1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Error 80246008. Windows not installing updates

Discussion in 'Virus & Other Malware Removal' started by waydown72, Jan 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft® Windows Vista™ Home Basic , Service Pack 2, 32 bit
    Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 1
    RAM: 501 Mb
    Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 64 Mb
    Hard Drives: C: Total - 32651 MB, Free - 5086 MB; F: Total - 238472 MB, Free - 160169 MB;
    Motherboard: DIXONSXP, DIXONSXP, ,
    Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled.

    Recently noticed that since july 2010 my windows update has not been installing the required updates. Gives me an error code 80246008. after trying to install. I have gone to the Knowledge base and tried to solve the problem but to no success. The BITS starts then stops almost straight away. Then keeps giving me this message.
    " The background intelligent transfer service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. "

    Can anyone help please.
    Many thanks.
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Click Start > Programs > Accessories > right-click on Command Prompt, select "Run as Administrator" to open a command prompt.

    In the Command Prompt, type in the bold text, one command after the other, pressing Enter between each of them:

    Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

    Reset IPv4 TCP/IP stack to installation defaults: netsh int ipv4 reset reset.log

    Reset IPv6 TCP/IP stack to installation defaults: netsh int ipv6 reset reset.log

    Reboot the computer.
     
  3. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    Done all of the above. Still no change. Thanks for trying
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Please click HERE to download and install HijackThis.

    Run it and select Do a system scan and save a logfile from the Main Menu.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    IMPORTANT: Do not fix anything
     
  5. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:00:34, on 18/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal
    Running processes:
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: ICON 225 USB Connect.lnk = C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - (no file)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - (no file)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.3.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    --
    End of file - 8507 bytes
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Is the Startup Type for that service set to Automatic? In Windows XP, that service is set to Manual by default. However, in Vista, it's Automatic, and can be set to Automatic (Delayed Start). Then, Start the service.

    Also make sure the Windows Event Log service is Started and Automatic.
     
  7. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    The BITS is already set to automatic delayed.
    The events log is on automatic and has started.
    What do i do next.
     
  8. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Probably not related but you should remove SearchSettings from your computer. It's up to no good. It's adware. Look for it in "Programs and Features" and uninstall it.

    In case these don't get removed:

    Run HijackThis again.

    Select Do a system scan only.

    Put a check mark on:

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)


    Click Fix checked.


    I'll further look into your Windows Update problem...
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    OK, just found evidence of a SmitFraud infection on your computer. (added to those traces of Trojan-Downloader.Zlob.Media-Codec).

    File sharing (µTorrent) is a risky business. These nasties will often come from music downloaded from file sharing programs and from special codecs needed to view a "certain type" of videos...

    Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
     
  10. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    i have now sent the report and asked for it to be moved to the other forum.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya waydown72

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

    Proceed as follows ;-

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Before saving Combofix to the Desktop rename to Gotcha.exe as below:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply...

    Kevin
     
  12. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    ComboFix 11-01-18.04 - winnie 19/01/2011 12:51:26.1.1 - x86
    Microsoft® Windows Vista&#8482; Home Basic 6.0.6002.2.1252.44.1033.18.501.79 [GMT 0:00]
    Running from: c:\users\winnie\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Fast Browser Search
    c:\program files\Helper
    c:\program files\Sotfone
    c:\program files\Video Add-on
    c:\program files\Video Add-on\ot.ico
    c:\program files\Video Add-on\ts.ico
    c:\programdata\vlc-0.9.9-win32.exe
    c:\programdata\vlc-1.0.1-win32.exe
    c:\users\winnie\AppData\Local\0535049569854.xxe
    c:\users\winnie\AppData\Local\05352975110249.xxe
    c:\users\winnie\FAVORI~1\Online Security Test.url
    c:\users\winnie\Favorites\Online Security Test.url
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
    .
    2011-01-19 13:05 . 2011-01-19 13:08 -------- d-----w- c:\users\winnie\AppData\Local\temp
    2011-01-19 13:05 . 2011-01-19 13:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-19 13:05 . 2011-01-19 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-18 03:59 . 2011-01-18 03:59 -------- d-----w- c:\program files\Trend Micro
    2011-01-17 03:06 . 2011-01-17 03:06 -------- d-----w- c:\users\winnie\AppData\Roaming\AVG10
    2011-01-17 03:02 . 2011-01-17 03:02 -------- d--h--w- c:\programdata\Common Files
    2011-01-17 02:57 . 2011-01-19 12:14 -------- d-----w- c:\programdata\AVG10
    2011-01-16 23:06 . 2011-01-16 23:06 -------- d-----w- c:\users\winnie\AppData\Roaming\ParetoLogic
    2011-01-14 06:13 . 2011-01-14 06:13 -------- d-----w- c:\windows\en
    2011-01-14 06:11 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-01-14 06:03 . 2011-01-14 06:03 -------- d-----w- c:\windows\PCHEALTH
    2011-01-14 05:59 . 2011-01-14 05:59 -------- d-----w- c:\program files\MSN Toolbar
    2011-01-14 05:56 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-01-14 05:56 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-01-14 05:56 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-01-14 05:51 . 2011-01-14 05:51 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb3f16f1cbb3af08\InstallManager_WLE_WLE.exe
    2011-01-14 05:50 . 2011-01-14 05:50 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\46eeeef1cbb3af07\MeshBetaRemover.exe
    2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DSETUP.dll
    2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DXSETUP.exe
    2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\dsetup32.dll
    2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DXSETUP.exe
    2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\dsetup32.dll
    2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DSETUP.dll
    2011-01-11 19:26 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-11 19:26 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-11 19:26 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-11 19:26 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-11 19:26 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-11 19:26 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-11 19:26 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-11 19:26 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-11 19:26 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-11 19:26 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-11 19:26 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-11 19:26 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-11 19:24 . 2011-01-11 19:24 -------- d-----w- c:\program files\Feedback Tool
    2011-01-11 19:20 . 2011-01-11 19:20 2468664 ----a-w- c:\users\winnie\IE9-WindowsVista-x86-enu.exe
    2011-01-04 22:29 . 2011-01-04 22:29 -------- d-----w- c:\program files\Bonjour
    2010-12-29 15:39 . 2010-12-29 15:39 -------- d-----w- c:\programdata\FileCure
    2010-12-21 00:34 . 2010-12-21 00:34 -------- d-----w- c:\program files\Common Files\Skype
    2010-12-21 00:34 . 2011-01-02 22:58 -------- d-----r- c:\program files\Skype
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-13 21:27 . 2010-12-13 21:27 13944160 ----a-w- c:\users\winnie\IE8-WindowsVista-x86-ENU.exe
    2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-10 02:54 . 2010-11-10 02:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-11-10 02:28 . 2010-11-10 02:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-06-29 12:00 . 2010-06-29 12:00 70646 ----a-w- c:\program files\Uninstall.exe
    2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-5-28 843776]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
    AddRemove-deskPDF 2.5 Standard_is1 - e:\ten pdf reader\deskPDF\unins000.exe
    AddRemove-Joboshare DVD Ripper Platinum - e:\dvd ripper platinum\Uninstall.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-19 13:08
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-19 13:15:59
    ComboFix-quarantined-files.txt 2011-01-19 13:15
    Pre-Run: 6,604,525,568 bytes free
    Post-Run: 6,825,553,920 bytes free
    - - End Of File - - FA9063D10F46B0A6C3DAED04E7005F25
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya waydown72,

    Proceed as follows please :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    
    DirLook::
    c:\windows\en
    Folder::
    c:\users\winnie\AppData\Roaming\ParetoLogic
    c:\programdata\FileCure
    File::
    c:\program files\Uninstall.exe
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like in your reply :-

    • Log from Combofix
    • Log from ESET
    • Log from Security Checks
    • System review, improvements? remaining issues?

    Kevin
     
  14. waydown72

    waydown72 Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    62
    ComboFix 11-01-18.04 - winnie 20/01/2011 22:45:54.4.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.501.153 [GMT 0:00]
    Running from: c:\users\winnie\Desktop\Gotcha.exe
    Command switches used :: c:\users\winnie\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FILE ::
    "c:\program files\Uninstall.exe"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Uninstall.exe
    c:\programdata\FileCure
    c:\programdata\FileCure\fc_db.db
    c:\programdata\FileCure\fc_history.db
    c:\programdata\FileCure\fc_ignore.db
    c:\users\winnie\AppData\Roaming\ParetoLogic
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
    .
    2011-01-20 23:00 . 2011-01-20 23:03 -------- d-----w- c:\users\winnie\AppData\Local\temp
    2011-01-20 23:00 . 2011-01-20 23:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-20 23:00 . 2011-01-20 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-18 03:59 . 2011-01-18 03:59 -------- d-----w- c:\program files\Trend Micro
    2011-01-17 03:06 . 2011-01-17 03:06 -------- d-----w- c:\users\winnie\AppData\Roaming\AVG10
    2011-01-17 03:02 . 2011-01-17 03:02 -------- d--h--w- c:\programdata\Common Files
    2011-01-17 02:57 . 2011-01-19 12:14 -------- d-----w- c:\programdata\AVG10
    2011-01-14 06:13 . 2011-01-14 06:13 -------- d-----w- c:\windows\en
    2011-01-14 06:11 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-01-14 06:03 . 2011-01-14 06:03 -------- d-----w- c:\windows\PCHEALTH
    2011-01-14 05:59 . 2011-01-14 05:59 -------- d-----w- c:\program files\MSN Toolbar
    2011-01-14 05:56 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-01-14 05:56 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-01-14 05:56 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-01-14 05:51 . 2011-01-14 05:51 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb3f16f1cbb3af08\InstallManager_WLE_WLE.exe
    2011-01-14 05:50 . 2011-01-14 05:50 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\46eeeef1cbb3af07\MeshBetaRemover.exe
    2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DSETUP.dll
    2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DXSETUP.exe
    2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\dsetup32.dll
    2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DXSETUP.exe
    2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\dsetup32.dll
    2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DSETUP.dll
    2011-01-11 19:26 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-11 19:26 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-11 19:26 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-11 19:26 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-11 19:26 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-11 19:26 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-11 19:26 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-11 19:26 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-11 19:26 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-11 19:26 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-11 19:26 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-11 19:26 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-11 19:24 . 2011-01-11 19:24 -------- d-----w- c:\program files\Feedback Tool
    2011-01-11 19:20 . 2011-01-11 19:20 2468664 ----a-w- c:\users\winnie\IE9-WindowsVista-x86-enu.exe
    2011-01-04 22:29 . 2011-01-04 22:29 -------- d-----w- c:\program files\Bonjour
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-13 21:27 . 2010-12-13 21:27 13944160 ----a-w- c:\users\winnie\IE8-WindowsVista-x86-ENU.exe
    2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-10 02:54 . 2010-11-10 02:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-11-10 02:28 . 2010-11-10 02:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\en ----
    2010-11-10 02:37 . 2010-11-10 02:37 106864 ----a-w- c:\windows\en\WLXPGSS.SCR.mui

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-5-28 843776]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    .
    - - - - ORPHANS REMOVED - - - -
    AddRemove-Amazon MP3 Downloader - c:\program files\Uninstall.exe

    **************************************************************************
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files:
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-20 23:11:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-20 23:11
    ComboFix2.txt 2011-01-19 16:36
    ComboFix3.txt 2011-01-19 15:42
    ComboFix4.txt 2011-01-19 13:16
    Pre-Run: 5,795,975,168 bytes free
    Post-Run: 5,807,783,936 bytes free
    - - End Of File - - 2161CAA3E484E8D57B0CFE6A76D82C93
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hello waydown72,

    What happened with Combofix? In post 11 I asked you to d/l Combofix, rename to Gotcha.exe and run it and post the log.

    In post 12 the log shows that Combofix was not actually re-named, but ran as Combofix. That is no big deal as it ran OK. That is run No.1

    In post 13 I give you a Script fix to run by dragging the fix text into Combofix. The resultant log should show run No.2

    In post 14 I actually get a log from The 4th run of Combofix, and guess what; it has now been re-named to Gotcha.exe. What is going on? I had also asked you to run a scan with ESET and Security Checks and post those logs.

    It is pointless me try to help you if you will not follow my instructions and just do as you please....

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975198

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice