstallerService
SQLWriter
iap
usb20l
s716nd5
FireTDI
pdframe
HSFHWICH
yukonwxp
lvpopflt
vzcdbsvc
NVTCP
SE27mdm
atalk
SunkFilt
NVENET
ctmmfilt
cicssfs.scmmc223
ifxspmgtsrv
se44nd5
agentsrv
ATMsrvc
nsengine
s117obex
aswrdr
z800obex
mwspollserver
lxbu_device
rtl8139
se44bus
USB11LDR
ramaint
pfc
athr
se59nd5
sentinel
ser2pl
websenselogserver
ltck000c
ZuneWlanCfgSvc
k750mgmt
Nsynas32
uclauncherservice
ossrv
sprtsvc_smartagent
autocomplete
sbhooksvc
USBCamera
TestHandler
adiloader
elotouchscreen
cwafrmiregistry
W55U01
tvicport
aec
ino_fltr
CTEDSPFX.DLL
U81xmdm
HFACSVC
imaservice
tmactmon
MpFilter
bthusb
symids
ASMMAP
atchksrv
AKSIFDH
GV600_4
nvmpu401
ASNDIS5
omniusbl
papycpu2
cpuz132
HECI
tsdhd
protexislicensing
slapd-data52
tandpl
dxdebug
scanwscs
ntrtscan
mod7700
TVALG
oracle_load_balancer_60_client-forms6ip14
telnet
mapserver6.3
incdfs
eamon
GTPTSER
atmeltpm
vetmsgnt
nvsmu
RSAFAL
alertmanager
sysmonlog
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:58]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-12-18 c:\windows\Tasks\ReclaimerUpdateFiles_William.job
- c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
.
2012-12-19 c:\windows\Tasks\ReclaimerUpdateXML_William.job
- c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
.
2012-12-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_William.job
- c:\users\William\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NortonSupport - c:\program files\Norton Internet Security\Engine\19.1.0.28\symerr.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-20 18:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\dlbacoms.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\msiexec.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-12-20 18:43:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-20 23:43
ComboFix2.txt 2012-05-25 19:23
ComboFix3.txt 2012-05-25 11:25
.
Pre-Run: 85,502,816,256 bytes free
Post-Run: 85,457,219,584 bytes free
.
- - End Of File - - 5E48F7E7CD0F8286D9073F866A742DA1
 
You must log in or register to reply here.

Similar threads

yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
DuduSousas
GeForce GTX 980 Ti Troubleshooting
Replies
1
Views
2K
Cycloid Torus
Cycloid Torus
R
PC freezing and shutting down - NorthBridge and RAM overheating
Replies
2
Views
4K
Miltongina
Miltongina

Latest posts

Back