Help! Inconsistent internet speeds only on one device

D

djw663

New Member
I'll replace that file and do the other things you suggest later today, right now I have a 6 hour softball clinic I'm running today.
P.S. as soon as I disabled my wireless nic card and wired my connection my speed went crazy. This is what it is wired with the wireless disabled.

 
johnb35

johnb35

Administrator
Staff member
If you enable the wireless card but still use the wired connection does the speed stay the same or slow back down? If slows down might have a bad wireless driver or adapter.
 
D

djw663

New Member
It slowed down. I plan on removing the wireless card and running a shorter wire through the attack directly to my computer.
 
D

djw663

New Member
I enabled it but the wired is still hooked up. Here are the results.


Now I disconnected the hardwire and here are the results.


My conclusion is that my Mobo has a bad PCIe slot. I'm not going to move the wifi nic card I will just run with a hard wired connections, as far as the device drivers I did a new install with the disc I'll check for an update but I used the same equipment in my old computer and get 10 times the speed with an AMD 1700+ CPU, half the RAM and a HD that is 10+ times slower so I wouldn't thinnk that was the issue but I have seen stranger things happen. I'll let you know the results of the driver update.
 
D

djw663

New Member
Enabled wireless card and plugged back in wired connection.


Disabled wireless card and ran another test within one minute.
 
D

djw663

New Member
× Cookies are disabled! This site requires cookies to be enabled to work properly
Community
Statistics
Documentation
FAQ
About
Join our community Sign in

Analysis completed.
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
SHA1: a719156e8ad67456556a02c34e762944234e7a44
MD5: 9f3a2f5aa6875c72bf062c712cfa2674
File size: 94.3 KB ( 96512 bytes )
File name: atapi.sys
File type: Win32 EXE
Detection ratio: 0 / 46
Analysis date: 2013-04-29 05:14:46 UTC ( 0 minutes ago )

10 12 Less detailsAnalysis File detail
Additional information Comments Votes
Antivirus Result Update
Agnitum  20130427
AhnLab-V3  20130428
AntiVir  20130429
Antiy-AVL  20130428
Avast  20130429
AVG  20130428
BitDefender  20130429
ByteHero  20130424
CAT-QuickHeal  20130429
ClamAV  20130429
Commtouch  20130429
Comodo  20130428
DrWeb  20130429
Emsisoft  20130429
eSafe  20130423
ESET-NOD32  20130428
F-Prot  20130429
F-Secure  20130429
Fortinet  20130429
GData  20130429
Ikarus  20130429
Jiangmin  20130429
K7AntiVirus  20130426
K7GW  20130426
Kaspersky  20130429
Kingsoft  20130422
Malwarebytes  20130429
McAfee  20130429
McAfee-GW-Edition  20130428
Microsoft  20130429
MicroWorld-eScan  20130429
NANO-Antivirus  20130429
Norman  20130426
nProtect  20130429
Panda  20130428
PCTools  20130429
Sophos  20130429
SUPERAntiSpyware  20130428
Symantec  20130429
TheHacker  20130426
TotalDefense  20130428
TrendMicro  20130429
TrendMicro-HouseCall  20130429
VBA32  20130427
VIPRE  20130429
ViRobot  20130429

An error occurred
An error occurred
An error occurred
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
Filename: atapi.sys. PE32 from Windows XP SP3 #goodware #whitelist
Posted 2 months, 3 weeks ago by Bernardo.Quintero #goodware
Posted 1 year, 1 month ago by thisisu Tagged automatically
#goodware
Posted 1 year, 2 months ago by tigzy #goodware
Posted 1 year, 3 months ago by angel1973 #goodware
Posted 1 year, 5 months ago by angel1973 More comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so! More votes Blog | Twitter | [email protected]| Google groups | ToS | Privacy policy × Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.
Email: Recover password Cancel
× Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community.
First name Last name Username * Email * Password * Confirm password * * Required field Cancel Sign up
× Sign inUsername or email Password Forgot your password? Cancel Sign in
 
D

djw663

New Member
If you remember from a previous post I switched adapters with the identicle one from my other computer.
 
johnb35

johnb35

Administrator
Staff member
So this same adapter works great in a different computer?

Lets get that file replaced.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Killall::

fcopy::

c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\System32\drivers\atapi.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then I would like for you to do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 
D

djw663

New Member
Combofix has been scanning for three hours now after dragging the file from the notepad to Combofix. I'll let it continue to run and check in a few more hours. I'll post as soon as possible.
 
D

djw663

New Member
My wife had shut down my computer during a ComboFix scan and when I went to turn it back on the operating system would not reload. I started it in safe mode and restored to 4/26 so I reinstalled ComboFix and did another scan here are the results; do you want me to continue with the suggestions above or do you see something different now?
ComboFix 13-05-01.03 - User 05/02/2013 20:51:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1327 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\documents and settings\User\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:11 . 2013-05-03 03:11 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-03 03:07 . 2013-05-03 03:07 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-05-01 09:55 . 2013-05-01 09:55 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-05-01 09:55 . 2013-05-01 09:55 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-29 05:01 . 2013-04-29 05:01 -------- d-----w- C:\Linksys Driver
2013-04-26 06:27 . 2013-05-03 03:29 -------- d-----w- c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33 -------- d-----w- c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33 -------- d-----w- c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05 -------- d-----w- C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03 -------- d-----w- c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39 212992 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56 -------- d-----w- C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19 11832 ----a-w- c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40 1869600 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20 12653120 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22 1010464 ----a-w- c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20 4494720 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22 893728 ----a-w- c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46 2392064 ----a-w- c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40 2582816 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2013-01-26 03:55 552448 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-05-02 20:59:23
ComboFix-quarantined-files.txt 2013-05-03 03:59
ComboFix2.txt 2013-05-01 10:13
ComboFix3.txt 2013-04-28 01:02
.
Pre-Run: 182,753,644,544 bytes free
Post-Run: 182,685,552,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"
.
- - End Of File - - 1B368396E7C3BE8D84F9CF264C678BBD
 
D

djw663

New Member
I saw where it said I was missing the file you had me put back in here is the current scan.
ComboFix 13-05-01.03 - User 05/02/2013 22:25:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1352 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:11 . 2013-05-03 03:11 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-03 03:07 . 2013-05-03 03:07 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-05-01 09:55 . 2013-05-01 09:55 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-05-01 09:55 . 2013-05-01 09:55 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-29 05:01 . 2013-04-29 05:01 -------- d-----w- C:\Linksys Driver
2013-04-26 06:27 . 2013-05-03 03:29 -------- d-----w- c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33 -------- d-----w- c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33 -------- d-----w- c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05 -------- d-----w- C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03 -------- d-----w- c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39 212992 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56 -------- d-----w- C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19 11832 ----a-w- c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40 1869600 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20 12653120 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22 1010464 ----a-w- c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20 4494720 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22 893728 ----a-w- c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46 2392064 ----a-w- c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40 2582816 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2013-01-26 03:55 552448 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_4
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 22:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-02 22:30:36
ComboFix-quarantined-files.txt 2013-05-03 05:30
ComboFix2.txt 2013-05-03 03:59
ComboFix3.txt 2013-05-01 10:13
ComboFix4.txt 2013-04-28 01:02
.
Pre-Run: 182,686,896,128 bytes free
Post-Run: 182,666,076,160 bytes free
.
- - End Of File - - F2982342F1DF5F19127E48D479255750
Now I will download the next item you recommended.
 
D

djw663

New Member
I saw where and what file was missing and completed the steps to replace the file and I downloaded Eset online scanner and there were no threats found.
Is there anything else you think I need to do?

This is my internet connection after the things you had me do. My service is 15/3!
 
Last edited:
D

djw663

New Member
Thank you "johnb35" I just ran the AVG removal tool, it downloaded at 1.35MB per second a far cry from what it was before. You made it very easy to correct the problems in my computer from the detailed explanations to the links and suggested sites to view the issues. Thanks again.
 
You must log in or register to reply here.
Top