Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cannot connect to Internet

Started by Bito, May 07 2012 01:18 AM

This topic is locked
Go to first unread post

40 replies to this topic

#1
Bito

Posted 07 May 2012 - 01:18 AM

New Member

Members
42 posts

My PC is running XP and cannot connect to Internet. Cannot print either.
I have run Malwarebytes and cleaned up some ninor problems but did not resolve my main problem as I still cannot connect to Internet.
What do you suggest I do?
Tx,
Bito

By the way, I have run DDS and attached are the two logs that it produced.
I hope this helps.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Vito at 2:35:58 on 2012-05-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1434 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1182480163\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Wusage8\wusages.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
C:\PROGRA~1\FOXITS~1\FOXITP~1\FOXITP~1.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120502220512.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\vito\local settings\application data\akamai\netsession_win.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HostManager] c:\program files\common files\aol\1182480163\ee\AOLSoftware.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: c:\docume~1\vito\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\vito\startm~1\programs\startup\quicki~1.lnk - c:\program files\constant contact\quickimportoe\QuickImportOEHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\automa~1.lnk - c:\program files\inetprn\INETPRN1.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\handspring\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: musicmatch.com\online
DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vito\application data\mozilla\firefox\profiles\3wlchgzf.default user\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25
FF - user.js: extensions.funmoods_i.instlDay - 15371
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52:08
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-9 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-13 89792]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-16 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-8 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-13 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-13 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-13 151880]
R2 Wusage;Wusage;c:\program files\wusage8\wusages.exe [2008-3-28 5285472]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-13 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-8 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-9 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-9 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-13 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 83856]
S2 AGV;Winsock2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 antivirservice;Sfdrv01;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 avg7rsxp;Kpfwsvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 avgcoresvc;StillCam;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 avgtdi;Asp.net_2.0.50727;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 avp;ATIBTXBAR;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 awhost32;Clsched;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 BRGSp50;Nv_agp;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ccevtmgr;NWUSBModem;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 clientservice;BcmSqlStartupSvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 cmdagent;SE26mdm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 DivisCTP;Sfilter;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 DivisCTS;WDM_YAMAHAAC97;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 fssfltr;Quickbooksdb;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ghostsec;Pensup;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S2 GV600_4;Enxpsvr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ikfileflt;Iaimtv1;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 klif;Cpqalert;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 LMIRfsDriver;Advantage;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mcafeeframework;Streamloadservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mcdetect.exe;Cachemgr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mcredirector;Slntamr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mctaskmanager;Bdpredir;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mirrorv3;WmHidLo;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 mpfirewl;Rimmptsk;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 naveng;DSDrv4;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 navex15;Uagp35;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ndasbus;Websensecamreportserver;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ndasscsi;A88xXBar;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 ofcpfwsvc;CTEAPSFX.DLL;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pav_security;Dbustrcm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pavagente;PSSdk23;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pavatscheduler;Cmuda;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pavreport;MSIRCOMM;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pavsrv;Wacomkey;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 pctfw1;ATWPKT2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 RalinkRegistryWriter;PNRPSvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 RAPIProtocol;Aswmon2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 S3GIGP;S7oppitx;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 savrt;Cam5603D;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 savrtpel;MSFWDrv;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 savscan;Bcim;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 sdcoreservice;AlteraByteBlaster;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 symantecantibotagent;DCFS2K;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 symantecantibotshim;Transbaseservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 vet-filt;Vproeventmonitor;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 vet-rec;SE2Dmdm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 vetfddnt;Was;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 webrootadminconsole;S24trans;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 webrootenterpriseclientservice;Sdcoreservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 webrootspysweeperservice;Btwdndis;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 xfilt;W22n51;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253088]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-28 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-13 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-9 40552]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-05-03 02:05:09 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-04-18 00:33:59 -------- d-----w- c:\windows\system32\tempdir
2012-04-18 00:33:57 1103360 ----a-w- c:\windows\system32\cidfont.dll
2012-04-18 00:33:56 1503232 ----a-w- c:\windows\system32\ptj.exe
2012-04-18 00:33:51 4369408 ----a-w- c:\windows\system32\pdftk.exe
2012-04-18 00:33:50 235008 ----a-w- c:\windows\system32\office.exe
2012-04-18 00:33:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2012-04-14 23:26:53 -------- d-----w- c:\program files\HRBlock2011
2012-04-12 02:22:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-07 04:42:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-14 07:03:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 17:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 17:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29:46 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29:46 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2006-06-01 21:39:20 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 2:37:46.00 ===============

Attached Files

dds.txt 24.41K 9 downloads
attach.txt 131.8K 7 downloads

#2
LDTate

Posted 07 May 2012 - 03:24 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps
Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Larry Tate
Consumer Support Specialist

#3
Bito

Posted 07 May 2012 - 05:47 PM

New Member

Members
42 posts

Thanks for the advice. I will go and change all my passwords.
However, I still would like to clean this computer.
Tx,
Bito

#4
LDTate

Posted 07 May 2012 - 05:58 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Lets see if we can repair the internet connection first

Internet Explorer (Windows)
1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)
1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.
If you have any questions please ask before moving on.

Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
Then save the file as "fixme.bat" to your Desktop

In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.

@ECHO OFF
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
netsh int ip reset resetlog.txt
netsh winsock reset catalog

On Windows XP you can double-click the file to run it.
On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
This will flash a black DOS box very quickly and go away, this is normal.
Restart your computer now.
Launch Internet Explorer and see if you can connect to the Internet.
Launch MBAM and check for Updates

Larry Tate
Consumer Support Specialist

#5
Bito

Posted 07 May 2012 - 09:31 PM

New Member

Members
42 posts

I looked at both IE and Firefox as you suggested and the buttons you mentioned were both unchecked. Is that the way they should have been? Forom your instructions I thought I should have found them checked and I had to uncheck them. I have done nothing else as I wanted you to be aware of this.
Please advise.

#6
LDTate

Posted 08 May 2012 - 06:30 AM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

That's fine.

Run the batch file

Larry Tate
Consumer Support Specialist

#7
Bito

Posted 08 May 2012 - 06:01 PM

New Member

Members
42 posts

I have run the batch file and a pop up has appeared after a few successful steps. The pop-up contained the following message:

on the border of the pop-up: netsh.exe - Entry point not found
Inside the pop-up: The procedure entry point MIGRATEWINSOCKCONFIGURATION could not be located in the dynamic link library MSWSOC.DLL
I clicked OK and then received the followin message: The following helper DLL cannot be located: IFMOB.DLL

I then restarted the PC but it still cannot contect to the internet.

Any other suggested steps to try?

#8
LDTate

Posted 08 May 2012 - 06:08 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

Note:
If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1
Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.
Be sure to download any updates.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.

Notes: Skip the Recovery Console part as you don't have a internet connection
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Larry Tate
Consumer Support Specialist

#9
Bito

Posted 09 May 2012 - 03:16 AM

New Member

Members
42 posts

I have run combofix but pc still does not connect to the internet. Below is the log produced by combofix.
What should I try next?

ComboFix 12-05-08.02 - Vito 05/09/2012 2:18.2.2 - x86
Running from: F:\iexplore.exe.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\LocalService\Application Data\PriceGong
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Vito\Application Data\Microsoft\~DFK1777e48.tmp
c:\documents and settings\Vito\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Vito\Application Data\Microsoft\bass.dll
c:\documents and settings\Vito\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Vito\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Vito\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Vito\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Vito\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Vito\Application Data\PriceGong
c:\documents and settings\Vito\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Vito\Application Data\PriceGong\Data\z.xml
C:\Microsoft
c:\microsoft\Protect\CREDHIST
c:\windows\$NtUninstallKB21333$\1437077215
c:\windows\$NtUninstallKB21333$\2080911197\@
c:\windows\$NtUninstallKB21333$\2080911197\bckfg.tmp
c:\windows\$NtUninstallKB21333$\2080911197\cfg.ini
c:\windows\$NtUninstallKB21333$\2080911197\Desktop.ini
c:\windows\$NtUninstallKB21333$\2080911197\keywords
c:\windows\$NtUninstallKB21333$\2080911197\kwrd.dll
c:\windows\$NtUninstallKB21333$\2080911197\L\pdmzmplg
c:\windows\$NtUninstallKB21333$\2080911197\lsflt7.ver
c:\windows\$NtUninstallKB21333$\2080911197\oemid
c:\windows\$NtUninstallKB21333$\2080911197\U\00000001.@
c:\windows\$NtUninstallKB21333$\2080911197\U\00000002.@
c:\windows\$NtUninstallKB21333$\2080911197\U\00000004.@
c:\windows\$NtUninstallKB21333$\2080911197\U\80000000.@
c:\windows\$NtUninstallKB21333$\2080911197\U\80000004.@
c:\windows\$NtUninstallKB21333$\2080911197\U\80000032.@
c:\windows\$NtUninstallKB21333$\2080911197\version
c:\windows\SET587.tmp
c:\windows\SETA80.tmp
c:\windows\system32\aosmtp.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\office.exe
c:\windows\system32\SET12D8.tmp
c:\windows\system32\SET12D9.tmp
c:\windows\system32\SET12DB.tmp
c:\windows\system32\SET12E0.tmp
c:\windows\system32\SET1312.tmp
c:\windows\system32\SET1347.tmp
c:\windows\system32\SET1357.tmp
c:\windows\system32\SET1358.tmp
c:\windows\system32\SET17A1.tmp
c:\windows\system32\SET17A2.tmp
c:\windows\system32\SET17A4.tmp
c:\windows\system32\SET17A9.tmp
c:\windows\system32\SET17DB.tmp
c:\windows\system32\SET1820.tmp
c:\windows\system32\SET1821.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET27C.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET282.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355A.tmp
c:\windows\system32\SET355B.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35C0.tmp
c:\windows\system32\SET35C2.tmp
c:\windows\system32\SET35D1.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37A.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D7.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3FE.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET411.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET454.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET46F.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A0.tmp
c:\windows\system32\SET4AC.tmp
c:\windows\system32\SET4B1.tmp
c:\windows\system32\SET4B7.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4CD.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4E8.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EE.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET4FE.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET503.tmp
c:\windows\system32\SET505.tmp
c:\windows\system32\SET507.tmp
c:\windows\system32\SET508.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50D.tmp
c:\windows\system32\SET50F.tmp
c:\windows\system32\SET514.tmp
c:\windows\system32\SET515.tmp
c:\windows\system32\SET51D.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET52C.tmp
c:\windows\system32\SET52F.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET53A.tmp
c:\windows\system32\SET53B.tmp
c:\windows\system32\SET53F.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET544.tmp
c:\windows\system32\SET545.tmp
c:\windows\system32\SET548.tmp
c:\windows\system32\SET54A.tmp
c:\windows\system32\SET54C.tmp
c:\windows\system32\SET54F.tmp
c:\windows\system32\SET552.tmp
c:\windows\system32\SET556.tmp
c:\windows\system32\SET558.tmp
c:\windows\system32\SET55A.tmp
c:\windows\system32\SET6B1.tmp
c:\windows\system32\SET6B7.tmp
c:\windows\system32\SET767.tmp
c:\windows\system32\SET768.tmp
c:\windows\system32\SET769.tmp
c:\windows\system32\SET76B.tmp
c:\windows\system32\SET76D.tmp
c:\windows\system32\SET76F.tmp
c:\windows\system32\SET771.tmp
c:\windows\system32\SET777.tmp
c:\windows\system32\SET778.tmp
c:\windows\system32\SET77B.tmp
c:\windows\system32\SET784.tmp
c:\windows\system32\SET785.tmp
c:\windows\system32\SET786.tmp
c:\windows\system32\SET788.tmp
c:\windows\system32\SET789.tmp
c:\windows\system32\SET78A.tmp
c:\windows\system32\SET78B.tmp
c:\windows\system32\SET78C.tmp
c:\windows\system32\SET78E.tmp
c:\windows\system32\SET78F.tmp
c:\windows\system32\SET790.tmp
c:\windows\system32\SET793.tmp
c:\windows\system32\SET79A.tmp
c:\windows\system32\SET79B.tmp
c:\windows\system32\SET79C.tmp
c:\windows\system32\SET79D.tmp
c:\windows\system32\SET79F.tmp
c:\windows\system32\SET7A1.tmp
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7A7.tmp
c:\windows\system32\SET7AA.tmp
c:\windows\system32\SET7AC.tmp
c:\windows\system32\SET7AD.tmp
c:\windows\system32\SET7AE.tmp
c:\windows\system32\SET7B0.tmp
c:\windows\system32\SET7B5.tmp
c:\windows\system32\SET7B6.tmp
c:\windows\system32\SET7B7.tmp
c:\windows\system32\SET7B8.tmp
c:\windows\system32\SET7B9.tmp
c:\windows\system32\SET7BC.tmp
c:\windows\system32\SET7BF.tmp
c:\windows\system32\SET7C4.tmp
c:\windows\system32\SET7C5.tmp
c:\windows\system32\SET7C6.tmp
c:\windows\system32\SET7C8.tmp
c:\windows\system32\SET7CB.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7CD.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7D4.tmp
c:\windows\system32\SET7D7.tmp
c:\windows\system32\SET7DA.tmp
c:\windows\system32\SET7DB.tmp
c:\windows\system32\SET7E4.tmp
c:\windows\system32\SET7E5.tmp
c:\windows\system32\SET7E8.tmp
c:\windows\system32\SET7EA.tmp
c:\windows\system32\SET7EB.tmp
c:\windows\system32\SET7EC.tmp
c:\windows\system32\SET7ED.tmp
c:\windows\system32\SET7EE.tmp
c:\windows\system32\SET7EF.tmp
c:\windows\system32\SET7F3.tmp
c:\windows\system32\SET7FF.tmp
c:\windows\system32\SET804.tmp
c:\windows\system32\SET805.tmp
c:\windows\system32\SET806.tmp
c:\windows\system32\SET808.tmp
c:\windows\system32\SET809.tmp
c:\windows\system32\SET80A.tmp
c:\windows\system32\SET80D.tmp
c:\windows\system32\SET80E.tmp
c:\windows\system32\SET812.tmp
c:\windows\system32\SET813.tmp
c:\windows\system32\SET816.tmp
c:\windows\system32\SET817.tmp
c:\windows\system32\SET818.tmp
c:\windows\system32\SET81A.tmp
c:\windows\system32\SET81E.tmp
c:\windows\system32\SET81F.tmp
c:\windows\system32\SET820.tmp
c:\windows\system32\SET827.tmp
c:\windows\system32\SET828.tmp
c:\windows\system32\SET82E.tmp
c:\windows\system32\SET82F.tmp
c:\windows\system32\SET830.tmp
c:\windows\system32\SET831.tmp
c:\windows\system32\SET833.tmp
c:\windows\system32\SET838.tmp
c:\windows\system32\SET839.tmp
c:\windows\system32\SET83F.tmp
c:\windows\system32\SET845.tmp
c:\windows\system32\SET847.tmp
c:\windows\system32\SET849.tmp
c:\windows\system32\SET84A.tmp
c:\windows\system32\SET84B.tmp
c:\windows\system32\SET84E.tmp
c:\windows\system32\SET850.tmp
c:\windows\system32\SET856.tmp
c:\windows\system32\SET858.tmp
c:\windows\system32\SET859.tmp
c:\windows\system32\SET85C.tmp
c:\windows\system32\SET85E.tmp
c:\windows\system32\SET861.tmp
c:\windows\system32\SET866.tmp
c:\windows\system32\SET870.tmp
c:\windows\system32\SET872.tmp
c:\windows\system32\SET873.tmp
c:\windows\system32\SET874.tmp
c:\windows\system32\SET87B.tmp
c:\windows\system32\SET87C.tmp
c:\windows\system32\SET87F.tmp
c:\windows\system32\SET880.tmp
c:\windows\system32\SET881.tmp
c:\windows\system32\SET882.tmp
c:\windows\system32\SET883.tmp
c:\windows\system32\SET885.tmp
c:\windows\system32\SET886.tmp
c:\windows\system32\SET887.tmp
c:\windows\system32\SET889.tmp
c:\windows\system32\SET88A.tmp
c:\windows\system32\SET88B.tmp
c:\windows\system32\SET88D.tmp
c:\windows\system32\SET890.tmp
c:\windows\system32\SET895.tmp
c:\windows\system32\SET896.tmp
c:\windows\system32\SET897.tmp
c:\windows\system32\SET89C.tmp
c:\windows\system32\SET89D.tmp
c:\windows\system32\SET89E.tmp
c:\windows\system32\SET8A0.tmp
c:\windows\system32\SET8A3.tmp
c:\windows\system32\SET8A5.tmp
c:\windows\system32\SET8A6.tmp
c:\windows\system32\SET8A9.tmp
c:\windows\system32\SET8AA.tmp
c:\windows\system32\SET8AD.tmp
c:\windows\system32\SET8B0.tmp
c:\windows\system32\SET8B1.tmp
c:\windows\system32\SET8B3.tmp
c:\windows\system32\SET8B8.tmp
c:\windows\system32\SET8BA.tmp
c:\windows\system32\SET8BD.tmp
c:\windows\system32\SET8C0.tmp
c:\windows\system32\SET8C1.tmp
c:\windows\system32\SET8C2.tmp
c:\windows\system32\SET8C3.tmp
c:\windows\system32\SET8C6.tmp
c:\windows\system32\SET8C7.tmp
c:\windows\system32\SET8CD.tmp
c:\windows\system32\SET8CE.tmp
c:\windows\system32\SET8D0.tmp
c:\windows\system32\SET8D1.tmp
c:\windows\system32\SET8D7.tmp
c:\windows\system32\SET8D8.tmp
c:\windows\system32\SET8D9.tmp
c:\windows\system32\SET8DA.tmp
c:\windows\system32\SET8DB.tmp
c:\windows\system32\SET8DC.tmp
c:\windows\system32\SET8DE.tmp
c:\windows\system32\SET8E0.tmp
c:\windows\system32\SET8E3.tmp
c:\windows\system32\SET8EB.tmp
c:\windows\system32\SET8ED.tmp
c:\windows\system32\SET8EF.tmp
c:\windows\system32\SET8F0.tmp
c:\windows\system32\SET8F1.tmp
c:\windows\system32\SET8F3.tmp
c:\windows\system32\SET8F5.tmp
c:\windows\system32\SET8FA.tmp
c:\windows\system32\SET8FC.tmp
c:\windows\system32\SET8FD.tmp
c:\windows\system32\SET902.tmp
c:\windows\system32\SET90D.tmp
c:\windows\system32\SET910.tmp
c:\windows\system32\SET911.tmp
c:\windows\system32\SET912.tmp
c:\windows\system32\SET915.tmp
c:\windows\system32\SET91D.tmp
c:\windows\system32\SET924.tmp
c:\windows\system32\SET926.tmp
c:\windows\system32\SET92F.tmp
c:\windows\system32\SET931.tmp
c:\windows\system32\SET934.tmp
c:\windows\system32\SET946.tmp
c:\windows\system32\SET94A.tmp
c:\windows\system32\SET94C.tmp
c:\windows\system32\SET94E.tmp
c:\windows\system32\SET954.tmp
c:\windows\system32\SET955.tmp
c:\windows\system32\SET958.tmp
c:\windows\system32\SET963.tmp
c:\windows\system32\SET964.tmp
c:\windows\system32\SET966.tmp
c:\windows\system32\SET96C.tmp
c:\windows\system32\SET96E.tmp
c:\windows\system32\SET96F.tmp
c:\windows\system32\SET971.tmp
c:\windows\system32\SET974.tmp
c:\windows\system32\SET975.tmp
c:\windows\system32\SET979.tmp
c:\windows\system32\SET980.tmp
c:\windows\system32\SET983.tmp
c:\windows\system32\SET985.tmp
c:\windows\system32\SET98B.tmp
c:\windows\system32\SET994.tmp
c:\windows\system32\SET995.tmp
c:\windows\system32\SET999.tmp
c:\windows\system32\SET99B.tmp
c:\windows\system32\SET99C.tmp
c:\windows\system32\SET99D.tmp
c:\windows\system32\SET9A9.tmp
c:\windows\system32\SET9AE.tmp
c:\windows\system32\SET9B4.tmp
c:\windows\system32\SET9C4.tmp
c:\windows\system32\SET9C5.tmp
c:\windows\system32\SET9CA.tmp
c:\windows\system32\SET9D4.tmp
c:\windows\system32\SET9E3.tmp
c:\windows\system32\SET9E4.tmp
c:\windows\system32\SET9E6.tmp
c:\windows\system32\SET9E7.tmp
c:\windows\system32\SET9EA.tmp
c:\windows\system32\SET9EF.tmp
c:\windows\system32\SET9F1.tmp
c:\windows\system32\SET9F8.tmp
c:\windows\system32\SET9F9.tmp
c:\windows\system32\SET9FA.tmp
c:\windows\system32\SET9FC.tmp
c:\windows\system32\SET9FD.tmp
c:\windows\system32\SET9FE.tmp
c:\windows\system32\SET9FF.tmp
c:\windows\system32\SETA01.tmp
c:\windows\system32\SETA03.tmp
c:\windows\system32\SETA04.tmp
c:\windows\system32\SETA06.tmp
c:\windows\system32\SETA07.tmp
c:\windows\system32\SETA09.tmp
c:\windows\system32\SETA0B.tmp
c:\windows\system32\SETA10.tmp
c:\windows\system32\SETA11.tmp
c:\windows\system32\SETA19.tmp
c:\windows\system32\SETA20.tmp
c:\windows\system32\SETA25.tmp
c:\windows\system32\SETA28.tmp
c:\windows\system32\SETA2B.tmp
c:\windows\system32\SETA2D.tmp
c:\windows\system32\SETA31.tmp
c:\windows\system32\SETA33.tmp
c:\windows\system32\SETA34.tmp
c:\windows\system32\SETA38.tmp
c:\windows\system32\SETA39.tmp
c:\windows\system32\SETA3D.tmp
c:\windows\system32\SETA3E.tmp
c:\windows\system32\SETA41.tmp
c:\windows\system32\SETA43.tmp
c:\windows\system32\SETA45.tmp
c:\windows\system32\SETA48.tmp
c:\windows\system32\SETA4B.tmp
c:\windows\system32\SETA4F.tmp
c:\windows\system32\SETA51.tmp
c:\windows\system32\SETA53.tmp
c:\windows\system32\SETBA2.tmp
c:\windows\system32\SETBA8.tmp
c:\windows\system32\SETD141.tmp
c:\windows\system32\SETD169.tmp
c:\windows\system32\SETD16B.tmp
c:\windows\system32\SETD17A.tmp
c:\windows\$NtUninstallKB21333$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NM
-------\Legacy_NWSAPAGENT
-------\Legacy_RAYSAT3_4_6_18SERVER
-------\Service_nm
-------\Service_NwSapAgent
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-03 02:05 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-04-18 00:33 . 2012-04-18 00:33 -------- d-----w- c:\windows\system32\tempdir
2012-04-18 00:33 . 2009-03-18 18:54 1103360 ----a-w- c:\windows\system32\cidfont.dll
2012-04-18 00:33 . 2005-05-31 07:25 1503232 ----a-w- c:\windows\system32\ptj.exe
2012-04-18 00:33 . 2007-06-27 20:15 4369408 ----a-w- c:\windows\system32\pdftk.exe
2012-04-18 00:33 . 2012-04-18 01:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2012-04-14 23:26 . 2012-04-14 23:27 -------- d-----w- c:\program files\HRBlock2011
2012-04-12 02:22 . 2012-04-14 07:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:03 . 2011-05-19 16:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 17:11 . 2011-05-13 04:11 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 17:29 . 2011-05-13 04:22 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-05-13 04:21 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29 . 2011-05-13 04:21 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-05-13 04:21 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29 . 2011-05-13 04:21 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-05-13 04:21 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-03-13 15:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 17:29 . 2007-02-09 04:28 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2007-02-09 04:28 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2007-02-09 04:28 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2006-06-01 21:39 . 2006-06-01 21:39 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-27 13:02 . 2007-05-10 17:14 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-07-27 13:02 . 2007-05-10 17:14 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-07-27 13:02 . 2008-03-21 01:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-03-21 01:04 . 2008-03-21 01:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2006-11-22 20:18 . 2006-11-22 20:18 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-11-22 20:18 . 2006-11-22 20:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-03-19 20:55 . 2011-05-14 02:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-22 03:15 . 2008-09-03 14:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-05-13 04:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2011-03-24 15:59 . 0F3FA9FDB976C567EC0491685CF4FDF7 . 912344 . . [1.9.2.16] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]
"HostManager"="c:\program files\Common Files\AOL\1182480163\ee\AOLSoftware.exe" [2010-03-08 41800]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-28 273544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Vito\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
QuickImportOEHelper.lnk - c:\program files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe [2007-6-29 10752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Automatic E-Mail Printing.lnk - c:\program files\INETPRN\INETPRN1.EXE [2006-7-8 411648]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-28 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Handspring\Hotsync.exe [N/A]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2007-4-26 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182480163\\ee\\aolsoftware.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\apache.exe"=
"c:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Vito\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/13/2011 12:21 AM 89792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 4:18 AM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2011 9:11 AM 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/13/2011 12:11 AM 151880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2011 9:11 AM 20464]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/13/2011 12:21 AM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/13/2011 12:21 AM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/13/2011 12:22 AM 161632]
S2 pcouffin;FA312;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
S2 Wusage;Wusage;c:\program files\Wusage8\wusages.exe [3/28/2008 5:43 PM 5285472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:22 PM 253088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/13/2011 12:21 AM 57600]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 10:47 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/13/2011 12:21 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/13/2011 12:21 AM 87656]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
SNTIE
SaiClass
imaservice
usnsvc
sr_watchdog
vstor2-ws60
MRESP50a64
wltwo51b
btwusb
MA-620
srtspx
PhilCam8116_XP
syslogd
RR2Ctrl
W8100PCI
bt3cusb
bthidmgr
siskp
tfsncofs
avp
jaguar
HssDrv
cis1284
p2pimsvc
p17xfilt
msftpsvc
NWUSBPort
LMS
kpfwsvc
se44mdm
USBDeviceService
MRESP50
FireTDI
cpucoolserver
mpfirewl
purgeieservice
SymIM
vet-rec
RushTopDevice
incdsrv
firelm01
cwbrxd
Sntnlusb
adihdaudaddservice
NwSapAgent
bc_tdi_f
incdrec
lxcgcustomerconnect
hpqcxs08
v124
AsIO
HpqKbFiltr
nimcdfxk
NETw3v32
s716mdm
msmframework
usbsermpt
sis162u
SI3112
revudfservice
ppped
mod7700
el90xbc
spcstb
vmauthdservice
aslm75
oracle_load_balancer_60_server-forms6ip14
PCASp50
QWAVEDRV
usbohci
NCPro
MMRTKRNL
SWUMX20
savrtpel
nsausvc
fah@c:+fah+fah-service+fah502-console.exe
elockservice
trioservice
sweepsrv.sys
HssTrayService
DCamUSBDXGTech
licensemanagersocket
oracle_load_balancer_60_server-forms6i
iAimFP6
se58obex
hddsvc
symantecantibotagent
brmfrmps
qfcoresvc
sfcure01
z800obex
CSRBC
slave
pavsrv
epfwtdi
symdns
btdriver
FETNDIS
iwebcal
jsdaemon
bgsvcgen
openldap-slapd
nmraapache
ma_cmidi_installerservice
w200mdfl
usbatapi2000
s616mgmt
fa_scheduler
cyberpowerups
mi-raysat_3dsmax9_32
umpusbxp
elosystemservice
mcredirector
webrootenterpriseclientservice
PID_08A0
USB28xxOEM
ser2pl
epson_pm_rpcv2_01
dot4print
fasttrackinstallerservice
usb_rndisx
tmlisten
Exportit
SE27mdm
MTDVC2_ENUM
pdlnslea
lxcr_device
wlmel51b
SQLAgent$LG_LP2
slpmonx
w550mgmt
ibmsmbus
clmtomcatstartersvc
psimsvc
wacommousefilter
DeviceScanner
JGOGO
vrservice
lmimirr
astcc
asuskeyboardservice
lemsgt
int15
SE2Dmgmt
profos
wandrv
IntelC51
CoachUsb
aavmker4
cpqfcalm
w39n51
tb2launch
npptnt2
rtl8187Se
atksgt
O2SCBUS
ss_mdfl
ptserial
dlcj_device
wwsecsvc
cfosspeed
s3psddr
sglfb
rnadirmultiplexor
wlsetupsvc
vmx86
ithsgt
zdeviceservice
PID_PEPI
netmdsb
CTMSHD
CX88AUD
s117unic
lcs
rnadiagreceiver
xcomm
mrobeservice
bcm4sbxp
dlbt_device
XAudio
cacheserver
se59mgmt
sisidex
iaimfp0
NWADI
iteatapi
UsbserFilt
Sk9920nt
digisptiservice
mindretrieve
k750mdfl
basic2
RivaTuner32
GBDevice
roxmediadb9
nlsvc
ati2mpaa
FiltUSBEMPIA
CamAv
avipbb
symsecureport
dptrackerd
cpntsrv
wampmysqld
lvcomser
agentsrv
proxyhostdriver
S3GIGP
CBN
pinnacleupdatesvc
dot4
NOWMEMDF
ipcsvc
mwagent
oracleorahome811cman
snapman380
L8042mou
tosrfnds
curtainssyssvc
se44obex
merakpop3
nisum
lwwlicenseservice
vpcvmm
kpf4
o2flash
protexislicensing
commserver
SlWdmSup
crystaloutputfileserver
fsaua
axsnmsvc
dlbu_device
hpzius12
GTSCSER
bh611
UMAXPCLS
sdhelper
iaimtv2
lanusb
bc_ip_f
Maplom
btwmodem
AMDPCI
VAIOMediaPlatform-MusicServer-UPnP
cmdmon
TOSHIBASoftModem
ulcdrhlp
ASDR
HPFXBULK
s217mgmt
NVR0Dev
hidbatt
rampartsvc
se44nd5
spbbcsvc
Xyz777s
teefer2
p1131vid
w200obex
slssvc
lvmvdrv
szkg
SaiNtBus
enecbpth
ikhlayer
webrootadminconsole
generichidservice
cxpt_service
msfwsvc
vpctcom
netcfgsvr
RMSvc
ibmpmsvc
oracleservicelocalora
npkcusb
cebdaldr
guardian2
uisp
rasirda
ghostsec
AppnBase
mstdc
P16X
nimcrpcsu
LPCFilter
Hotkey
TMHIDSRV
EPSON_EB_RPCV4_01
cics.region1
MA_CMIDI
vhidmini
slimsvc
hpt3xx
mlkkbdntdriver
MTC0001_ESB
s116mgmt
DfwWebAgent
sagefserver
epsonbidirectionalservice
rrspy
se58mdm
dbmang
mctaskmanager
utscsi
NICM
nsctop
alcxsens
pcidrv
lgsnd_filter
ialm
WINFLASH
DCamUSBMke2
upnp
avgntflt
NWDNS
CTDevice_Srv
s616mdm
NWSAP
dsNcAdpt
pktfilter
mcmispupdmgr
ccflic0
M3AD
iclarityqosservice
svv
ATIVTUTW
vncdrv
csctl50
tmtdi
bdselfpr
avgarcln
penclass
smstsmgr
nicser_wmp11
Cam5607
cpqnicmgmt
avgcoresvc
plsremotesvc
EACSys
IntuitUpdateService
w810mgmt
Ptserlp
wfxsvc
mpe
tdrpman
iaimfp1
MA8032U
pmj151la
pserve
nnsvc
PGPwded
rt2500usb
sfrem01
iAimFP7
pacsptisvr
sifilter
BrSerIf
sprtsvc_smartagent
C-Dilla
dnetc
hsf_msft
ifxtcs
raidmagt
qconsvc
DivisCTS
cobbmservice
TPwSav
atiavpci
transcode360
actser
Cinemsup
lktimesync
s125obex
mps9
mssql$microsoftbcm
tandpl
konfig
niorbk
ppa3
c-dillasrv
TMBMServer
dbustrcm
lxdm_device
VNUSB
AVerBDA
s217unic
avcgbdr
aksfridge
tfsndrct
Freedom
hap16v2k
qcdonner
EAWDMFD
ATKGFNEXSrv
vmnetadapter
HIDSwvd
se2Bnd5
navapsvc
Xyz777b
FTDIBUS
eeyeevnt
pop3d32
rpaservice
LMIRfsDriver
nsysaudm
srescan
ispwdsvc
ngdbserv
icam4usb
JRAID
EQDRV5
MTDVC2
oracleoradb10g_home1isql*plus
tiwlnsvc
XilinxPC4Driver
quickhealfirewall
MobilePreInstallerService
ehstart
sdcoreservice
sis315
ahcix86s
GVCplDrv
vaiomediaplatform-mobile-gateway
coste
smartwiservice
tversitymediaserver
idisw2km
E1000
buslogic
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
MSTAPE
ggsemc
ofcpfwsvc
se45nd5
pdlnemap
SE2Ebus
MSIRCOMM
stylexpservice
ssisvr32
risdptsk
TICalc
PAR1284
brmfbags
fssfltr
HSX_DP
inort
issvc
cvintdrv
smbusp
aexnsclienttransport
grmnusb
vds
DC21x4
w200mgmt
servidor
ltxred
roxupnpserver
tbaspi
se2Bunic
bcoreusb
USIUDF
imagedrv
CA561
rimsptsk
sscdserd
prevxdriver
beatjammusicstreamingserver
wlankeeper
vmount2
iaimtv0
se44mgmt
Si3132r5
APLMp50
z800mdfl
crystalinputfileserver
psdistributionagent
webfilter
savrt
PTDCBus
pcnet
AR5416
hpzipr12
WUSB54GCSVC
As6frin
snareiis
w22n51
vvoice
mgactrl
jtagserver
se2Cunic
raidmsvr
ssm_mdm
procexp111
JiaoIO
EhttpSrv
tpkd
ikfileflt
adfs
vetfddnt
mcontrol
db2remotecmd
zunenetworksvc
TMKEmu
tsmservice
symsnap
UlSata
truecrypt
XBCD
SED133x
cpsvc
prevxagent
oracleorahomeclientcache
MSFWHLPR
fsssvc
yukonwlh
W700mdfl
elnkservice
DSI_SiUSBXp_3_1
ageremodemaudio
dntus26
roxliveshare9
pdlnatcm
lsdiorw
WNCPKT
w810obex
mcafeeframework
swupdtmr
omnidrv
flashcomadmin
sbiesvc
btwavdt
rapapp
AGV
ZTEusbser6k
k750bus
SE2Dobex
compbatt
lhidflt2
VAIOMediaPlatform-PhotoServer-UPnP
BTSLBCSP
StreamDispatcher
MtxDma0
lbtserv
mi-raysat_3dsMax2008_32
SRTSP
outpostfirewall
MSCamSvc
RalinkRegistryWriter
vwlogger
blueletaudio
DCamUSBEMPIA
iAimTV5
carboniteservice
awhost32
asapiw2k
ssscsisv
djsnetcn
SE26obex
i81x
W700bus
CoolerXPDriver
retrolauncher
vwd
mbmiodrvr
iolo_srv
dashsvc
richvideo
ami0nt
symantecantibotshim
se58unic
yediex
relational
usr11g
pdlnsv25
omniinet
vet-filt
rdnaoflsvc
clientservice
ql2100
procdd
cmuda3
EKECioCtl
CdaD10BA
qcmerced
tcpip6
cygserver
antivirservice
rtl8185
carboncopy32
ClntMgmt.sys
nvrd64
lvckap
Usb20Scan
crcdisk
nvax
ASNDIS5
U81xmdm
knobserv
TMMEmu
netw4x32
fasttx2k
amfilter
dwusbdnt
siswlsvc
DCamUSBMke
Intels51
rtm
vwkernel
HSFHWICH
ac97intc
addfiltr
SenFiltService
ZSMC303
afs2k
db2licd
regspy
s616bus
portmapper
NICSer_WPC300N
ctxcpuusync
HPSLPSVC
nmwcd
vc5secs
w810mdfl
AEADIFilters
ovsecurityserver
crauto
tdcmdpst
vnxservice
dphost
forcewarewebinterface
gdihook5
rt61
nimxdfk
BCMWLNPF
btserial
dlbx_device
TUWinStylerThemeSvc
mwssched
fix
epgspooler
mapserver6.3
cpqvcagent
webrootspysweeperservice
NxFsMon
AR5523
elagopro
cltnetcnservice
backuplauncher
se27unic
ssrtln
svcwmu
lvpr2mon
fsdfwd
cics.region2
mfetdik
smcservice
avgtdi
rt73
orbmediaservice
ASInsHelp
iirsp
LCcfltr
oracleorahome92tnslistener
smrt
paamsrv
alertmanager
PGPdisk
usbser
hap17v2k
UBHelper
ErrDev
aswtdi
RAPIProtocol
GcKernel
dwmrcs
artdhcp
NvNdis
OVT511Plus
itmrtsvc
logmein
zebrsce
WaveEnrollmentService
mssql$microsoftsmlbiz
qbcfmonitorservice
tunmp
dklogger
vpn5000service
v2imount
hnmsvc
ACDaemon
pavatscheduler
ccevtmgr
atimtag
ncupdatesvc
WIBUKEY
rxmssync
VirtualCam
pdlnshay
bobo
dcfssvc
nod32krn
diskperf
minilog
nv4
amdk77
omniusb
mcstrm
se58bus
ZDPSp50
KLOGNT
ovt519
avpnnic
samfilt
smartscaps
arrayssl_vpn_service3,0,1,9
R300
Rawwan
LHidFilt
mclogmanagerservice
cpqfws2e
smsmdd
avg7rsxp
vsapint
ossrv
ovmsmaccessmanager
NuidFltr
ntcharge
CDRPDACC
BootScreen
SE2Dmdm
msftesql
vaiomediaplatform-photoserver-appserver
videoacceleratorengine
aaksrv
pwisvc
tones
cdudf_xp
DCFS2K
mrvw245
sentinelprotectionserver
LPDSVC
anbmservice
tosrfbnp
mstdfrgs
Sunkfiltp
winpppoverethernet
CXTUNE
scdemu
igniteservice.exe
entertainment
eelogsvc
portio
rbfilter
imap4d32
mssqlserverolapservice
cdvp
efs
iaimtv4
softfax
sandboxu
oracleorahomedatagatherer
z525mgmt
vmnetdhcp
Wdf01000
ihcservice
KMW_SYS
ipsecmon
db2jds
se58nd5
EACSvrMngr
whoisd32
sfilter
s3savagemx
db2das00
NVXBAR
blueletscoaudio
bb-run
cq_mem
pae_avs
pavagente
askernel
TcUsb
magictuneengine
icraplus
msgame
wmconnectcds
cpqdmi
pdlndldl
CTSBLFX.DLL
iam
nbservice
Mtlmnt5
aliadwdm
bc_pat_f
lxcccustomerconnect
Blfp
ldlcserv
oraclexeclragent
STV680
icepack
AlKernel
U81xbus
pae_1394
schscnt
websensecpmcommunicationagent
s716mgmt
QWAVE
sonicwall_netextender
ftrtsvc
winachsx
ndiscm
FirePM
Xponaut_WBD
s117mgmt
ptbsync
s3ssavage
rollbackclientservice
useraccess7
se44unic
sansaservice
nmwcdc
nvmd
rpcapd
hibernation
pxfhmdfl
sshrmd
Stltrk2k
HWSCtrl
Pctspk
AVCamUSB20
snare
wanusb
thpsrv
usb20l
sscdbhk5
g400
SaiNtHid
smtpd32
CE3
mvdcodec
procexp90
yukonwxp
se26unic
SABProcEnum
Cap7134
wampapache
ASLDRService
acmservice
surveyor
emAudio
iAimFP5
olregcap
Spsmqvsm
imountsrv
purendis
pimsgss
EpmPsd
AeLookupSvc
merakcontrol
websensecommunicationagent
VRcore
rtl8023
s116mdfl
telnet
sympxsvc
winss
dnserver32
procmon10
bdpredir
suservice
oracleservicesecinst
lexbces
ASMMAP
ssfs0509
UDFReadr
CAMFLT
SWNC8U51
iAimTV6
amdk7
cxlpt
iPassPeriodicUpdateService
sony_ssm.sys
pcouffin
smserial
ngserver
AffinegyService
DMICall
RTSTOR
websensewfreportserver
Wbutton
msvsmon90
SQLAgent$MICROSOFTSMLBIZ
phc600
keriomailserver
mcdetect.exe
wpshelper
hsxhwazl
db2governor
TuneUp.Defrag
dkeysync
3dkeybd
napagent
SeratoUsb
trlokom_rmhsvc
iPassP
IOSLINK
beatjamupnpmusicserver
sskbfd
kservice
_iomega_active_disk_service_
ssm_mdfl
adiusbaw
tmesrv3
bcm43xx
milshieldcleaner
DM9102
ssmdrv
hpdskflt
ccalib8
SNPSTD3
WmaCDriverV32
rslinxng
pduip6000dmemcrdmgr
crystalaps
tifsfilter
sbhooksvc
networkx
igfx
NsTrcNT
BASFND
hSONYPVh
wmp54gsvc
shdserv
SbcpHid
QPSched
vmnetbridge
NAL
SMCB000
twotrack
motoswitchservice
s125mgmt
service1
nbf
nwcworkstation
winpowerrmi
edspport
com0com
Invoker
ntpr_nic_service2
authsyssvc
gameenum
tcpipBM
UNDPX2A
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
uleadburninghelper
WmVirHid
SE2Emdfl
MagicTune
WmFilter
snac
xnacc
VX1000
hwdatacard
wtwservice
cusrvc
iap
arcltsrv
Amsmpu4p
sfhlp01
BUFADPT
MTsensor
lxdj_device
agrsrvce
pinnaclesys.mediaserver
ibmpmdrv
lp6nds35
FsVga
SiSRaid2
enum1394
DCamUSBSQTECH
lmouflt2
pepifilter
ISODrive
mr2kserv
w300bus
SWMX00
ZTEusbnmea
zebrbus
SMTPSVC
oraclemtsrecoveryservice
DELTA
hdaudaddservice
aswrdr
adaptecstoragemanageragent
USRpdA
wpsdrvnt
PCDCODEC
avsinc
tsircsrv
DSDrv4
mirrorv3
PSDFilter
cmdagent
mwstick
FlexBios
atimpab
c-dillacdac11ba
lvupdtio
bjmcmng
OracleOraHome92ClientCache
nscservice
wusb54gv2svc
AppnApi
SaiNtSub
rvsinst
pdlnsx25
NWHOST
dlcg_device
mmc_2K
MaVctrl
patrol_scheduler
ifp800
Defrag32
IASJet
unrealircd
pfmodnt
sit_bus
3combootp
raysatxsi5_0server
websensecamserver
hcwPP2
noipducservice
nipsvc
tfsnboio
a8djusb
s7oppitx
se45mgmt
sonypvu1
allegro
oracleorahomehttpserver
GV600_4
dtscsi
PSI_SVC_2
NICSer_WPC54G
emu10k
icdsptsv
wg3n
FGDSCSI
ctxcpusched
z800mgmt
usbvm321
nmwcdcm
videX32
pnkbstra
sp_clamsrv
WmBEnum
captureservice
vmkbd2
sisnic
MREMP50a64
pclepci
PNDIS5
msvad_simple
viairda
PXRDDriver
SPFDRV
zpnodecollector
z525mdm
dsncservice
qbfcservice
MSW_USB
pcampr5
lightscribeservice
vmodem
lockmgr
appnnode
marvinbus
DNE
pca
EUSBMSD
pdlndoem
pav_security
vmm
oracle_load_balancer_60_server-forms6ip9
ATIBTCAP
backupexecalertserver
pctfw1
s217mdm
Ncrc710
InCDsrvR
atmeltpm
dnwhodisp
protectionservice
aswlsvc
klif
wlancig
se26nd5
clisvc
w550mdfl
nidomainservice
SiS300i
CX23880
omniusbl
pctoolsfirewallplus
wmdmpmsp
penrendezvous
wencrservice
adpu320
IPFilter
resourcemanagermail
VCIDRV
ARSVC
NSSvcMgr
avgascln
taphss
naveng
nimcdlbk
BCMTPM
CdaC15BA
elnkupdateservice
monfilt
F700isw
symwsc
arhidfltr
nHancer
SE2Cbus
ATIVXSTW
ceepwrsvc
aracpi
WmUsbHid
ood2000
p3
savscan
w800mgmt
opcenum
MSFWDrv
navex15
NWSIPX32
ashampoodefragservice
ctxcpubal
elotouchscreen
tavsvc
MXOFX
npapimon
w800mdfl
iwebmsg
NTIDrvr
prosync1
ctdvda2k
ICM10USB
prohlp02
pdlndqll
scarddrv
icollectservice
hpwirelessmgr
RTLE8023xp
pctavsvc
CTAUDFX.DLL
HFACSVC
tpkmpsvc
pdscheduler
dvpapi
cwafrmiregistry
jobserver_report
intcazaudaddservice
ibmcicstransactiongateway
SE2Cmdfl
sglogplayer
ufad-ws60
rxfilter
pivotmou
pdfcreatormessages
picturetaker
pnmsrv
pivot
ipassconnectengine
snapman
BsHelpCS
DVDRC
incdrm
NMSCFG
bltrust
trayman
dot4ufd
wmccdsls
SimpTcp
SE2Cobex
ss_bus
VAIOMediaPlatform-MusicServer-HTTP
Intel_MIPMNMP
s117mdm
pavreport
enodpl
SPLITCAM
xfilt
imagesrv
USA49W2KP
SE2Emdm
MSICPL
W700mdm
lxct_device
Dfs
NPPTNT
fetnd5bv
mctskshd.exe
ndassvc
meraksmtp
mcusrmgr
pmsveh
LVVI500A
slee_503_service
genmcmn
pnkbstrb
HPFECP20
lxda_device
lckfldservice
InterBaseServer
inorpc
cqmgserv
SprintRcAppSvc
tsscoreservice
mrpostman
A88xXBar
odserv
UsbDiag
houdinilicenseserver
mssql$pinnaclesys
RecAgent
carboncopyscheduler
sptisrv
NxSysMon
SNMP
aswupdsv
lvtuner
ftpqueue
lpds
servicelayer
elbycdio
SNP2STD
wg111nd5
nvlddmkm
toscosrv
usrbridg
tmactmon
ScsiPort
tpsrv
tosrfsnd
cm102u32
Ndisipo
zBackupAssistService
qkbfiltr
ndasbus
wg6n
REVOSENS
zpjobq
Nsynas32
VICESYS
nvgts
ndasscsi
asuskbnt
nmservice
winachcf
prepdrvr
s616nd5
LwUsbHid
trufos
SWUMX51
upsmonservice
spmd
SMNDIS5
inspect
mohfilt
cpqarry2
wcontrol
FreshIO
BRGSp50
smbios
ARPolicy
regdefend
tos_sps32
thotkey
oracleorahome92pagingserver
cdrbsdrv
sysplant
ibmasrex
acsvc
hidgame
cdralw2k
wkscfgsrv
freepops
msi_wlan_service
symfw
admservice
AdobeActiveFileMonitor6.0
VirtualFD
pcdrndisuio
BCM43XV
osaio
nvpvrmon
wm
CoachAud
pcandis5
spmgr
nsm1mdfl
dnsexit
pxfhbus
zfdwm
PAC7302
CTEXFIFX.DLL
mnsframework
Machnm32
phnxvcdservice
tosrfusb
DivisCTP
shuttleengine
viaagp1
sscdbus
PcdrNt
a8djavs
icm10blk
sonytvc
besclient
Ktp
TCtrlIO
rspndr
nvstor32
omci
bgmainsvc
Pnp680r
U81xobex
mvwebserver
sandradatasrv
fingrd32
array_utility_service4,0,1,3
Video3D
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
MHN
BITS
wuauserv
ShellHWDetection
WmdmPmSN
helpsvc
uploadmgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:03]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005Core.job
- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005UA.job
- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]
.
2012-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]
.
2012-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]
.
2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-29 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB
FF - ProfilePath - c:\documents and settings\Vito\Application Data\Mozilla\Firefox\Profiles\3wlchgzf.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25
FF - user.js: extensions.funmoods_i.instlDay - 15371
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\\ftpdf_inst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 03:50
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="%systemroot%\system32\CTHWIUT.DLL.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\docume~1\Vito\LOCALS~1\Temp\IadHide5.dll
c:\program files\Constant Contact\QuickImportOE\QuickImportOEHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\NMSAccessU.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
.
**************************************************************************
.
Completion time: 2012-05-09 03:57:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 07:56
ComboFix2.txt 2011-04-13 21:35
.
Pre-Run: 20,902,223,872 bytes free
Post-Run: 48,468,447,232 bytes free
.
- - End Of File - - E3FE20CAA3CED8FB33D20091CFFC9A8A

#10
LDTate

Posted 09 May 2012 - 06:38 AM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Download this file to your flash drive and copy it over to the infected pc before running

Please download and extract the following file. Then double click on it to merge it into the Registry. XPSP2 netsvcs

Larry Tate
Consumer Support Specialist

#11
Bito

Posted 09 May 2012 - 09:43 AM

New Member

Members
42 posts

Just to be sure... is this the only file I have to run? XPSP2 netsvcs

#12
LDTate

Posted 09 May 2012 - 10:14 AM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

After that run a new Combifix scan

Larry Tate
Consumer Support Specialist

#13
Bito

Posted 09 May 2012 - 02:39 PM

New Member

Members
42 posts

I ran both and the results are still the same. Still connect connect to the internet. Any other suggestions?

Here is the log:

ComboFix 12-05-08.02 - Vito 05/09/2012 14:54:27.3.2 - x86
Running from: F:\iexplore.exe.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-04-18 00:33 . 2012-04-18 00:33 -------- d-----w- c:\windows\system32\tempdir
2012-04-18 00:33 . 2009-03-18 18:54 1103360 ----a-w- c:\windows\system32\cidfont.dll
2012-04-18 00:33 . 2005-05-31 07:25 1503232 ----a-w- c:\windows\system32\ptj.exe
2012-04-18 00:33 . 2007-06-27 20:15 4369408 ----a-w- c:\windows\system32\pdftk.exe
2012-04-18 00:33 . 2012-04-18 01:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2012-04-14 23:26 . 2012-04-14 23:27 -------- d-----w- c:\program files\HRBlock2011
2012-04-12 02:22 . 2012-04-14 07:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:03 . 2011-05-19 16:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-06-01 21:39 . 2006-06-01 21:39 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-27 13:02 . 2007-05-10 17:14 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-07-27 13:02 . 2007-05-10 17:14 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-07-27 13:02 . 2008-03-21 01:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-03-21 01:04 . 2008-03-21 01:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2006-11-22 20:18 . 2006-11-22 20:18 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-11-22 20:18 . 2006-11-22 20:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-03-19 20:55 . 2011-05-14 02:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-22 03:15 . 2008-09-03 14:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-05-13 04:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2011-03-24 15:59 . 0F3FA9FDB976C567EC0491685CF4FDF7 . 912344 . . [1.9.2.16] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_07.30.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-09 18:53 . 2012-05-09 18:53 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat
+ 2012-05-09 18:53 . 2012-05-09 18:53 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]
"HostManager"="c:\program files\Common Files\AOL\1182480163\ee\AOLSoftware.exe" [2010-03-08 41800]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-28 273544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Vito\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
QuickImportOEHelper.lnk - c:\program files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe [2007-6-29 10752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Automatic E-Mail Printing.lnk - c:\program files\INETPRN\INETPRN1.EXE [2006-7-8 411648]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-28 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Handspring\Hotsync.exe [N/A]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2007-4-26 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182480163\\ee\\aolsoftware.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\apache.exe"=
"c:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Vito\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 4:18 AM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2011 9:11 AM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2011 9:11 AM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]
S2 pcouffin;FA312;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
S2 Wusage;Wusage;c:\program files\Wusage8\wusages.exe [3/28/2008 5:43 PM 5285472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:22 PM 253088]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 10:47 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:03]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005Core.job
- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005UA.job
- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]
.
2012-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]
.
2012-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]
.
2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-05-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-29 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB
FF - ProfilePath - c:\documents and settings\Vito\Application Data\Mozilla\Firefox\Profiles\3wlchgzf.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25
FF - user.js: extensions.funmoods_i.instlDay - 15371
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 15:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="%systemroot%\system32\CTHWIUT.DLL.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\
.
Completion time: 2012-05-09 15:28:09
ComboFix-quarantined-files.txt 2012-05-09 19:28
ComboFix2.txt 2012-05-09 07:57
ComboFix3.txt 2011-04-13 21:35
.
Pre-Run: 50,215,505,920 bytes free
Post-Run: 50,211,106,816 bytes free
.
- - End Of File - - 49D10C11440E62366770166CE8D31ED0

#14
LDTate

Posted 09 May 2012 - 03:05 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Do this while I'm looking at the scan results

Go to Start > run > type the following into the open run box then press OK

services.msc

•Make sure all the following services are turned on. To turn on a service, click to select the check box.

Application Layer Gateway Service

Network Connections

Network Location Awareness (NLA)

Plug and Play

Remote Access Auto Connection Manager

Remote Access Connection Manager

Remote Procedure Call (RPC)

Telephony

Larry Tate
Consumer Support Specialist

#15
LDTate

Posted 09 May 2012 - 03:14 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Are those services running?

Larry Tate
Consumer Support Specialist

#16
Bito

Posted 09 May 2012 - 03:37 PM

New Member

Members
42 posts

some were not and I started them
the only one I could not start is Network Location Awareness. I got an error 1968

#17
LDTate

Posted 09 May 2012 - 03:41 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

We won't worry about that one
Still no internet?

Larry Tate
Consumer Support Specialist

#18
Bito

Posted 09 May 2012 - 03:41 PM

New Member

Members
42 posts

sorry ... error 1068

#19
Bito

Posted 09 May 2012 - 03:42 PM

New Member

Members
42 posts

still no internet

#20
LDTate

Posted 09 May 2012 - 03:44 PM

Forum Deity

Moderators
20,117 posts

Gender:Male
Location:Missouri, USA

Click Start> Run> type sfc /scannow Note the space.
(Note that there is a space between sfc and /scannow)

Larry Tate
Consumer Support Specialist

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes