Jump to content

Laptop has started to BSOD...

bobstothard
 Share

Recommended Posts

bobstothard

bobstothard

Posted
Posted

Hi, hoping someone can help

sometime last week i began getting the following BSOD whenever booting windows


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4145

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/05/2010 18:35:07
mbam-log-2010-05-26 (18-35-07).txt

Scan type: Quick scan
Objects scanned: 125003
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Here is the DDS Log


DDS (Ver_10-03-17.01) - NTFSx86  
Run by Bob at 21:07:07.16 on 26/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.3070.472 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\Downloads\Browser Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bob\Downloads\Browser Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\bob\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\bob\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bob\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: glasgow
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\lnhlosvg.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\bob\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\bob\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\bob\appdata\roaming\facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-11 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-11 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-11 242896]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-1-11 77824]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-15 308064]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-26 304464]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-26 20952]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-5 24576]

============== File Associations ===============

.txt=Notepad++_file

=============== Created Last 30 ================

2010-05-26 20:04:46	0	----a-w-	c:\users\bob\defogger_reenable
2010-05-26 18:36:06	215656	----a-w-	c:\windows\system32\nvcod1910.dll
2010-05-26 17:23:28	0	d-----w-	c:\users\bob\appdata\roaming\Malwarebytes
2010-05-26 17:23:25	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 17:23:23	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-26 17:23:23	0	d-----w-	c:\programdata\Malwarebytes
2010-05-26 17:23:23	0	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-26 17:21:54	0	d-----w-	c:\windows\system32\appmgmt
2010-05-26 16:47:25	0	d-----w-	C:\NVIDIA
2010-05-25 19:33:49	0	d-----w-	c:\program files\WhoCrashed
2010-05-25 19:20:11	0	d-----w-	c:\program files\Phyxion.net
2010-05-25 18:55:05	0	----a-w-	c:\windows\DbgOut.INI
2010-05-25 17:31:32	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-24 16:58:56	131072	---ha-w-	c:\windows\DUMP3c0f.DMP
2010-05-24 16:48:20	65536	--sha-w-	c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TM.blf
2010-05-24 16:48:20	524288	--sha-w-	c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2010-05-24 16:48:20	524288	--sha-w-	c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2010-05-24 16:32:31	65536	--sha-w-	c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TM.blf
2010-05-24 16:32:31	524288	--sha-w-	c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TMContainer00000000000000000002.regtrans-ms
2010-05-24 16:32:31	524288	--sha-w-	c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TMContainer00000000000000000001.regtrans-ms
2010-05-21 11:38:21	7772	----a-w-	c:\windows\system32\nvinfo.pb
2010-05-20 19:57:51	65536	--sha-w-	c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TM.blf
2010-05-20 19:57:51	524288	--sha-w-	c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TMContainer00000000000000000002.regtrans-ms
2010-05-20 19:57:51	524288	--sha-w-	c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TMContainer00000000000000000001.regtrans-ms
2010-05-13 16:37:50	0	d-----r-	c:\users\bob\My Dropbox
2010-05-13 16:35:29	0	d-----w-	c:\users\bob\appdata\roaming\Dropbox
2010-05-11 19:47:28	740864	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-08 13:34:14	0	d-----w-	c:\program files\VideoLAN
2010-05-06 19:26:01	50	----a-w-	c:\windows\MegaManager.INI
2010-05-05 21:42:49	0	d-----w-	c:\program files\MetaGeek
2010-05-05 17:01:20	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-05-05 17:00:11	0	d-----w-	c:\users\bob\appdata\roaming\Teleca
2010-05-05 16:59:31	0	d-----w-	c:\programdata\Teleca
2010-05-05 16:59:31	0	d-----w-	c:\program files\common files\Teleca Shared
2010-05-05 16:57:56	0	d-----w-	c:\program files\HTC
2010-05-05 16:57:53	24576	----a-w-	c:\windows\system32\drivers\ANDROIDUSB.sys
2010-05-05 16:57:53	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2010-04-30 22:27:11	0	d-----w-	c:\program files\iPod
2010-04-30 22:25:29	0	d-----w-	c:\program files\Bonjour
2010-04-28 17:40:10	194488	----a-w-	c:\windows\system32\drivers\fvevol.sys
2010-04-28 17:40:09	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2010-04-28 17:40:08	133720	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 14:37:26	158	----a-w-	c:\users\bob\moreusers.bat
2010-04-27 14:25:17	580	----a-w-	c:\users\bob\moreusers.csv
2010-04-27 13:57:25	386	----a-w-	c:\users\bob\createnewser.ps1
2010-04-27 13:55:18	499	----a-w-	c:\users\bob\newusers.csv

==================== Find3M  ====================

2010-04-21 08:53:27	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-04-11 11:19:01	41	----a-w-	c:\users\bob\jagex_runescape_preferences.dat
2010-04-11 10:18:55	69	----a-w-	c:\users\bob\jagex_runescape_preferences2.dat
2010-04-10 18:32:10	0	----a-w-	c:\users\bob\jagex__preferences3.dat
2010-04-08 12:20:02	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 12:20:02	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-03-15 08:04:36	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-03-08 21:33:56	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-02-27 12:07:48	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-07-14 04:56:42	31548	----a-w-	c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42	31548	----a-w-	c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42	291294	----a-w-	c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42	291294	----a-w-	c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57	174	--sha-w-	c:\program files\desktop.ini
2009-07-14 00:34:40	291294	----a-w-	c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40	291294	----a-w-	c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38	31548	----a-w-	c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38	31548	----a-w-	c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35	9633792	--sha-r-	c:\windows\fonts\StaticCache.dat
2010-01-22 03:19:16	245760	--sha-w-	c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:09:08.18 ===============

Attach.zip

Link to post
Share on other sites
  • 3 weeks later...
kahdah

kahdah

Posted
Posted

Hello bobstothard

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
bobstothard

bobstothard

Posted
  • Author
Posted

hi kahdah,

here is the combofix log

ComboFix 10-06-14.01 - Bob 14/06/2010 19:20:05.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.2017 [GMT 1:00]

Running from: c:\users\Bob\Downloads\Browser Downloads\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))

.

2010-06-14 18:27 . 2010-06-14 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-08 20:55 . 2010-06-08 20:55 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-03 16:39 . 2010-06-03 16:39 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys

2010-06-03 16:39 . 2010-06-03 16:39 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

2010-05-31 13:04 . 2010-05-31 13:04 -------- d-----w- c:\users\Bob\New folder

2010-05-26 18:36 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod1910.dll

2010-05-26 17:23 . 2010-05-26 17:23 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes

2010-05-26 17:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-26 17:23 . 2010-05-26 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-26 17:23 . 2010-05-26 17:23 -------- d-----w- c:\programdata\Malwarebytes

2010-05-26 17:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-26 16:47 . 2010-05-26 17:17 -------- d-----w- C:\NVIDIA

2010-05-25 19:33 . 2010-05-25 19:56 -------- d-----w- c:\program files\WhoCrashed

2010-05-25 19:20 . 2010-05-25 19:20 -------- d-----w- c:\program files\Phyxion.net

2010-05-25 17:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-14 18:23 . 2010-01-12 18:59 -------- d-----w- c:\users\Bob\AppData\Roaming\uTorrent

2010-06-14 17:49 . 2010-01-11 13:20 -------- d-----w- c:\programdata\Microsoft Help

2010-06-14 17:46 . 2010-05-13 16:35 -------- d-----w- c:\users\Bob\AppData\Roaming\Dropbox

2010-06-14 17:43 . 2010-01-13 08:13 -------- d-----w- c:\programdata\VMware

2010-06-14 17:42 . 2010-01-11 15:40 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-13 20:03 . 2010-01-24 00:46 -------- d-----w- c:\users\Bob\AppData\Roaming\Spotify

2010-06-08 20:56 . 2010-01-13 23:22 -------- d-----w- c:\program files\Common Files\Java

2010-06-08 20:55 . 2010-01-14 08:46 -------- d-----w- c:\program files\Java

2010-06-03 16:39 . 2010-01-11 14:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 16:39 . 2010-01-11 14:59 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-28 17:16 . 2010-01-11 12:59 -------- d-----w- c:\users\Bob\AppData\Roaming\Apple Computer

2010-05-26 17:21 . 2010-03-23 19:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-26 16:02 . 2010-01-10 19:55 -------- d-----w- c:\program files\Microsoft

2010-05-20 08:02 . 2010-01-12 18:59 -------- d-----w- c:\program files\uTorrent

2010-05-18 08:20 . 2010-01-26 21:32 -------- d-----w- c:\program files\Google

2010-05-17 13:33 . 2010-03-04 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-13 20:13 . 2010-05-13 16:35 89831 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\Uninstall.exe

2010-05-12 16:51 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-05-10 17:26 . 2010-05-10 17:26 655360 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-10 17:26 . 2010-05-10 17:26 282624 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-10 17:26 . 2010-05-10 17:26 208896 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll

2010-05-08 14:13 . 2010-05-08 13:34 -------- d-----w- c:\users\Bob\AppData\Roaming\vlc

2010-05-08 13:34 . 2010-05-08 13:34 -------- d-----w- c:\program files\VideoLAN

2010-05-05 21:42 . 2010-05-05 21:42 45126 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe

2010-05-05 21:42 . 2010-05-05 21:42 45126 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe

2010-05-05 21:42 . 2010-05-05 21:42 -------- d-----w- c:\program files\MetaGeek

2010-05-05 17:01 . 2010-05-05 17:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-05-05 17:00 . 2010-05-05 17:00 -------- d-----w- c:\users\Bob\AppData\Roaming\Teleca

2010-05-05 16:59 . 2010-05-05 16:59 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-05-05 16:59 . 2010-05-05 16:59 -------- d-----w- c:\programdata\Teleca

2010-05-05 16:59 . 2010-05-05 16:57 -------- d-----w- c:\program files\HTC

2010-05-05 16:57 . 2010-05-05 16:57 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-05-05 16:57 . 2010-05-05 16:57 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-05-02 11:34 . 2010-01-13 08:23 -------- d-----w- c:\users\Bob\AppData\Roaming\VMware

2010-04-30 22:27 . 2010-01-11 12:58 -------- d-----w- c:\program files\iTunes

2010-04-30 22:27 . 2010-04-30 22:27 -------- d-----w- c:\program files\iPod

2010-04-30 22:27 . 2010-01-11 12:57 -------- d-----w- c:\program files\Common Files\Apple

2010-04-30 22:25 . 2010-04-30 22:25 -------- d-----w- c:\program files\Bonjour

2010-04-30 22:22 . 2010-04-30 22:22 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-04-29 10:17 . 2010-04-27 14:37 158 ----a-w- c:\users\Bob\moreusers.bat

2010-04-21 20:51 . 2010-04-21 20:51 -------- d-----w- c:\program files\SyncToy 2.1

2010-04-21 20:51 . 2010-04-21 20:51 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-04-21 20:23 . 2010-03-29 11:46 -------- d-----w- c:\users\Bob\AppData\Roaming\DiskSpaceFan

2010-04-20 19:00 . 2010-04-20 18:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-20 18:39 . 2010-04-20 18:25 -------- d-----w- c:\program files\QuickTime

2010-04-20 18:15 . 2010-04-20 18:15 -------- d-----w- c:\program files\Visual CertExam Suite

2010-04-14 17:53 . 2010-04-14 17:53 136 ----a-w- c:\windows\UNlock.dat

2010-04-11 11:19 . 2010-04-10 18:29 41 ----a-w- c:\users\Bob\jagex_runescape_preferences.dat

2010-04-11 10:18 . 2010-04-10 18:32 69 ----a-w- c:\users\Bob\jagex_runescape_preferences2.dat

2010-04-10 18:32 . 2010-04-10 18:32 0 ----a-w- c:\users\Bob\jagex__preferences3.dat

2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-09-12 23:05 . 2009-09-12 23:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 23:06 . 2009-09-12 23:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 23:06 . 2009-09-12 23:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 23:06 . 2009-09-12 23:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 23:06 . 2009-09-12 23:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 23:07 . 2009-09-12 23:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 23:06 . 2009-09-12 23:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 23:06 . 2009-09-12 23:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 13:33 . 2009-08-14 13:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 23:06 . 2009-09-12 23:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-19 322352]

"Google Update"="c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-26 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-03 198160]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 136176]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2010-05-05 24576]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

.

Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 16:10]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 16:10]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2423535537-1617997293-4219122223-1001Core.job

- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 19:00]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2423535537-1617997293-4219122223-1001UA.job

- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 19:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: glasgow

FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\lnhlosvg.default\

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\users\Bob\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\Bob\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\users\Bob\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

.

------- File Associations -------

.

.txt=Notepad++_file

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4256)

c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

Completion time: 2010-06-14 19:31:11

ComboFix-quarantined-files.txt 2010-06-14 18:31

Pre-Run: 20,546,813,952 bytes free

Post-Run: 21,447,139,328 bytes free

- - End Of File - - 99A2F29F4478B927419958FB00E23811

Link to post
Share on other sites
bobstothard

bobstothard

Posted
  • Author
Posted

hi kahdah,

i've just installed the 197.16_notebook_winvista_win7_32bit_international_whql driver from nvidia and have the same problem.

The machine didn't blue screen but when loading windows the screen is all fuzzy, (see attached)

I'm starting to think it may be a hardware issue.

unless you have any other advice i think what i might do now is take a copy of the disk as i have it now. Then do a fresh install of windows and install the driver before anything else and see if i get the same issue.

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Yikes yep that looks like it might be an internal problem.

Could be the lcd itself or the lamps inside of it.

I would take it to a local repair shop to have them check it out.

Reinstalling Windows will not do anything for that problem.

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept