Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cpu won't start in vista premium get blue screen and striped screen


  • This topic is locked This topic is locked
63 replies to this topic

#1 marlonmaya

marlonmaya

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 05 November 2012 - 09:41 AM

Hi,I have a major problem with my laptop where i can now only operate in safe mode.My original problem was the screen just went black and nothing could be done(no mouse pointer or nothing) ctrl alt del didn't work or escape. I just had to power off. When restarted the screen would be black background with a lot of @ icons dotted all over the screen and the screen would then be striped blue. System restore wouldn't work. I decided to send it to a local shop for fixing. It came back after £60 charge! stating that laptop boot viruses fixed and system updated... happy daysbut now it is back again!!!This time system restore did work and i thought phew! but the problem keeps returning and after about 4 system restores it won't restore anymore....help!The virus/fault has no pattern as to when it returns, could be on start up, sometimes when online. another time just whilst using the desktop and also when using my F drive to watch a cd.all info posted below as per prep guide.will apreciate any help pleaseDDS (Ver_2012-10-19.01) - NTFS_x86 NETWORKInternet Explorer: 7.0.6000.16982Run by matt at 13:01:31 on 2012-11-05Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1244 [GMT 0:00]..============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeF:\HBCD\HBCDMenu.exeC:\Windows\explorer.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.commDefault_Page_URL = hxxp://www.club-vaio.comuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_02\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStartmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [RtHDVCpl] RtHDVCpl.exemRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exemRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXEmRunOnce: [GrpConv] grpconv -ouPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabTCP: NameServer = 192.168.1.254TCP: Interfaces\{2F4A5AA8-AE78-44BC-BC0B-5FFC7A91B07C} : DHCPNameServer = 10.0.0.10 8.8.8.8TCP: Interfaces\{C1EF581D-332A-479B-9A7B-948EF6BC1B0A} : NameServer = 192.168.1.254TCP: Interfaces\{C1EF581D-332A-479B-9A7B-948EF6BC1B0A} : DHCPNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: VESWinlogon - VESWinlogon.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 554048]R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-10-27 66032]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91168]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-10-27 168368]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-10-27 166320]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-10-27 60480]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-10-27 360792]R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-29 135664]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 167784]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 167784]S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 167784]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-10-27 200816]S2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2012-10-17 204800]S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-29 250808]S3 BRUCOUY;BRUCOUY;c:\users\matt\appdata\local\temp\brucouy.exe --> c:\users\matt\appdata\local\temp\BRUCOUY.exe [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-29 135664]S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-27 146872]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-10-27 230224]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-10-27 61912]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-10-27 92192]S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-10-19 16472]S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-10-19 11104]S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 812544]S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2012-10-17 745472]S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2012-10-17 397312]S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2012-10-17 1089536]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2012-10-17 292128]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2012-10-17 79136]S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]S3 XURMCQ;XURMCQ;c:\users\matt\appdata\local\temp\xurmcq.exe --> c:\users\matt\appdata\local\temp\XURMCQ.exe [?].=============== File Associations ===============.ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1".=============== Created Last 30 ================.2012-11-05 12:25:00 -------- d-----w- c:\program files\Speccy2012-11-05 11:52:32 -------- d-----w- c:\program files\Spybot - Search & Destroy2012-11-05 10:50:02 -------- d-----w- c:\users\matt\DoctorWeb2012-11-05 09:58:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-11-04 22:55:16 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a753715-801d-436f-8996-e66fd7e2bf25}\mpengine.dll2012-10-31 22:04:09 -------- d-----w- c:\program files\VideoLAN2012-10-29 21:22:09 -------- d-----w- c:\program files\GUM7B86.tmp2012-10-29 21:07:46 -------- d-----w- c:\programdata\UDL2012-10-29 21:07:03 -------- d-----w- c:\program files\EPSON Print CD2012-10-29 21:01:01 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys2012-10-29 20:59:47 64000 ----a-w- c:\windows\system32\ECBTEG.DLL2012-10-29 20:59:47 34304 ----a-w- c:\windows\system32\EBPCHP.DLL2012-10-29 20:59:47 31744 ----a-w- c:\windows\system32\E_DCINST.DLL2012-10-29 20:59:46 75501 ----a-w- c:\windows\system32\EBPMON24.DLL2012-10-29 20:59:28 -------- d-----w- c:\program files\EPSON2012-10-29 20:55:49 -------- d-----w- c:\programdata\Canon2012-10-29 20:52:55 -------- d-----w- c:\windows\LastGood.Tmp2012-10-29 20:52:23 921600 ----a-w- c:\windows\system32\CNAP1NSK.DLL2012-10-29 20:52:23 221184 ----a-w- c:\windows\system32\CNAP2LMK.DLL2012-10-29 20:52:14 385024 ----a-w- c:\windows\system32\CNAC8EMK.DLL2012-10-29 20:51:03 -------- d-----w- c:\program files\Canon2012-10-29 13:27:49 -------- d-----w- c:\users\matt\appdata\roaming\K-Meleon2012-10-29 13:27:30 -------- d-----w- c:\program files\K-Meleon2012-10-29 13:17:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-10-29 13:17:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-27 22:40:43 -------- d-----w- c:\users\matt\appdata\local\Deployment2012-10-27 22:40:43 -------- d-----w- c:\users\matt\appdata\local\Apps2012-10-27 21:57:15 -------- d-----w- C:\Update2012-10-27 21:50:24 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys2012-10-27 21:48:45 66032 ----a-w- c:\windows\system32\drivers\mfenlfk.sys2012-10-27 21:48:41 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2012-10-27 21:48:35 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys2012-10-27 21:48:35 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys2012-10-27 21:48:35 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys2012-10-27 21:48:35 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2012-10-27 21:48:34 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys2012-10-27 21:48:21 -------- d-----w- c:\program files\common files\Mcafee2012-10-27 21:48:15 -------- d-----w- c:\program files\McAfee.com2012-10-27 21:48:09 -------- d-----w- c:\program files\McAfee2012-10-27 21:42:42 166320 ----a-w- c:\windows\system32\mfevtps.exe2012-10-27 21:20:26 -------- d-----w- c:\windows\Google Toolbar2012-10-27 21:08:00 378368 ----a-w- c:\windows\system32\winhttp.dll2012-10-25 13:44:25 268800 ----a-w- c:\windows\system32\es.dll2012-10-25 08:37:59 3102720 ----a-w- c:\windows\system32\NlsData0020.dll2012-10-25 08:37:59 1799168 ----a-w- c:\windows\system32\NlsData0021.dll2012-10-25 08:37:58 1963520 ----a-w- c:\windows\system32\NlsData0024.dll2012-10-25 08:37:58 1799168 ----a-w- c:\windows\system32\NlsData0022.dll2012-10-25 08:37:57 1963520 ----a-w- c:\windows\system32\NlsData0026.dll2012-10-25 08:34:57 97800 ----a-w- c:\windows\system32\infocardapi.dll2012-10-25 08:34:57 622080 ----a-w- c:\windows\system32\icardagt.exe2012-10-25 08:34:57 37384 ----a-w- c:\windows\system32\infocardcpl.cpl2012-10-25 08:34:57 11264 ----a-w- c:\windows\system32\icardres.dll2012-10-25 08:34:53 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2012-10-25 08:34:52 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll2012-10-25 08:34:52 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll2012-10-25 08:34:52 326160 ----a-w- c:\windows\system32\PresentationHost.exe2012-10-24 13:49:47 2855424 ----a-w- c:\windows\system32\mf.dll2012-10-24 13:49:46 98816 ----a-w- c:\windows\system32\mfps.dll2012-10-24 13:49:46 52736 ----a-w- c:\windows\system32\rrinstaller.exe2012-10-24 13:49:46 24576 ----a-w- c:\windows\system32\mfpmp.exe2012-10-24 13:49:46 2048 ----a-w- c:\windows\system32\mferror.dll2012-10-24 13:49:11 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-10-24 13:49:11 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe2012-10-24 13:48:21 434176 ----a-w- c:\windows\system32\vbscript.dll2012-10-24 13:47:58 71680 ----a-w- c:\windows\system32\atl.dll2012-10-24 13:47:34 297472 ----a-w- c:\windows\system32\gdi32.dll2012-10-24 13:47:12 41984 ----a-w- c:\windows\system32\drivers\monitor.sys2012-10-24 13:47:12 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-10-24 13:46:51 500736 ----a-w- c:\windows\system32\msdtcprx.dll2012-10-24 13:46:51 30208 ----a-w- c:\windows\system32\xolehlp.dll2012-10-24 13:46:29 156160 ----a-w- c:\windows\system32\wkssvc.dll2012-10-24 13:46:05 36352 ----a-w- c:\windows\system32\tsgqec.dll2012-10-24 13:46:05 1871872 ----a-w- c:\windows\system32\mstscax.dll2012-10-24 13:46:05 116736 ----a-w- c:\windows\system32\aaclient.dll2012-10-24 13:45:36 303616 ----a-w- c:\windows\system32\wmpeffects.dll2012-10-24 13:44:48 713728 ----a-w- c:\windows\system32\timedate.cpl2012-10-24 13:44:04 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe2012-10-24 13:44:03 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll2012-10-24 13:44:02 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll2012-10-24 13:44:02 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll2012-10-24 13:43:15 1244672 ----a-w- c:\windows\system32\mcmde.dll2012-10-24 13:43:14 428032 ----a-w- c:\windows\system32\EncDec.dll2012-10-24 13:43:14 177152 ----a-w- c:\windows\system32\mpg2splt.ax2012-10-24 13:43:13 80896 ----a-w- c:\windows\system32\MSNP.ax2012-10-24 13:43:13 217088 ----a-w- c:\windows\system32\psisrndr.ax2012-10-24 13:43:12 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax2012-10-24 13:43:12 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2012-10-24 13:43:12 292352 ----a-w- c:\windows\system32\psisdecd.dll2012-10-24 13:41:22 2048 ----a-w- c:\windows\system32\tzres.dll2012-10-24 13:40:57 696832 ----a-w- c:\windows\system32\localspl.dll2012-10-24 13:40:40 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys2012-10-24 13:40:40 21560 ----a-w- c:\windows\system32\drivers\atapi.sys2012-10-24 13:40:40 109624 ----a-w- c:\windows\system32\drivers\ataport.sys2012-10-24 13:40:39 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys2012-10-24 13:40:39 17464 ----a-w- c:\windows\system32\drivers\intelide.sys2012-10-24 13:40:39 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys2012-10-24 13:40:25 2923520 ----a-w- c:\windows\explorer.exe2012-10-24 13:40:10 171520 ----a-w- c:\windows\system32\wintrust.dll2012-10-24 13:39:54 494592 ----a-w- c:\windows\system32\kerberos.dll2012-10-24 13:39:53 272384 ----a-w- c:\windows\system32\schannel.dll2012-10-24 13:39:36 24064 ----a-w- c:\windows\system32\netcfg.exe2012-10-24 13:37:21 62464 ----a-w- c:\windows\system32\l3codeca.acm2012-10-24 13:37:21 220672 ----a-w- c:\windows\system32\l3codecp.acm2012-10-24 13:37:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys2012-10-24 13:37:00 179712 ----a-w- c:\windows\system32\iphlpsvc.dll2012-10-24 13:36:59 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-10-24 13:36:59 22016 ----a-w- c:\windows\system32\netiougc.exe2012-10-24 13:36:59 167424 ----a-w- c:\windows\system32\tcpipcfg.dll2012-10-24 13:36:59 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS2012-10-24 13:36:44 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll2012-10-24 13:36:28 9728 ----a-w- c:\windows\system32\LAPRXY.DLL2012-10-24 13:36:28 223232 ----a-w- c:\windows\system32\WMASF.DLL2012-10-24 13:36:28 2048 ----a-w- c:\windows\system32\asferror.dll2012-10-24 13:36:20 293376 ----a-w- c:\windows\system32\browserchoice.exe2012-10-24 13:34:51 97792 ----a-w- c:\windows\system32\cabview.dll2012-10-24 13:34:22 441856 ----a-w- c:\windows\system32\win32spl.dll2012-10-24 13:34:22 37376 ----a-w- c:\windows\system32\printcom.dll2012-10-24 13:34:09 2031104 ----a-w- c:\windows\system32\win32k.sys2012-10-22 12:32:24 14848 ----a-w- c:\windows\system32\wshrm.dll2012-10-22 12:32:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys2012-10-22 12:32:06 313344 ----a-w- c:\windows\system32\wmpdxm.dll2012-10-22 12:32:05 43520 ----a-w- c:\windows\system32\msdxm.tlb2012-10-22 12:32:05 18432 ----a-w- c:\windows\system32\amcompat.tlb2012-10-22 12:31:29 312320 ----a-w- c:\windows\system32\msdrm.dll2012-10-22 12:31:28 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe2012-10-22 12:31:28 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2012-10-22 12:31:28 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2012-10-22 12:31:28 154112 ----a-w- c:\windows\system32\secproc_ssp.dll2012-10-22 12:31:27 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe2012-10-22 12:31:27 515584 ----a-w- c:\windows\system32\RMActivate.exe2012-10-22 12:31:27 472576 ----a-w- c:\windows\system32\secproc.dll2012-10-22 12:31:26 473088 ----a-w- c:\windows\system32\secproc_isv.dll2012-10-22 12:30:32 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll2012-10-22 12:30:31 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe2012-10-22 12:30:31 11776 ----a-w- c:\windows\system32\sbunattend.exe2012-10-22 12:29:57 83968 ----a-w- c:\windows\system32\dnsrslvr.dll2012-10-22 12:29:57 24576 ----a-w- c:\windows\system32\dnscacheugc.exe2012-10-19 21:16:31 16472 ------w- c:\windows\system32\pwdrvio.sys2012-10-19 21:16:31 11104 ------w- c:\windows\system32\pwdspio.sys2012-10-18 21:32:28 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes2012-10-18 21:32:26 -------- d-----w- c:\programdata\Malwarebytes2012-10-18 21:30:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-10-18 21:26:05 -------- d-----w- c:\users\matt\appdata\roaming\DeviceDoctorSoftware2012-10-17 22:24:01 -------- d-----w- c:\program files\Norton 3602012-10-17 22:22:22 -------- d-----w- c:\program files\Symantec2012-10-17 22:22:21 -------- d-----w- c:\programdata\Symantec2012-10-17 22:22:08 -------- d-----w- c:\program files\common files\Symantec Shared2012-10-17 22:20:02 -------- d-----w- c:\program files\common files\InterVideo2012-10-17 22:19:24 -------- d-----w- c:\program files\InterVideo2012-10-17 22:17:20 -------- d-----w- C:\Documentation2012-10-17 22:10:50 -------- d-----w- c:\program files\Sony Corporation2012-10-17 22:05:23 -------- d-----w- c:\program files\Roxio2012-10-17 22:05:23 -------- d-----w- c:\program files\common files\Sonic Shared2012-10-17 22:04:19 413696 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\ISRT.dll2012-10-17 22:04:19 32768 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\objpscnv.dll2012-10-17 22:04:19 274432 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IScrCnv.dll2012-10-17 22:04:19 192512 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\iGdiCnv.dll2012-10-17 22:04:19 180224 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IUserCnv.dll2012-10-17 22:04:18 774144 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IDriver.exe2012-10-17 22:04:17 548964 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\_ISRES1033.dll2012-10-17 22:03:52 129520 ------w- c:\windows\system32\pxafs.dll2012-10-17 22:00:47 -------- d-----w- c:\programdata\VAIO Media Platform2012-10-17 22:00:10 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll2012-10-17 22:00:10 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe2012-10-17 22:00:10 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll2012-10-17 22:00:10 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll2012-10-17 22:00:10 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll2012-10-17 21:59:06 2981888 ----a-w- c:\windows\system32\iplw7.dll2012-10-17 21:59:05 2531328 ----a-w- c:\windows\system32\iplp6.dll2012-10-17 21:59:05 2502656 ----a-w- c:\windows\system32\iplpx.dll2012-10-17 21:59:04 2785280 ----a-w- c:\windows\system32\iplm6.dll2012-10-17 21:59:03 2686976 ----a-w- c:\windows\system32\iplm5.dll2012-10-17 21:59:02 53248 ----a-w- c:\windows\system32\ipl.dll2012-10-17 21:59:02 2973696 ----a-w- c:\windows\system32\ipla6.dll2012-10-17 21:59:02 19968 ----a-w- c:\windows\system32\Cpuinf32.dll2012-10-17 21:57:36 -------- d-----w- c:\windows\system32\Iosubsys2012-10-17 18:29:19 34304 ----a-w- c:\windows\system32\atmlib.dll2012-10-17 18:29:19 289792 ----a-w- c:\windows\system32\atmfd.dll2012-10-17 18:29:19 24064 ----a-w- c:\windows\system32\lpk.dll2012-10-17 18:29:19 156672 ----a-w- c:\windows\system32\t2embed.dll2012-10-17 18:29:18 72704 ----a-w- c:\windows\system32\fontsub.dll2012-10-17 18:29:18 10240 ----a-w- c:\windows\system32\dciman32.dll2012-10-17 18:24:24 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll2012-10-17 18:24:23 61440 ----a-w- c:\windows\system32\winipsec.dll2012-10-17 18:24:23 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL2012-10-17 18:24:23 272896 ----a-w- c:\windows\system32\polstore.dll2012-10-17 18:23:47 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys2012-10-17 18:23:47 306688 ----a-w- c:\windows\system32\drivers\srv.sys2012-10-17 18:23:11 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll2012-10-17 18:23:10 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll2012-10-17 18:23:10 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll2012-10-17 18:22:26 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2012-10-17 18:22:26 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2012-10-17 18:22:26 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2012-10-17 18:22:26 17920 ----a-w- c:\windows\system32\ROUTE.EXE2012-10-17 18:22:26 15360 ----a-w- c:\windows\system32\netevent.dll2012-10-17 18:22:26 11264 ----a-w- c:\windows\system32\MRINFO.EXE2012-10-17 18:22:26 103936 ----a-w- c:\windows\system32\netiohlp.dll2012-10-17 18:22:26 10240 ----a-w- c:\windows\system32\finger.exe2012-10-17 18:22:25 19968 ----a-w- c:\windows\system32\ARP.EXE2012-10-17 18:22:24 213592 ----a-w- c:\windows\system32\drivers\netio.sys2012-10-17 18:21:04 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr2012-10-17 18:21:04 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll2012-10-17 18:20:59 24064 ----a-w- c:\windows\system32\wtsapi32.dll2012-10-17 18:20:59 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys2012-10-17 18:20:58 28344 ----a-w- c:\windows\system32\drivers\battc.sys2012-10-17 18:20:58 258232 ----a-w- c:\windows\system32\drivers\acpi.sys2012-10-17 18:20:58 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys2012-10-17 18:20:54 542720 ----a-w- c:\windows\system32\sysmain.dll2012-10-17 18:19:39 194560 ----a-w- c:\windows\system32\WebClnt.dll2012-10-17 18:19:39 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys2012-10-17 18:18:16 123904 ----a-w- c:\windows\system32\L2SecHC.dll2012-10-17 18:18:14 67584 ----a-w- c:\windows\system32\wlanhlp.dll2012-10-17 18:18:14 47104 ----a-w- c:\windows\system32\wlanapi.dll2012-10-17 18:18:14 290816 ----a-w- c:\windows\system32\wlanmsm.dll2012-10-17 18:18:13 502272 ----a-w- c:\windows\system32\wlansvc.dll2012-10-17 18:18:13 297984 ----a-w- c:\windows\system32\wlansec.dll2012-10-17 18:17:32 -------- d-----w- c:\programdata\NortonInstaller2012-10-17 18:16:12 2048 ----a-w- c:\windows\system32\msxml3r.dll2012-10-17 18:16:12 1260032 ----a-w- c:\windows\system32\msxml3.dll2012-10-17 18:16:11 2048 ----a-w- c:\windows\system32\msxml6r.dll2012-10-17 18:16:11 1406464 ----a-w- c:\windows\system32\msxml6.dll2012-10-17 18:15:21 -------- d-----w- c:\programdata\Norton2012-10-17 18:14:21 7680 ----a-w- c:\windows\system32\lsass.exe2012-10-17 18:14:21 72704 ----a-w- c:\windows\system32\secur32.dll2012-10-17 18:14:21 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-10-17 18:14:21 216576 ----a-w- c:\windows\system32\msv1_0.dll2012-10-17 18:14:21 175104 ----a-w- c:\windows\system32\wdigest.dll2012-10-17 18:14:21 1233920 ----a-w- c:\windows\system32\lsasrv.dll2012-10-17 18:12:41 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2012-10-17 18:12:41 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2012-10-17 18:12:41 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2012-10-17 18:12:25 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-10-17 18:12:25 107368 ----a-w- c:\windows\system32\GEARAspi.dll2012-10-17 18:12:23 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2012-10-17 18:05:14 -------- d-----w- C:\N360_BACKUP2012-10-17 17:57:59 2641408 ----a-w- c:\windows\system32\NlsData000c.dll2012-10-17 17:57:58 2340864 ----a-w- c:\windows\system32\NlsData000d.dll2012-10-17 17:57:55 4493312 ----a-w- c:\windows\system32\NlsData0414.dll2012-10-17 17:57:55 1963520 ----a-w- c:\windows\system32\NlsData000f.dll2012-10-17 17:57:54 797696 ----a-w- c:\windows\system32\NaturalLanguage6.dll2012-10-17 17:57:54 4493312 ----a-w- c:\windows\system32\NlsData0416.dll2012-10-17 17:57:51 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll2012-10-17 17:57:51 4493312 ----a-w- c:\windows\system32\NlsData0816.dll2012-10-17 17:57:51 1963520 ----a-w- c:\windows\system32\NlsData081a.dll2012-10-17 17:57:48 1963520 ----a-w- c:\windows\system32\NlsData0c1a.dll2012-10-17 17:49:05 549888 ----a-w- c:\windows\system32\rpcss.dll2012-10-17 17:49:03 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe2012-10-17 17:49:03 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe2012-10-17 17:49:03 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll2012-10-17 17:49:03 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll2012-10-17 17:49:02 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll2012-10-17 17:49:02 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll2012-10-17 17:49:01 97280 ----a-w- c:\windows\system32\iasrecst.dll2012-10-17 17:49:01 53248 ----a-w- c:\windows\system32\iasads.dll2012-10-17 17:49:01 37888 ----a-w- c:\windows\system32\iasdatastore.dll2012-10-17 17:49:01 158720 ----a-w- c:\windows\system32\sdohlp.dll2012-10-17 17:48:33 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2012-10-17 17:48:23 237072 ------w- c:\windows\system32\MpSigStub.exe2012-10-17 17:39:06 -------- d-----w- c:\users\matt\appdata\roaming\Symantec2012-10-17 17:30:25 96760 ----a-w- c:\windows\system32\dfshim.dll2012-10-17 17:30:25 41984 ----a-w- c:\windows\system32\netfxperf.dll2012-10-17 17:30:22 282112 ----a-w- c:\windows\system32\mscoree.dll2012-10-17 17:30:21 83968 ----a-w- c:\windows\system32\mscories.dll2012-10-17 17:30:21 158720 ----a-w- c:\windows\system32\mscorier.dll2012-10-17 17:12:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2012-10-17 17:12:30 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2012-10-17 17:12:30 1686528 ----a-w- c:\windows\system32\gameux.dll2012-10-17 17:11:33 996352 ----a-w- c:\windows\system32\WMNetMgr.dll2012-10-17 17:11:33 94720 ----a-w- c:\windows\system32\logagent.exe2012-10-17 17:10:52 84480 ----a-w- c:\windows\system32\INETRES.dll2012-10-17 17:10:52 737792 ----a-w- c:\windows\system32\inetcomm.dll2012-10-17 17:10:34 60928 ----a-w- c:\windows\system32\msasn1.dll2012-10-17 17:10:22 1645568 ----a-w- c:\windows\system32\connect.dll2012-10-17 17:10:08 788992 ----a-w- c:\windows\system32\rpcrt4.dll2012-10-17 17:09:43 396800 ----a-w- c:\windows\system32\drivers\http.sys2012-10-17 17:09:43 31232 ----a-w- c:\windows\system32\httpapi.dll2012-10-17 17:09:42 24064 ----a-w- c:\windows\system32\nshhttp.dll2012-10-17 17:08:07 130048 ----a-w- c:\windows\system32\drivers\srv2.sys2012-10-17 17:07:31 274432 ----a-w- c:\windows\system32\raschap.dll2012-10-17 17:07:30 232960 ----a-w- c:\windows\system32\rastls.dll2012-10-17 17:07:09 321536 ----a-w- c:\windows\system32\WSDApi.dll2012-10-17 17:06:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll2012-10-17 17:06:01 22528 ----a-w- c:\windows\system32\msyuv.dll2012-10-17 17:06:01 11776 ----a-w- c:\windows\system32\tsbyuv.dll2012-10-17 17:06:00 65024 ----a-w- c:\windows\system32\avicap32.dll2012-10-17 17:06:00 1327616 ----a-w- c:\windows\system32\quartz.dll2012-10-17 14:01:10 -------- d-----w- c:\users\matt\appdata\local\Sony_NSCE2012-10-17 13:59:36 -------- d-----w- c:\users\matt\appdata\local\VirtualStore.==================== Find3M ====================.2012-10-27 21:07:04 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui2012-10-24 13:38:57 1585664 ----a-w- c:\windows\system32\setupapi.dll2012-10-24 13:35:54 40960 ----a-w- c:\windows\apppatch\apihex86.dll2012-10-17 18:26:48 72704 ----a-w- c:\windows\system32\admparse.dll2012-10-17 18:26:46 832512 ----a-w- c:\windows\system32\wininet.dll2012-10-17 18:26:46 52736 ----a-w- c:\windows\apppatch\iebrshim.dll2012-10-17 18:26:40 389120 ----a-w- c:\windows\system32\html.iec2012-10-17 18:26:39 78336 ----a-w- c:\windows\system32\ieencode.dll2012-10-17 18:26:39 48128 ----a-w- c:\windows\system32\mshtmler.dll2012-10-17 18:26:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb2012-10-17 18:26:33 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2012-10-17 18:26:31 26624 ----a-w- c:\windows\system32\ieUnatt.exe2012-10-17 18:26:27 56320 ----a-w- c:\windows\system32\iesetup.dll2012-10-17 17:12:35 2560 ----a-w- c:\windows\apppatch\AcRes.dll2012-10-17 17:12:34 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll2012-10-17 17:12:33 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll2012-10-17 17:12:32 537600 ----a-w- c:\windows\apppatch\AcLayers.dll2012-10-17 17:12:32 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll2012-10-17 17:05:59 88576 ----a-w- c:\windows\system32\avifil32.dll2012-10-17 17:05:59 82944 ----a-w- c:\windows\system32\mciavi32.dll2012-10-17 17:05:59 31232 ----a-w- c:\windows\system32\msvidc32.dll2012-10-17 17:05:59 13312 ----a-w- c:\windows\system32\msrle32.dll2012-10-17 17:05:59 123904 ----a-w- c:\windows\system32\msvfw32.dll2012-10-17 17:05:42 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2012-10-17 17:05:25 8147968 ----a-w- c:\windows\system32\wmploc.DLL2012-10-17 17:05:23 7680 ----a-w- c:\windows\system32\spwmp.dll2012-10-17 17:05:22 4096 ----a-w- c:\windows\system32\msdxm.ocx2012-10-17 17:05:22 4096 ----a-w- c:\windows\system32\dxmasf.dll2012-10-17 17:05:15 311296 ----a-w- c:\windows\system32\unregmp2.exe.============= FINISH: 13:01:58.66 ===============Attached File  attach.txt   11.61KB   3 downloadsAttached File  ark.txt   20.59KB   2 downloads

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 07 November 2012 - 06:59 PM

Greetings marlonmaya and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rerun DDS again and post the results. Be sure before you post it that it is in a readable format.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 08 November 2012 - 05:50 PM

Hi Gary and thanks for the speedy reply. By the way my name is Matt. I am glad that you are going to try and help with my unresolved issue. i am now in safe mode with networking as the bug/virus, call it what you will has struck again.
I did think that i had cured it as i ran a whole new windows service pack for vista and removed a recently added antivirus Mc afee and replaced it with norton that i had used before) this seemed fine for a couple of days use but then i got the screen freeze turning blue followed by the blackout screen. I will try and check my post daily but i am a shift worker so may sometimes be a couple of days. anyway thanks for helping, i appreciate it. matt

#4 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 08 November 2012 - 06:06 PM

Hi I have just run dds again so here are the 2 results. many thanks

Reposting attachment (Oh My)

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.9.2
Run by matt at 22:58:36 on 2012-11-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1392 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\matt\Downloads\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.club-vaio.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.2.0.19\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.2.0.19\ips\IPSBHO.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.2.0.19\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.2.0.19\CoIEPlg.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2F4A5AA8-AE78-44BC-BC0B-5FFC7A91B07C} : DHCPNameServer = 10.0.0.10 8.8.8.8
TCP: Interfaces\{C1EF581D-332A-479B-9A7B-948EF6BC1B0A} : NameServer = 192.168.1.254
TCP: Interfaces\{C1EF581D-332A-479B-9A7B-948EF6BC1B0A} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 554048]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1402000.013\SymDS.sys [2012-11-6 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1402000.013\SymEFA.sys [2012-11-6 927904]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-10-27 66032]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-10-27 168368]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-10-27 166320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-10-27 360792]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.0.19\definitions\bashdefs\20121030.002\BHDrvx86.sys [2012-10-25 995488]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1402000.013\ccSetx86.sys [2012-11-6 134304]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.0.19\definitions\ipsdefs\20121106.002\IDSvix86.sys [2012-11-7 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1402000.013\Ironx86.sys [2012-11-6 175264]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys [2012-11-6 350368]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-10-27 200816]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.2.0.19\ccSvcHst.exe [2012-11-6 143928]
S2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2012-10-17 204800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S3 BRUCOUY;BRUCOUY;c:\users\matt\appdata\local\temp\brucouy.exe --> c:\users\matt\appdata\local\temp\BRUCOUY.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-10-27 60480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-6 106656]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-10-27 230224]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-10-27 61912]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-10-27 92192]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-10-19 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-10-19 11104]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 812544]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2012-10-17 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2012-10-17 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2012-10-17 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2012-10-17 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2012-10-17 79136]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-07 21:39:39 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-11-07 21:39:35 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-11-07 21:39:35 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-11-07 21:34:01 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-07 21:34:01 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-07 21:34:01 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-07 21:34:01 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-07 21:34:01 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-07 21:28:09 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-11-07 21:16:35 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-11-07 21:16:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-11-07 21:14:59 389632 ----a-w- c:\windows\system32\html.iec
2012-11-07 21:13:52 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-11-07 21:12:58 603648 ----a-w- c:\windows\system32\schedsvc.dll
2012-11-07 21:11:58 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 21:11:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 21:11:55 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-07 21:11:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-11-07 21:11:47 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-07 21:11:42 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-11-07 21:11:38 276992 ----a-w- c:\windows\system32\schannel.dll
2012-11-06 17:38:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-06 17:38:49 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-06 17:38:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 17:21:30 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-06 17:21:02 927904 ----a-r- c:\windows\system32\drivers\nis\1402000.013\SymEFA.sys
2012-11-06 17:21:02 586400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtsp.sys
2012-11-06 17:21:02 368288 ----a-r- c:\windows\system32\drivers\nis\1402000.013\SymDS.sys
2012-11-06 17:21:02 350368 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys
2012-11-06 17:21:02 338592 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symnets.sys
2012-11-06 17:21:02 32888 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtspx.sys
2012-11-06 17:21:02 21400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\SymELAM.sys
2012-11-06 17:21:02 175264 ----a-r- c:\windows\system32\drivers\nis\1402000.013\Ironx86.sys
2012-11-06 17:21:02 134304 ----a-r- c:\windows\system32\drivers\nis\1402000.013\ccSetx86.sys
2012-11-06 17:20:41 9103 ----a-r- c:\windows\system32\drivers\nis\1402000.013\SymVTcer.dat
2012-11-06 17:20:41 -------- d-----w- c:\windows\system32\drivers\nis\1402000.013
2012-11-06 17:20:41 -------- d-----w- c:\windows\system32\drivers\NIS
2012-11-06 17:20:39 -------- d-----w- c:\program files\Norton Internet Security
2012-11-06 17:20:27 -------- d-----w- c:\program files\NortonInstaller
2012-11-06 17:09:54 -------- d-----w- C:\PerfLogs
2012-11-06 16:51:17 47560 ----a-w- c:\windows\system32\SPReview.exe
2012-11-06 16:51:17 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2012-11-06 16:34:10 193024 ----a-w- c:\windows\system32\recdisc.exe
2012-11-06 16:34:08 6656 ----a-w- c:\windows\system32\sdspres.dll
2012-11-06 16:33:30 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2012-11-06 16:33:22 28160 ----a-w- c:\windows\system32\sxproxy.dll
2012-11-06 16:33:16 142336 ----a-w- c:\windows\system32\spp.dll
2012-11-06 16:31:58 95232 ----a-w- c:\windows\system32\migisol.dll
2012-11-06 16:30:59 75264 ----a-w- c:\windows\system32\gpapi.dll
2012-11-06 16:27:36 44032 ----a-w- c:\windows\system32\cbsra.exe
2012-11-06 16:18:37 -------- d-----w- c:\windows\system32\EventProviders
2012-11-06 15:56:58 -------- d--h--w- c:\programdata\Common Files
2012-11-06 15:38:36 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{51bafbed-b34d-4725-8dad-351734e28950}\mpengine.dll
2012-11-06 15:02:57 -------- d-----w- C:\fd3fe780223c77b1c8b47b3181d4
2012-11-06 12:34:39 -------- d-----w- c:\users\matt\appdata\local\APN
2012-11-06 12:34:37 -------- d-----w- c:\program files\Ask.com
2012-11-06 12:34:36 -------- d-----w- C:\Firefox
2012-11-06 12:24:19 -------- d-----w- c:\programdata\Ask
2012-11-05 11:52:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-05 10:50:02 -------- d-----w- c:\users\matt\DoctorWeb
2012-11-05 09:58:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-31 22:04:09 -------- d-----w- c:\program files\VideoLAN
2012-10-29 21:22:09 -------- d-----w- c:\program files\GUM7B86.tmp
2012-10-29 21:07:46 -------- d-----w- c:\programdata\UDL
2012-10-29 21:07:03 -------- d-----w- c:\program files\EPSON Print CD
2012-10-29 20:59:47 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2012-10-29 20:59:47 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2012-10-29 20:59:47 31744 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-10-29 20:59:46 75501 ----a-w- c:\windows\system32\EBPMON24.DLL
2012-10-29 20:59:28 -------- d-----w- c:\program files\EPSON
2012-10-29 20:55:49 -------- d-----w- c:\programdata\Canon
2012-10-29 20:52:23 921600 ----a-w- c:\windows\system32\CNAP1NSK.DLL
2012-10-29 20:52:23 221184 ----a-w- c:\windows\system32\CNAP2LMK.DLL
2012-10-29 20:52:14 385024 ----a-w- c:\windows\system32\CNAC8EMK.DLL
2012-10-29 20:51:03 -------- d-----w- c:\program files\Canon
2012-10-29 13:27:49 -------- d-----w- c:\users\matt\appdata\roaming\K-Meleon
2012-10-29 13:27:30 -------- d-----w- c:\program files\K-Meleon
2012-10-29 13:17:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 13:17:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 22:40:43 -------- d-----w- c:\users\matt\appdata\local\Deployment
2012-10-27 22:40:43 -------- d-----w- c:\users\matt\appdata\local\Apps
2012-10-27 21:57:15 -------- d-----w- C:\Update
2012-10-27 21:48:45 66032 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-10-27 21:48:41 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-10-27 21:48:35 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-10-27 21:48:35 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-10-27 21:48:35 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-10-27 21:48:35 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-10-27 21:48:34 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-10-27 21:48:21 -------- d-----w- c:\program files\common files\Mcafee
2012-10-27 21:42:42 166320 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-27 21:20:26 -------- d-----w- c:\windows\Google Toolbar
2012-10-27 21:08:00 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-10-25 13:44:24 269312 ----a-w- c:\windows\system32\es.dll
2012-10-25 08:34:57 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-10-25 08:34:57 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-10-25 08:34:57 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-10-25 08:34:57 11264 ----a-w- c:\windows\system32\icardres.dll
2012-10-25 08:34:53 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-10-25 08:34:52 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-10-24 13:49:42 98816 ----a-w- c:\windows\system32\mfps.dll
2012-10-24 13:49:42 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-10-24 13:49:42 2868224 ----a-w- c:\windows\system32\mf.dll
2012-10-24 13:49:42 2048 ----a-w- c:\windows\system32\mferror.dll
2012-10-24 13:49:41 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-10-24 13:47:57 71680 ----a-w- c:\windows\system32\atl.dll
2012-10-24 13:47:34 296960 ----a-w- c:\windows\system32\gdi32.dll
2012-10-24 13:46:51 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2012-10-24 13:46:50 38912 ----a-w- c:\windows\system32\xolehlp.dll
2012-10-24 13:46:28 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-10-24 13:46:01 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-10-24 13:46:01 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-10-24 13:45:36 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-10-24 13:44:47 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-10-24 13:43:53 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2012-10-24 13:43:53 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2012-10-24 13:42:57 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-24 13:42:57 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-24 13:40:57 636928 ----a-w- c:\windows\system32\localspl.dll
2012-10-24 13:40:24 2927104 ----a-w- c:\windows\explorer.exe
2012-10-24 13:40:09 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 13:39:51 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 13:38:22 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-10-24 13:38:18 927288 ----a-w- c:\windows\system32\winresume.exe
2012-10-24 13:38:17 988216 ----a-w- c:\windows\system32\winload.exe
2012-10-24 13:38:17 40960 ----a-w- c:\windows\system32\srclient.dll
2012-10-24 13:38:17 378368 ----a-w- c:\windows\system32\srcore.dll
2012-10-24 13:38:17 318464 ----a-w- c:\windows\system32\rstrui.exe
2012-10-24 13:38:17 14848 ----a-w- c:\windows\system32\srdelayed.exe
2012-10-24 13:38:16 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2012-10-24 13:38:16 19000 ----a-w- c:\windows\system32\kd1394.dll
2012-10-24 13:38:15 615992 ----a-w- c:\windows\system32\ci.dll
2012-10-24 13:37:20 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-10-24 13:37:20 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-10-24 13:36:56 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-10-24 13:36:56 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-24 13:36:56 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-10-24 13:36:44 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-10-24 13:36:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-24 13:35:51 24064 ----a-w- c:\windows\system32\amxread.dll
2012-10-24 13:35:51 13824 ----a-w- c:\windows\system32\apilogen.dll
2012-10-24 13:35:16 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-10-24 13:35:16 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-10-24 13:35:15 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-10-24 13:34:51 98304 ----a-w- c:\windows\system32\cabview.dll
2012-10-24 13:34:21 443392 ----a-w- c:\windows\system32\win32spl.dll
2012-10-24 13:34:21 37888 ----a-w- c:\windows\system32\printcom.dll
2012-10-22 12:32:24 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-10-22 12:32:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-10-22 12:31:49 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-10-22 12:31:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-10-22 12:31:49 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-10-22 12:31:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-10-22 12:31:24 329216 ----a-w- c:\windows\system32\msdrm.dll
2012-10-22 12:31:23 511488 ----a-w- c:\windows\system32\RMActivate.exe
2012-10-22 12:31:23 472064 ----a-w- c:\windows\system32\secproc.dll
2012-10-22 12:31:23 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-10-22 12:31:23 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-10-22 12:31:23 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-10-22 12:31:22 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-10-22 12:31:22 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2012-10-19 21:16:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2012-10-19 21:16:31 11104 ------w- c:\windows\system32\pwdspio.sys
2012-10-18 21:32:28 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2012-10-18 21:32:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-18 21:32:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 21:32:26 -------- d-----w- c:\programdata\Malwarebytes
2012-10-18 21:30:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-18 21:26:05 -------- d-----w- c:\users\matt\appdata\roaming\DeviceDoctorSoftware
2012-10-17 22:24:01 -------- d-----w- c:\program files\Norton 360
2012-10-17 22:22:22 -------- d-----w- c:\program files\Symantec
2012-10-17 22:22:21 -------- d-----w- c:\programdata\Symantec
2012-10-17 22:22:08 -------- d-----w- c:\program files\common files\Symantec Shared
2012-10-17 22:20:02 -------- d-----w- c:\program files\common files\InterVideo
2012-10-17 22:19:24 -------- d-----w- c:\program files\InterVideo
2012-10-17 22:17:20 -------- d-----w- C:\Documentation
2012-10-17 22:10:50 -------- d-----w- c:\program files\Sony Corporation
2012-10-17 22:05:23 -------- d-----w- c:\program files\Roxio
2012-10-17 22:05:23 -------- d-----w- c:\program files\common files\Sonic Shared
2012-10-17 22:04:19 413696 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\ISRT.dll
2012-10-17 22:04:19 32768 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\objpscnv.dll
2012-10-17 22:04:19 274432 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IScrCnv.dll
2012-10-17 22:04:19 192512 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\iGdiCnv.dll
2012-10-17 22:04:19 180224 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IUserCnv.dll
2012-10-17 22:04:18 774144 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IDriver.exe
2012-10-17 22:04:17 548964 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\_ISRES1033.dll
2012-10-17 22:03:52 129520 ------w- c:\windows\system32\pxafs.dll
2012-10-17 22:00:47 -------- d-----w- c:\programdata\VAIO Media Platform
2012-10-17 22:00:10 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-10-17 22:00:10 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-10-17 22:00:10 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-10-17 22:00:10 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-10-17 22:00:10 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-10-17 21:59:06 2981888 ----a-w- c:\windows\system32\iplw7.dll
2012-10-17 21:59:05 2531328 ----a-w- c:\windows\system32\iplp6.dll
2012-10-17 21:59:05 2502656 ----a-w- c:\windows\system32\iplpx.dll
2012-10-17 21:59:04 2785280 ----a-w- c:\windows\system32\iplm6.dll
2012-10-17 21:59:03 2686976 ----a-w- c:\windows\system32\iplm5.dll
2012-10-17 21:59:02 53248 ----a-w- c:\windows\system32\ipl.dll
2012-10-17 21:59:02 2973696 ----a-w- c:\windows\system32\ipla6.dll
2012-10-17 21:59:02 19968 ----a-w- c:\windows\system32\Cpuinf32.dll
2012-10-17 21:57:36 -------- d-----w- c:\windows\system32\Iosubsys
2012-10-17 18:29:17 23552 ----a-w- c:\windows\system32\lpk.dll
2012-10-17 18:29:17 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-10-17 18:26:15 72704 ----a-w- c:\windows\system32\admparse.dll
2012-10-17 18:26:06 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-17 18:25:59 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-10-17 18:24:22 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-10-17 18:24:22 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-10-17 18:24:22 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-10-17 18:24:22 272896 ----a-w- c:\windows\system32\polstore.dll
2012-10-17 18:23:10 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-10-17 18:23:09 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-10-17 18:23:09 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-10-17 18:22:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-10-17 18:22:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-10-17 18:22:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-10-17 18:22:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-10-17 18:22:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-10-17 18:22:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-10-17 18:22:19 104960 ----a-w- c:\windows\system32\netiohlp.dll
2012-10-17 18:22:19 10240 ----a-w- c:\windows\system32\finger.exe
2012-10-17 18:18:05 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-10-17 18:18:02 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-10-17 18:18:02 64512 ----a-w- c:\windows\system32\wlanapi.dll
2012-10-17 18:18:02 513024 ----a-w- c:\windows\system32\wlansvc.dll
2012-10-17 18:18:02 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-10-17 18:18:02 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-10-17 18:18:01 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2012-10-17 18:17:32 -------- d-----w- c:\programdata\NortonInstaller
2012-10-17 18:16:07 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-10-17 18:16:06 1399296 ----a-w- c:\windows\system32\msxml6.dll
2012-10-17 18:16:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-10-17 18:15:21 -------- d-----w- c:\programdata\Norton
2012-10-17 18:14:16 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-10-17 18:14:15 9728 ----a-w- c:\windows\system32\lsass.exe
2012-10-17 18:14:15 72704 ----a-w- c:\windows\system32\secur32.dll
2012-10-17 18:14:15 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-17 18:14:15 213504 ----a-w- c:\windows\system32\msv1_0.dll
2012-10-17 18:14:15 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-17 18:12:25 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 18:12:25 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-17 18:12:23 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2012-10-17 18:05:14 -------- d-----w- C:\N360_BACKUP
2012-10-17 17:54:59 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2012-10-17 17:53:57 3104768 ----a-w- c:\windows\system32\NlsData004b.dll
2012-10-17 17:49:00 551424 ----a-w- c:\windows\system32\rpcss.dll
2012-10-17 17:39:06 -------- d-----w- c:\users\matt\appdata\roaming\Symantec
2012-10-17 17:30:21 83968 ----a-w- c:\windows\system32\mscories.dll
2012-10-17 17:30:21 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-10-17 17:12:08 1695744 ----a-w- c:\windows\system32\gameux.dll
2012-10-17 17:11:29 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-10-17 17:11:29 94720 ----a-w- c:\windows\system32\logagent.exe
2012-10-17 17:10:51 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-10-17 17:10:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2012-10-17 17:10:21 1645568 ----a-w- c:\windows\system32\connect.dll
2012-10-17 17:10:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-10-17 17:09:24 411136 ----a-w- c:\windows\system32\drivers\http.sys
2012-10-17 17:09:24 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-10-17 17:09:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-10-17 17:07:30 281600 ----a-w- c:\windows\system32\raschap.dll
2012-10-17 17:07:30 244224 ----a-w- c:\windows\system32\rastls.dll
2012-10-17 17:07:09 351232 ----a-w- c:\windows\system32\WSDApi.dll
2012-10-17 17:04:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-10-17 17:04:59 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-10-17 17:04:55 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-10-17 17:04:55 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-10-17 14:01:10 -------- d-----w- c:\users\matt\appdata\local\Sony_NSCE
2012-10-17 13:59:36 -------- d-----w- c:\users\matt\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-11-06 17:01:33 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-11-06 17:01:23 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-10-27 21:07:03 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2012-10-24 13:35:51 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-10-17 17:54:56 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2012-10-17 17:53:57 3104768 ----a-w- c:\windows\system32\NlsData004a.dll
2012-10-17 17:48:58 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-10-17 17:48:58 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2012-10-17 17:48:58 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-10-17 17:48:58 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2012-10-17 17:48:58 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2012-10-17 17:48:57 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-10-17 17:48:57 54784 ----a-w- c:\windows\system32\iasads.dll
2012-10-17 17:48:57 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2012-10-17 17:48:57 17408 ----a-w- c:\windows\system32\iashost.exe
2012-10-17 17:48:56 98304 ----a-w- c:\windows\system32\iasrecst.dll
2012-10-17 17:48:56 183296 ----a-w- c:\windows\system32\sdohlp.dll
2012-10-17 17:12:17 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-10-17 17:05:55 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-10-17 17:05:55 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-10-17 17:05:54 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-10-17 17:05:54 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-10-17 17:05:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-10-17 17:05:54 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-10-17 17:05:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-10-17 17:05:54 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-10-17 17:05:54 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2012-10-17 17:05:41 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-10-17 17:05:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-10-17 17:05:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
.
============= FINISH: 22:59:44.58 ===============


Attached File  dds1.txt   30.59KB   2 downloads


Attached File  attach1.txt   5.63KB   1 downloads

Edited by Oh My, 08 November 2012 - 06:09 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 08 November 2012 - 06:35 PM

Hi Matt,

Thank you for the information. If I could impose upon you to copy and paste the requested information unless specified otherwise it would make it much easier for me to research. Thanks. :thumbsup:

There are a couple of programs I would like to caution you about. In addition I am going to have you run a powerful program because I see at least one entry that is suspicious and thereby troublesome.

Please consider and do this for me, if you would.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.


===================================================


Uninstalling Ask Toolbar and/or Ask Program

--------------------

I recommend removing Ask from your computer. You may read more about why I recommend this by visiting this site.

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of programs installed will be displayed
  • Uninstall the following by clicking on the program(s) below and selecting Remove or Uninstall

    Ask Toolbar (or any variation of Ask)

===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Did Spybot and Ask uninstall properly?
  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 November 2012 - 04:50 AM

Morning Gary,

Once again thankyou for the speedy reply.

In answer to your questions:

1) spybot and ask toolbar- i went into ctrl panel and remove programs but there was nothing to remove, did a search for both on start-search but no programs found so i must have removed them at some point earlier before logging this problem with bleeping cpu

2) i ran the combofix program (just for your info though i disabled norton antivirus before and it showed as disabled but the combofix stated that it was still running!) just thought i would give you as much accurate info as possible.

combofix results to follow below: in advance many thanks again




ComboFix 12-11-09.01 - matt 09/11/2012 9:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.994 [GMT 0:00]
Running from: c:\users\matt\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB941833-enu.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 09:33 . 2012-11-09 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 21:39 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-11-07 21:39 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-11-07 21:39 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-11-07 21:34 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-07 21:34 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-07 21:34 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-07 21:34 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-07 21:34 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-07 21:28 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-11-07 21:16 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-11-07 21:16 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-11-07 21:13 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-11-07 21:12 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-11-07 21:11 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 21:11 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 21:11 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-11-07 21:11 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-07 21:11 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-07 21:11 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-11-07 21:11 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2012-11-06 17:38 . 2012-11-06 17:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-06 17:38 . 2012-11-06 17:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-06 17:38 . 2012-11-06 17:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 17:21 . 2012-11-06 17:21 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-06 17:20 . 2012-11-06 17:20 -------- d-----w- c:\windows\system32\drivers\NIS
2012-11-06 17:20 . 2012-11-06 17:20 -------- d-----w- c:\program files\Norton Internet Security
2012-11-06 17:20 . 2012-11-06 17:20 -------- d-----w- c:\program files\NortonInstaller
2012-11-06 17:09 . 2012-11-06 17:09 -------- d-----w- C:\PerfLogs
2012-11-06 16:51 . 2012-11-06 16:26 47560 ----a-w- c:\windows\system32\SPReview.exe
2012-11-06 16:51 . 2012-11-06 16:26 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2012-11-06 16:34 . 2008-01-18 23:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2012-11-06 16:34 . 2008-01-18 23:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2012-11-06 16:33 . 2008-01-18 23:33 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2012-11-06 16:33 . 2008-01-18 23:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2012-11-06 16:33 . 2008-01-18 23:36 142336 ----a-w- c:\windows\system32\spp.dll
2012-11-06 16:31 . 2008-01-18 23:42 94776 ----a-w- c:\windows\system32\MigAutoPlay.exe
2012-11-06 16:30 . 2008-01-18 23:34 574464 ----a-w- c:\windows\system32\gpsvc.dll
2012-11-06 16:27 . 2008-01-18 23:33 44032 ----a-w- c:\windows\system32\cbsra.exe
2012-11-06 16:18 . 2012-11-06 16:18 -------- d-----w- c:\windows\system32\EventProviders
2012-11-06 15:56 . 2012-11-06 15:56 -------- d--h--w- c:\programdata\Common Files
2012-11-06 15:38 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51BAFBED-B34D-4725-8DAD-351734E28950}\mpengine.dll
2012-11-06 15:02 . 2012-11-06 15:03 -------- d-----w- C:\fd3fe780223c77b1c8b47b3181d4
2012-11-06 12:34 . 2012-11-06 12:35 -------- d-----w- c:\program files\Ask.com
2012-11-06 12:34 . 2012-11-06 12:34 -------- d-----w- C:\Firefox
2012-11-06 12:24 . 2012-11-06 12:24 -------- d-----w- c:\programdata\Ask
2012-11-05 11:52 . 2012-11-05 11:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-05 09:58 . 2012-11-05 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-31 22:04 . 2012-10-31 22:04 -------- d-----w- c:\program files\VideoLAN
2012-10-29 21:22 . 2012-10-29 21:22 -------- d-----w- c:\program files\GUM7B86.tmp
2012-10-29 21:07 . 2012-10-29 21:07 -------- d-----w- c:\programdata\UDL
2012-10-29 21:07 . 2012-11-06 14:36 -------- d-----w- c:\program files\EPSON Print CD
2012-10-29 20:59 . 2003-05-21 02:27 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
2012-10-29 20:59 . 2003-04-10 05:40 31744 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-10-29 20:59 . 2000-06-07 01:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2012-10-29 20:59 . 2003-07-23 01:09 75501 ----a-w- c:\windows\system32\EBPMON24.DLL
2012-10-29 20:59 . 2012-10-29 21:07 -------- d-----w- c:\program files\EPSON
2012-10-29 20:55 . 2012-10-29 20:55 -------- d-----w- c:\programdata\Canon
2012-10-29 20:52 . 2008-09-25 15:00 221184 ----a-w- c:\windows\system32\CNAP2LMK.DLL
2012-10-29 20:52 . 2007-12-18 06:18 921600 ----a-w- c:\windows\system32\CNAP1NSK.DLL
2012-10-29 20:52 . 2008-09-29 15:00 385024 ----a-w- c:\windows\system32\CNAC8EMK.DLL
2012-10-29 20:51 . 2012-10-29 20:54 -------- d-----w- c:\program files\Canon
2012-10-29 13:27 . 2012-10-29 13:29 -------- d-----w- c:\program files\K-Meleon
2012-10-29 13:17 . 2012-10-29 13:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 13:17 . 2012-10-29 13:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 21:57 . 2012-10-28 19:26 -------- d-----w- C:\Update
2012-10-27 21:48 . 2012-07-17 14:06 66032 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-10-27 21:48 . 2012-07-17 14:08 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-10-27 21:48 . 2012-07-17 14:08 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-10-27 21:48 . 2012-07-17 14:05 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-10-27 21:48 . 2012-07-17 14:05 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-10-27 21:48 . 2012-07-17 14:05 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-10-27 21:48 . 2012-07-17 14:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-10-27 21:48 . 2012-11-06 15:33 -------- d-----w- c:\program files\Common Files\Mcafee
2012-10-27 21:42 . 2012-07-17 14:09 166320 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-27 21:42 . 2012-11-06 15:33 -------- d-----w- c:\programdata\McAfee
2012-10-27 21:20 . 2012-10-27 21:20 -------- d-----w- c:\windows\Google Toolbar
2012-10-27 21:08 . 2012-10-27 21:08 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-10-25 13:44 . 2012-10-25 13:44 269312 ----a-w- c:\windows\system32\es.dll
2012-10-25 08:34 . 2012-10-25 08:34 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-10-25 08:34 . 2012-10-25 08:34 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-10-25 08:34 . 2012-10-25 08:34 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-10-25 08:34 . 2012-10-25 08:34 11264 ----a-w- c:\windows\system32\icardres.dll
2012-10-25 08:34 . 2012-10-25 08:34 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-10-25 08:34 . 2012-10-25 08:34 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-10-24 13:49 . 2012-10-24 13:49 98816 ----a-w- c:\windows\system32\mfps.dll
2012-10-24 13:49 . 2012-10-24 13:49 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-10-24 13:49 . 2012-10-24 13:49 2868224 ----a-w- c:\windows\system32\mf.dll
2012-10-24 13:49 . 2012-10-24 13:49 2048 ----a-w- c:\windows\system32\mferror.dll
2012-10-24 13:49 . 2012-10-24 13:49 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-10-24 13:47 . 2012-10-24 13:47 71680 ----a-w- c:\windows\system32\atl.dll
2012-10-24 13:47 . 2012-10-24 13:47 296960 ----a-w- c:\windows\system32\gdi32.dll
2012-10-24 13:46 . 2012-10-24 13:46 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2012-10-24 13:46 . 2012-10-24 13:46 38912 ----a-w- c:\windows\system32\xolehlp.dll
2012-10-24 13:46 . 2012-10-24 13:46 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-10-24 13:46 . 2012-10-24 13:46 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-10-24 13:46 . 2012-10-24 13:46 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-10-24 13:45 . 2012-10-24 13:45 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-10-24 13:44 . 2012-10-24 13:44 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-10-24 13:43 . 2012-10-24 13:43 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2012-10-24 13:43 . 2012-10-24 13:43 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2012-10-24 13:42 . 2012-10-24 13:42 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-10-24 13:42 . 2012-10-24 13:42 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-10-24 13:40 . 2012-10-24 13:40 636928 ----a-w- c:\windows\system32\localspl.dll
2012-10-24 13:40 . 2012-10-24 13:40 2927104 ----a-w- c:\windows\explorer.exe
2012-10-24 13:40 . 2012-10-24 13:40 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 13:39 . 2012-10-24 13:39 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 13:38 . 2012-10-24 13:38 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-10-24 13:38 . 2012-10-24 13:38 927288 ----a-w- c:\windows\system32\winresume.exe
2012-10-24 13:38 . 2012-10-24 13:38 988216 ----a-w- c:\windows\system32\winload.exe
2012-10-24 13:38 . 2012-10-24 13:38 40960 ----a-w- c:\windows\system32\srclient.dll
2012-10-24 13:38 . 2012-10-24 13:38 378368 ----a-w- c:\windows\system32\srcore.dll
2012-10-24 13:38 . 2012-10-24 13:38 318464 ----a-w- c:\windows\system32\rstrui.exe
2012-10-24 13:38 . 2012-10-24 13:38 14848 ----a-w- c:\windows\system32\srdelayed.exe
2012-10-24 13:38 . 2012-10-24 13:38 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2012-10-24 13:38 . 2012-10-24 13:38 19000 ----a-w- c:\windows\system32\kd1394.dll
2012-10-24 13:38 . 2012-10-24 13:38 615992 ----a-w- c:\windows\system32\ci.dll
2012-10-24 13:37 . 2012-10-24 13:37 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-10-24 13:37 . 2012-10-24 13:37 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-10-24 13:36 . 2012-10-24 13:36 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-10-24 13:36 . 2012-10-24 13:36 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-24 13:36 . 2012-10-24 13:36 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-10-24 13:36 . 2012-10-24 13:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2012-10-24 13:36 . 2012-10-24 13:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-24 13:35 . 2012-10-24 13:35 24064 ----a-w- c:\windows\system32\amxread.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 17:01 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-11-06 17:01 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-10-27 21:07 . 2012-10-27 21:07 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-10-24 13:35 . 2012-10-24 13:35 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-10-17 17:12 . 2012-10-17 17:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-22 36864]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Skytel"="Skytel.exe" [2007-08-25 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 13:17]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094760022-3124980517-4102502675-1003Core.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-29 13:28]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094760022-3124980517-4102502675-1003UA.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-29 13:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1EF581D-332A-479B-9A7B-948EF6BC1B0A}: NameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 09:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Completion time: 2012-11-09 09:38:23
ComboFix-quarantined-files.txt 2012-11-09 09:38
.
Pre-Run: 101,752,334,336 bytes free
Post-Run: 101,234,565,120 bytes free
.
- - End Of File - - 4A65F48FFD90368B59A3B5B801706831

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 09 November 2012 - 10:17 AM

Hi Matt,

in advance many thanks again

It is really my pleasure to help.


The Spybot and Ask references may indeed be leftover items.

There was one file in particular I was interested in to see how Combofix would deal with it. It was listed in your DDS log but I don't see it referenced in the Combofix log. I would like for us to go looking for it and to follow up on it if present. I am also going to ask you to run another report for me.

Please do this for me, if you would.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    c:\users\matt\appdata\local\temp\brucouy.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Virustotal link
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 November 2012 - 04:30 PM

Hi Gary,

I have not had full success with your instruction this evening. The first part (virustotal program) " c:\users\matt\appdata\local\temp\brucouy.exe " i could not find such file path on my laptop and tried to search for the exe file but no joy.

On the second part i managed to copy and paste the result. Here goes:



==================================================
Dump File : Mini110512-01.dmp
Crash Time : 05/11/2012 15:21:59
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8f1216c0
Parameter 2 : 0x00000000
Parameter 3 : 0x8be9d568
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+b6980
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9ff2
Stack Address 1 : ntkrnlpa.exe+8fc44
Stack Address 2 : nvlddmkm.sys+1e3568
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini110512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,888
==================================================

==================================================
Dump File : Mini103012-01.dmp
Crash Time : 30/10/2012 21:02:03
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8f51289c
Parameter 2 : 0x00000000
Parameter 3 : 0x8c4a3e79
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+9af86
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9ff2
Stack Address 1 : ntkrnlpa.exe+8fc44
Stack Address 2 : nvlddmkm.sys+1e9e79
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini103012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,888
==================================================

==================================================
Dump File : Mini102812-01.dmp
Crash Time : 28/10/2012 18:28:00
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8ed1e6c0
Parameter 2 : 0x00000000
Parameter 3 : 0x8b89d568
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+9b128
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9ff2
Stack Address 1 : ntkrnlpa.exe+8fc44
Stack Address 2 : nvlddmkm.sys+1e3568
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini102812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,888
==================================================

==================================================
Dump File : Mini101812-01.dmp
Crash Time : 18/10/2012 20:50:06
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8f00089c
Parameter 2 : 0x00000000
Parameter 3 : 0x8c4a3e79
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+9af86
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9ef2
Stack Address 1 : ntkrnlpa.exe+8fbb4
Stack Address 2 : nvlddmkm.sys+1e9e79
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini101812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,888
==================================================

==================================================
Dump File : Mini101712-04.dmp
Crash Time : 17/10/2012 20:16:34
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8f2346c0
Parameter 2 : 0x00000000
Parameter 3 : 0x8b49d568
Parameter 4 : 0x00000000
Caused By Driver : kbdclass.sys
Caused By Address : kbdclass.sys+9bfa
File Description : Keyboard Class Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9ef2
Stack Address 1 : ntkrnlpa.exe+8fbb4
Stack Address 2 : nvlddmkm.sys+1e3568
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini101712-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,888
==================================================

==================================================
Dump File : Mini101712-03.dmp
Crash Time : 17/10/2012 15:00:06
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8d99d470
Parameter 2 : 0x00000000
Parameter 3 : 0x8b3c8ad4
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+30d703
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9df2
Stack Address 1 : ntkrnlpa.exe+8fa34
Stack Address 2 : nvlddmkm.sys+30ead4
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini101712-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,696
==================================================

==================================================
Dump File : Mini101712-02.dmp
Crash Time : 17/10/2012 13:57:00
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : 0x90566358
Parameter 2 : 0x8b0c1190
Parameter 3 : 0x00000000
Parameter 4 : 0x00000002
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+7190
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+d8569
Stack Address 1 : dxgkrnl.sys+7a9f8
Stack Address 2 : dxgkrnl.sys+7b6d6
Stack Address 3 : dxgkrnl.sys+189e5
Computer Name :
Full Path : C:\Windows\Minidump\Mini101712-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 198,344
==================================================

==================================================
Dump File : Mini101712-01.dmp
Crash Time : 17/10/2012 13:53:06
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8d630470
Parameter 2 : 0x00000000
Parameter 3 : 0x8b7c8ad4
Parameter 4 : 0x00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+30d703
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
Company : NVIDIA Corporation
File Version : 7.15.11.5665
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a9df2
Stack Address 1 : ntkrnlpa.exe+8fa34
Stack Address 2 : nvlddmkm.sys+30ead4
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini101712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 134,696
==================================================

I hope this is still of use to you. Hope you are keping well and enjoyng the start of your weekend Posted Image


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 09 November 2012 - 05:20 PM

Hi Matt,

Sorry you jumped through hoops with the Virustotal instructions but the result was excellent. If the file doesn't exist then it can't cause us trouble.

It looks like your computer doesn't care for the NVIDIA driver. Here us what I would like you to do for me please.


===================================================


Troubleshooting Through Device Manager

----------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Display Adapters section by clicking + sign
  • Locate NVIDIA, right click on it, select Uninstall, then OK
  • Click Action then Scan for hardware changes
  • Reboot your computer

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Notice any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 November 2012 - 11:22 AM

Hi Gary i have just carried out your last step and uninstalled the driver. Windows has installed a standard vga graphics adaptor. I will let you know how my computer behaves from now. What will be the difference with the vga graphics adaptor? do you know?

Anyway many thanks again for all the instruction so far and hopefully it will be sorted.Posted Image

#11 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 November 2012 - 01:07 PM

Hi, i was just on the pc and the striped screen just appeared. this time it stayed but the difference was that i was still able to perform tasks albeit with this blue black stripe.

wil try and catch a pic for you in the attachments (this was the sample vid on window media player)Posted Image

matt

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 10 November 2012 - 02:45 PM

Hi Matt,

Thanks for posting the information. What we are going to do now is get the actual NVIDIA driver. Please click here, then select Option #2 to automatically detect the proper driver for your computer.

Please let me know how that goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 November 2012 - 04:21 PM

after selecting option 2 this is what was displayed...

NVIDIA Driver Downloads<br style="font-family: 'Trebuchet MS', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px;">ProductCurrent
Installed DriverLatest Driver
UpdateGeForce 8400M GT--The manufacturer of this system requires that you download the driver for your GPU from their support site.

The GeForce M series and GeForce Go series notebook GPUs use drivers that have been customized by the notebook manufacturers to support hot key functions, power management functions, lid close and suspend/resume behavior. NVIDIA has worked with some notebook manufacturers to provide notebook-specific driver updates, however, most notebook driver updates must come from the notebook manufacturer. Additionally, the desktop GeForce graphics drivers will not install on Geforce M series and Quadro M series notebook GPU's.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 10 November 2012 - 05:18 PM

Hi Matt,

Could you please tell me the model number of your Sony VAIO?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 marlonmaya

marlonmaya
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 November 2012 - 05:30 PM

Hi Gary its a VGN-NR21S

many thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users