Jump to content

BlackenBlue

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

Reputation

0 Neutral
  1. BlackenBlue
    ok done with both updates, Java went as expected but you may want to change the standard rhetoric for the Flash player upgrade for those with Google Chrome, its pretty obnoxious to have to figure out. Also, the uninstall_flash_player.exe "link" is not a link at all. But otherwise, ready to proceed.
  2. BlackenBlue
    Results of screen317's Security Check version 0.99.38 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.1 JavaFX 2.1.0 SDK Java 7 Update 5 Java SE Development Kit 7 Update 4 Java version out of date! Adobe Flash Player 10 Flash Player out of date! Adobe Flash Player 10.1.102.64 Flash Player out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Spybot Teatimer.exe is disabled! Windows Defender MSASCui.exe windows defender MpCmdRun.exe ``````````End of Log````````````
  3. BlackenBlue
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Thats the entire log file, no problems found
  4. BlackenBlue
    Ok thanks for re-opening the thread, I spent the past two days interfacing with a microsoft rep, and we were able to resolve the Service Pack install issue by, in essence, swapping out the windows sys files, which worked completely, my machine is now completely updated through windows update. Which I believe was the last of the deficiencies cited. I think thats where we were with things before I got called up
  5. BlackenBlue
    Ok I hit a wall with this one, it says not to run it from windows, but I dont know how to run a specific file without booting up the OS... In any case I'm out of time for the foreseeable future, I have a necessary obligation which will last for the approx. the next two weeks(June 18th(ish)), is there any way to suspend a post or will I have to start from scratch? (as for malware issues I havent noticed any negative issues in speed or stability since we ran TDSSKiller, however Steam no longer runs which is a shame (maybe it'll be resolved after the diag/cleaner programs are removed??)) Whatever the outcome of all of this you've been a fantastic help the whole way, without you my machine would have been stayed bricked and inoperable, Thanks for being a stone cold badass
  6. BlackenBlue
    ExcelStor
  7. BlackenBlue
    bluescreened again ComboFix 12-05-25.01 - Shoescifer 05/29/2012 22:22:15.7.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1317 [GMT -5:00] Running from: c:\users\Shoescifer\Desktop\ComboFix.exe Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --> c:\windows\System32\drivers\partmgr.sys . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-30 03:30 . 2012-05-30 03:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-30 03:30 . 2012-05-30 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 04:38 . 2012-05-29 08:46 -------- d-----w- C:\0ee755ddd88ee6b3d08d97a7a94f79 2012-05-28 05:32 . 2006-11-02 09:50 50792 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-05-27 23:58 . 2012-05-27 23:58 -------- d-----w- c:\program files\Common Files\Java 2012-05-27 23:58 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-27 21:23 . 2012-05-27 21:25 -------- d-----w- c:\program files\Oracle 2012-05-27 18:07 . 2012-05-27 18:07 -------- d-----w- c:\windows\CheckSur 2012-05-26 17:24 . 2012-05-26 17:24 -------- d-----w- c:\windows\system32\EventProviders 2012-05-26 10:10 . 2012-05-26 20:06 -------- d-----w- C:\a9294f6d8eb38cef5d3a 2012-05-26 05:14 . 2012-05-26 12:36 -------- d-----w- C:\91f982185cd6ecaba702 2012-05-25 22:53 . 2012-05-25 22:53 -------- d-----w- c:\program files\ESET 2012-05-25 17:30 . 2012-05-25 17:31 -------- d-----w- c:\program files\ERUNT 2012-05-25 07:26 . 2012-05-25 17:37 3993600 ----a-w- c:\program files\GUT7E0A.tmp 2012-05-25 07:26 . 2012-05-25 07:26 -------- d-----w- c:\program files\GUM7E09.tmp 2012-05-25 06:43 . 2012-05-30 03:56 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp 2012-05-25 05:36 . 2012-05-25 18:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-22 04:17 . 2012-05-26 05:42 -------- d-----w- C:\perflogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys 2012-05-15 06:43 . 2012-05-29 06:06 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA8B80D-4B51-49AA-908F-901E21F5B2AC}\mpengine.dll 2012-04-04 23:47 . 2011-06-27 09:14 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-05-29 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys] @="" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ ipripsvc REG_MULTI_SZ iprip . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ Trusted Zone: malwarebytes.org\forums TCP: DhcpNameServer = 10.0.0.1 DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-29 22:56 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8, 41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*] "datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87, b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\ "rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\System32\tcpsvcs.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\nfsclnt.exe c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe . ************************************************************************** . Completion time: 2012-05-29 23:03:20 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 04:03 ComboFix2.txt 2012-05-30 02:57 ComboFix3.txt 2012-05-29 23:37 ComboFix4.txt 2012-05-29 21:34 ComboFix5.txt 2012-05-30 03:20 . Pre-Run: 28,405,837,824 bytes free Post-Run: 28,152,799,232 bytes free . - - End Of File - - A35959E2315F3A676E651367A8500A67
  8. BlackenBlue
    ok update, increased paging file to three times RAM on both min and max values, ran script = Blue Screen (the same combo fix one that doesnt state any specific file just the technical information) reduced values to two time RAM both max and min values, running CF now,
  9. BlackenBlue
    ... Dammit dude, Stop Error on restart again, had to use Startup Repair again to get back here ComboFix 12-05-25.01 - Shoescifer 05/29/2012 18:00:14.5.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.969 [GMT -5:00] Running from: c:\users\Shoescifer\Desktop\ComboFix.exe Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --> c:\windows\System32\drivers\partmgr.sys . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))) . . 2012-05-29 23:07 . 2012-05-29 23:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-29 23:07 . 2012-05-29 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 04:38 . 2012-05-29 08:46 -------- d-----w- C:\0ee755ddd88ee6b3d08d97a7a94f79 2012-05-28 05:32 . 2006-11-02 09:50 50792 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-05-27 23:58 . 2012-05-27 23:58 -------- d-----w- c:\program files\Common Files\Java 2012-05-27 23:58 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-27 21:23 . 2012-05-27 21:25 -------- d-----w- c:\program files\Oracle 2012-05-27 18:07 . 2012-05-27 18:07 -------- d-----w- c:\windows\CheckSur 2012-05-26 17:24 . 2012-05-26 17:24 -------- d-----w- c:\windows\system32\EventProviders 2012-05-26 10:10 . 2012-05-26 20:06 -------- d-----w- C:\a9294f6d8eb38cef5d3a 2012-05-26 05:14 . 2012-05-26 12:36 -------- d-----w- C:\91f982185cd6ecaba702 2012-05-25 22:53 . 2012-05-25 22:53 -------- d-----w- c:\program files\ESET 2012-05-25 17:30 . 2012-05-25 17:31 -------- d-----w- c:\program files\ERUNT 2012-05-25 07:26 . 2012-05-25 17:37 3993600 ----a-w- c:\program files\GUT7E0A.tmp 2012-05-25 07:26 . 2012-05-25 07:26 -------- d-----w- c:\program files\GUM7E09.tmp 2012-05-25 06:43 . 2012-05-29 23:30 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp 2012-05-25 05:36 . 2012-05-25 18:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-22 04:17 . 2012-05-26 05:42 -------- d-----w- C:\perflogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys 2012-05-15 06:43 . 2012-05-29 06:06 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA8B80D-4B51-49AA-908F-901E21F5B2AC}\mpengine.dll 2012-04-04 23:47 . 2011-06-27 09:14 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-05-29 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys] @="" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ ipripsvc REG_MULTI_SZ iprip . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ Trusted Zone: malwarebytes.org\forums TCP: DhcpNameServer = 10.0.0.1 DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8, 41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*] "datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87, b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\ "rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\System32\tcpsvcs.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\windows\system32\nfsclnt.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe . ************************************************************************** . Completion time: 2012-05-29 18:37:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-29 23:37 ComboFix2.txt 2012-05-29 21:34 ComboFix3.txt 2012-05-25 17:59 ComboFix4.txt 2012-05-25 06:43 ComboFix5.txt 2012-05-29 22:58 . Pre-Run: 30,767,448,064 bytes free Post-Run: 30,538,993,664 bytes free . - - End Of File - - 75F84394FAA9A22F2ED057514F31CA16
  10. BlackenBlue
    Damn I thought I had a USB -> PS2 converter round here somewhere, suppose not though unfortunately I dont have any user interfaces that don't use USB..... I unplugged the printer, (it may be worth noting that I have two usb slots in the back and two in front, to avoid any other issues I moved both mouse and keyboard to the back)) since I'm still a little wary of ComboFix I wanted to ensure that this (below) is the CFscript.txt you want me to run FCopy:: C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys | C:\Windows\System32\drivers\partmgr.sys Reboot::
  11. BlackenBlue
    Oh erm... I have a GE dual scroll mouse, a logitech G11 keyboard and a small HP printer (that has no power going to it) all of which are connected through my USB ports... could this be an issue?
  12. BlackenBlue
    SystemLook 30.07.11 by jpshortstuff Log created at 17:27 on 29/05/2012 by Shoescifer Administrator - Elevation successful ========== filefind ========== That time it look only a few seconds here ya go Searching for "partmgr.sys" C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys ------- 56376 bytes [10:12 26/05/2012] [07:42 19/01/2008] 3B38467E7C3DAED009DFE359E17F139F C:\Windows\System32\drivers\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6000.16386_none_df65518fbd847fbf\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE -= EOF =-
  13. BlackenBlue
    It BlueScreened during the scan, and then once again when trying to boot back, ran startup repair from the disk, booted up unassisted, I was amazed to find that ComboFix was open once I logged in and tabulating a report. I hope there'/s some useful information in there for you.... ComboFix 12-05-25.01 - Shoescifer 05/29/2012 15:02:01.4.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1117 [GMT -5:00] Running from: c:\users\Shoescifer\Desktop\ComboFix.exe Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --> c:\windows\System32\drivers\partmgr.sys . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))) . . 2012-05-29 20:09 . 2012-05-29 20:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-29 20:09 . 2012-05-29 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 06:06 . 2012-05-15 06:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA8B80D-4B51-49AA-908F-901E21F5B2AC}\mpengine.dll 2012-05-29 04:38 . 2012-05-29 08:46 -------- d-----w- C:\0ee755ddd88ee6b3d08d97a7a94f79 2012-05-28 05:32 . 2006-11-02 09:50 50792 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-05-27 23:58 . 2012-05-27 23:58 -------- d-----w- c:\program files\Common Files\Java 2012-05-27 23:58 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-27 21:23 . 2012-05-27 21:25 -------- d-----w- c:\program files\Oracle 2012-05-27 18:07 . 2012-05-27 18:07 -------- d-----w- c:\windows\CheckSur 2012-05-26 17:24 . 2012-05-26 17:24 -------- d-----w- c:\windows\system32\EventProviders 2012-05-26 10:10 . 2012-05-26 20:06 -------- d-----w- C:\a9294f6d8eb38cef5d3a 2012-05-26 05:14 . 2012-05-26 12:36 -------- d-----w- C:\91f982185cd6ecaba702 2012-05-25 22:53 . 2012-05-25 22:53 -------- d-----w- c:\program files\ESET 2012-05-25 17:30 . 2012-05-25 17:31 -------- d-----w- c:\program files\ERUNT 2012-05-25 07:26 . 2012-05-25 17:37 3993600 ----a-w- c:\program files\GUT7E0A.tmp 2012-05-25 07:26 . 2012-05-25 07:26 -------- d-----w- c:\program files\GUM7E09.tmp 2012-05-25 06:43 . 2012-05-29 21:30 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp 2012-05-25 05:36 . 2012-05-25 18:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-22 04:17 . 2012-05-26 05:42 -------- d-----w- C:\perflogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-04 23:47 . 2011-06-27 09:14 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-05-29 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys] @="" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LPDService REG_MULTI_SZ ipripsvc REG_MULTI_SZ iprip . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job - c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01] . 2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ Trusted Zone: malwarebytes.org\forums TCP: DhcpNameServer = 10.0.0.1 DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-29 16:30 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8, 41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*] "datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87, b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\ "rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\System32\tcpsvcs.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\windows\system32\nfsclnt.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2012-05-29 16:34:24 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-29 21:34 ComboFix2.txt 2012-05-25 17:59 ComboFix3.txt 2012-05-25 06:43 ComboFix4.txt 2012-05-25 06:18 . Pre-Run: 30,571,380,736 bytes free Post-Run: 30,706,405,376 bytes free . - - End Of File - - 4D0AB7528D21DB9C3E86EB05CE80EE01
  14. BlackenBlue
    SystemLook 30.07.11 by jpshortstuff Log created at 13:41 on 29/05/2012 by Shoescifer Administrator - Elevation successful ========== filefind ========== Searching for "partmgr.sys" C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --a---- 56376 bytes [10:12 26/05/2012] [07:42 19/01/2008] 3B38467E7C3DAED009DFE359E17F139F C:\Windows\System32\drivers\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6000.16386_none_df65518fbd847fbf\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE -= EOF =-
  15. BlackenBlue
    Negative Ghost Rider, no external HDs or removable media
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.