Bito

Cannot connect to Internet

41 posts in this topic

My PC is running XP and cannot connect to Internet. Cannot print either.

I have run Malwarebytes and cleaned up some ninor problems but did not resolve my main problem as I still cannot connect to Internet.

What do you suggest I do?

Tx,

Bito

By the way, I have run DDS and attached are the two logs that it produced.

I hope this helps.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Vito at 2:35:58 on 2012-05-07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1434 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\AOL\1182480163\ee\AOLSoftware.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\eFax Messenger 4.4\J2GTray.exe

C:\Program Files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\NMSAccessU.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Wusage8\wusages.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe

C:\PROGRA~1\FOXITS~1\FOXITP~1\FOXITP~1.EXE

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120502220512.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\vito\local settings\application data\akamai\netsession_win.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [HostManager] c:\program files\common files\aol\1182480163\ee\AOLSoftware.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex

StartupFolder: c:\docume~1\vito\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe

StartupFolder: c:\docume~1\vito\startm~1\programs\startup\quicki~1.lnk - c:\program files\constant contact\quickimportoe\QuickImportOEHelper.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\automa~1.lnk - c:\program files\inetprn\INETPRN1.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\handspring\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: musicmatch.com\online

DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vito\application data\mozilla\firefox\profiles\3wlchgzf.default user\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=

FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25

FF - user.js: extensions.funmoods_i.instlDay - 15371

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52:08

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - ironto

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-9 464304]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-13 89792]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-16 14336]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-8 652360]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-13 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-13 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-13 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-13 151880]

R2 Wusage;Wusage;c:\program files\wusage8\wusages.exe [2008-3-28 5285472]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-13 57600]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-8 20464]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-9 180848]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-9 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-13 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 83856]

S2 AGV;Winsock2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 antivirservice;Sfdrv01;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 avg7rsxp;Kpfwsvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 avgcoresvc;StillCam;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 avgtdi;Asp.net_2.0.50727;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 avp;ATIBTXBAR;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 awhost32;Clsched;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 BRGSp50;Nv_agp;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ccevtmgr;NWUSBModem;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 clientservice;BcmSqlStartupSvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 cmdagent;SE26mdm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 DivisCTP;Sfilter;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 DivisCTS;WDM_YAMAHAAC97;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 fssfltr;Quickbooksdb;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ghostsec;Pensup;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]

S2 GV600_4;Enxpsvr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ikfileflt;Iaimtv1;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 klif;Cpqalert;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 LMIRfsDriver;Advantage;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mcafeeframework;Streamloadservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mcdetect.exe;Cachemgr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mcredirector;Slntamr;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mctaskmanager;Bdpredir;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mirrorv3;WmHidLo;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 mpfirewl;Rimmptsk;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 naveng;DSDrv4;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 navex15;Uagp35;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ndasbus;Websensecamreportserver;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ndasscsi;A88xXBar;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 ofcpfwsvc;CTEAPSFX.DLL;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pav_security;Dbustrcm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pavagente;PSSdk23;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pavatscheduler;Cmuda;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pavreport;MSIRCOMM;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pavsrv;Wacomkey;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 pctfw1;ATWPKT2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 RalinkRegistryWriter;PNRPSvc;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 RAPIProtocol;Aswmon2;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 S3GIGP;S7oppitx;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 savrt;Cam5603D;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 savrtpel;MSFWDrv;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 savscan;Bcim;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 sdcoreservice;AlteraByteBlaster;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 symantecantibotagent;DCFS2K;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 symantecantibotshim;Transbaseservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 vet-filt;Vproeventmonitor;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 vet-rec;SE2Dmdm;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 vetfddnt;Was;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 webrootadminconsole;S24trans;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 webrootenterpriseclientservice;Sdcoreservice;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 webrootspysweeperservice;Btwdndis;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S2 xfilt;W22n51;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253088]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-28 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-13 87656]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-9 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-9 40552]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2012-05-03 02:05:09 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

2012-04-18 00:33:59 -------- d-----w- c:\windows\system32\tempdir

2012-04-18 00:33:57 1103360 ----a-w- c:\windows\system32\cidfont.dll

2012-04-18 00:33:56 1503232 ----a-w- c:\windows\system32\ptj.exe

2012-04-18 00:33:51 4369408 ----a-w- c:\windows\system32\pdftk.exe

2012-04-18 00:33:50 235008 ----a-w- c:\windows\system32\office.exe

2012-04-18 00:33:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-04-14 23:26:53 -------- d-----w- c:\program files\HRBlock2011

2012-04-12 02:22:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-05-07 04:42:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-14 07:03:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-20 17:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe

2012-02-22 17:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 17:29:46 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-02-22 17:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 17:29:46 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-02-22 17:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-02-22 17:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 17:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 17:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 17:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-02-22 17:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2006-06-01 21:39:20 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 2:37:46.00 ===============

dds.txt

attach.txt

Share this post


Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Share this post


Link to post
Share on other sites

Thanks for the advice. I will go and change all my passwords.

However, I still would like to clean this computer.

Tx,

Bito

Share this post


Link to post
Share on other sites

Lets see if we can repair the internet connection first

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Share this post


Link to post
Share on other sites

I looked at both IE and Firefox as you suggested and the buttons you mentioned were both unchecked. Is that the way they should have been? Forom your instructions I thought I should have found them checked and I had to uncheck them. I have done nothing else as I wanted you to be aware of this.

Please advise.

Share this post


Link to post
Share on other sites

That's fine.

Run the batch file

Share this post


Link to post
Share on other sites

I have run the batch file and a pop up has appeared after a few successful steps. The pop-up contained the following message:

on the border of the pop-up: netsh.exe - Entry point not found

Inside the pop-up: The procedure entry point MIGRATEWINSOCKCONFIGURATION could not be located in the dynamic link library MSWSOC.DLL

I clicked OK and then received the followin message: The following helper DLL cannot be located: IFMOB.DLL

I then restarted the PC but it still cannot contect to the internet.

Any other suggested steps to try?

Share this post


Link to post
Share on other sites

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Skip the Recovery Console part as you don't have a internet connection
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I have run combofix but pc still does not connect to the internet. Below is the log produced by combofix.

What should I try next?

ComboFix 12-05-08.02 - Vito 05/09/2012 2:18.2.2 - x86

Running from: F:\iexplore.exe.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\LocalService\Application Data\PriceGong

c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml

c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Vito\Application Data\Microsoft\~DFK1777e48.tmp

c:\documents and settings\Vito\Application Data\Microsoft\1eaadjc.dll

c:\documents and settings\Vito\Application Data\Microsoft\bass.dll

c:\documents and settings\Vito\Application Data\Microsoft\kfgresk.dll

c:\documents and settings\Vito\Application Data\Microsoft\mjcriu.dll

c:\documents and settings\Vito\Application Data\Microsoft\peaadje.dll

c:\documents and settings\Vito\Application Data\Microsoft\qwadjb.dll

c:\documents and settings\Vito\Application Data\Microsoft\rsaadjd.dll

c:\documents and settings\Vito\Application Data\PriceGong

c:\documents and settings\Vito\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Vito\Application Data\PriceGong\Data\z.xml

C:\Microsoft

c:\microsoft\Protect\CREDHIST

c:\windows\$NtUninstallKB21333$\1437077215

c:\windows\$NtUninstallKB21333$\2080911197\@

c:\windows\$NtUninstallKB21333$\2080911197\bckfg.tmp

c:\windows\$NtUninstallKB21333$\2080911197\cfg.ini

c:\windows\$NtUninstallKB21333$\2080911197\Desktop.ini

c:\windows\$NtUninstallKB21333$\2080911197\keywords

c:\windows\$NtUninstallKB21333$\2080911197\kwrd.dll

c:\windows\$NtUninstallKB21333$\2080911197\L\pdmzmplg

c:\windows\$NtUninstallKB21333$\2080911197\lsflt7.ver

c:\windows\$NtUninstallKB21333$\2080911197\oemid

c:\windows\$NtUninstallKB21333$\2080911197\U\00000001.@

c:\windows\$NtUninstallKB21333$\2080911197\U\00000002.@

c:\windows\$NtUninstallKB21333$\2080911197\U\00000004.@

c:\windows\$NtUninstallKB21333$\2080911197\U\80000000.@

c:\windows\$NtUninstallKB21333$\2080911197\U\80000004.@

c:\windows\$NtUninstallKB21333$\2080911197\U\80000032.@

c:\windows\$NtUninstallKB21333$\2080911197\version

c:\windows\SET587.tmp

c:\windows\SETA80.tmp

c:\windows\system32\aosmtp.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\office.exe

c:\windows\system32\SET12D8.tmp

c:\windows\system32\SET12D9.tmp

c:\windows\system32\SET12DB.tmp

c:\windows\system32\SET12E0.tmp

c:\windows\system32\SET1312.tmp

c:\windows\system32\SET1347.tmp

c:\windows\system32\SET1357.tmp

c:\windows\system32\SET1358.tmp

c:\windows\system32\SET17A1.tmp

c:\windows\system32\SET17A2.tmp

c:\windows\system32\SET17A4.tmp

c:\windows\system32\SET17A9.tmp

c:\windows\system32\SET17DB.tmp

c:\windows\system32\SET1820.tmp

c:\windows\system32\SET1821.tmp

c:\windows\system32\SET260.tmp

c:\windows\system32\SET261.tmp

c:\windows\system32\SET263.tmp

c:\windows\system32\SET265.tmp

c:\windows\system32\SET267.tmp

c:\windows\system32\SET269.tmp

c:\windows\system32\SET26F.tmp

c:\windows\system32\SET270.tmp

c:\windows\system32\SET273.tmp

c:\windows\system32\SET27C.tmp

c:\windows\system32\SET27D.tmp

c:\windows\system32\SET27E.tmp

c:\windows\system32\SET280.tmp

c:\windows\system32\SET281.tmp

c:\windows\system32\SET282.tmp

c:\windows\system32\SET283.tmp

c:\windows\system32\SET284.tmp

c:\windows\system32\SET286.tmp

c:\windows\system32\SET287.tmp

c:\windows\system32\SET288.tmp

c:\windows\system32\SET28B.tmp

c:\windows\system32\SET292.tmp

c:\windows\system32\SET293.tmp

c:\windows\system32\SET294.tmp

c:\windows\system32\SET297.tmp

c:\windows\system32\SET299.tmp

c:\windows\system32\SET29B.tmp

c:\windows\system32\SET29F.tmp

c:\windows\system32\SET2A2.tmp

c:\windows\system32\SET2A4.tmp

c:\windows\system32\SET2A5.tmp

c:\windows\system32\SET2A6.tmp

c:\windows\system32\SET2A8.tmp

c:\windows\system32\SET2AD.tmp

c:\windows\system32\SET2AE.tmp

c:\windows\system32\SET2AF.tmp

c:\windows\system32\SET2B0.tmp

c:\windows\system32\SET2B1.tmp

c:\windows\system32\SET2B4.tmp

c:\windows\system32\SET2B7.tmp

c:\windows\system32\SET2BC.tmp

c:\windows\system32\SET2BD.tmp

c:\windows\system32\SET2C0.tmp

c:\windows\system32\SET2C3.tmp

c:\windows\system32\SET2C4.tmp

c:\windows\system32\SET2CB.tmp

c:\windows\system32\SET2CC.tmp

c:\windows\system32\SET2CF.tmp

c:\windows\system32\SET2D2.tmp

c:\windows\system32\SET2D3.tmp

c:\windows\system32\SET2DC.tmp

c:\windows\system32\SET2DD.tmp

c:\windows\system32\SET2E0.tmp

c:\windows\system32\SET2E2.tmp

c:\windows\system32\SET2E3.tmp

c:\windows\system32\SET2E4.tmp

c:\windows\system32\SET2E5.tmp

c:\windows\system32\SET2E6.tmp

c:\windows\system32\SET2E7.tmp

c:\windows\system32\SET2EB.tmp

c:\windows\system32\SET2F7.tmp

c:\windows\system32\SET2FC.tmp

c:\windows\system32\SET2FE.tmp

c:\windows\system32\SET300.tmp

c:\windows\system32\SET301.tmp

c:\windows\system32\SET302.tmp

c:\windows\system32\SET305.tmp

c:\windows\system32\SET306.tmp

c:\windows\system32\SET30A.tmp

c:\windows\system32\SET30B.tmp

c:\windows\system32\SET30E.tmp

c:\windows\system32\SET30F.tmp

c:\windows\system32\SET310.tmp

c:\windows\system32\SET312.tmp

c:\windows\system32\SET316.tmp

c:\windows\system32\SET317.tmp

c:\windows\system32\SET318.tmp

c:\windows\system32\SET31F.tmp

c:\windows\system32\SET320.tmp

c:\windows\system32\SET326.tmp

c:\windows\system32\SET327.tmp

c:\windows\system32\SET328.tmp

c:\windows\system32\SET329.tmp

c:\windows\system32\SET32B.tmp

c:\windows\system32\SET330.tmp

c:\windows\system32\SET331.tmp

c:\windows\system32\SET337.tmp

c:\windows\system32\SET33D.tmp

c:\windows\system32\SET33F.tmp

c:\windows\system32\SET341.tmp

c:\windows\system32\SET342.tmp

c:\windows\system32\SET343.tmp

c:\windows\system32\SET346.tmp

c:\windows\system32\SET348.tmp

c:\windows\system32\SET34E.tmp

c:\windows\system32\SET350.tmp

c:\windows\system32\SET351.tmp

c:\windows\system32\SET354.tmp

c:\windows\system32\SET355A.tmp

c:\windows\system32\SET355B.tmp

c:\windows\system32\SET356.tmp

c:\windows\system32\SET359.tmp

c:\windows\system32\SET35C0.tmp

c:\windows\system32\SET35C2.tmp

c:\windows\system32\SET35D1.tmp

c:\windows\system32\SET35E.tmp

c:\windows\system32\SET368.tmp

c:\windows\system32\SET36A.tmp

c:\windows\system32\SET36C.tmp

c:\windows\system32\SET36D.tmp

c:\windows\system32\SET374.tmp

c:\windows\system32\SET375.tmp

c:\windows\system32\SET378.tmp

c:\windows\system32\SET379.tmp

c:\windows\system32\SET37A.tmp

c:\windows\system32\SET37B.tmp

c:\windows\system32\SET37C.tmp

c:\windows\system32\SET37E.tmp

c:\windows\system32\SET37F.tmp

c:\windows\system32\SET380.tmp

c:\windows\system32\SET382.tmp

c:\windows\system32\SET383.tmp

c:\windows\system32\SET384.tmp

c:\windows\system32\SET386.tmp

c:\windows\system32\SET389.tmp

c:\windows\system32\SET38E.tmp

c:\windows\system32\SET38F.tmp

c:\windows\system32\SET390.tmp

c:\windows\system32\SET395.tmp

c:\windows\system32\SET396.tmp

c:\windows\system32\SET397.tmp

c:\windows\system32\SET399.tmp

c:\windows\system32\SET39C.tmp

c:\windows\system32\SET39E.tmp

c:\windows\system32\SET39F.tmp

c:\windows\system32\SET3A2.tmp

c:\windows\system32\SET3A4.tmp

c:\windows\system32\SET3A7.tmp

c:\windows\system32\SET3AA.tmp

c:\windows\system32\SET3AB.tmp

c:\windows\system32\SET3AD.tmp

c:\windows\system32\SET3B2.tmp

c:\windows\system32\SET3B4.tmp

c:\windows\system32\SET3B7.tmp

c:\windows\system32\SET3BA.tmp

c:\windows\system32\SET3BC.tmp

c:\windows\system32\SET3BD.tmp

c:\windows\system32\SET3BE.tmp

c:\windows\system32\SET3BF.tmp

c:\windows\system32\SET3C1.tmp

c:\windows\system32\SET3C2.tmp

c:\windows\system32\SET3C8.tmp

c:\windows\system32\SET3C9.tmp

c:\windows\system32\SET3CB.tmp

c:\windows\system32\SET3CC.tmp

c:\windows\system32\SET3D2.tmp

c:\windows\system32\SET3D3.tmp

c:\windows\system32\SET3D4.tmp

c:\windows\system32\SET3D5.tmp

c:\windows\system32\SET3D6.tmp

c:\windows\system32\SET3D7.tmp

c:\windows\system32\SET3D9.tmp

c:\windows\system32\SET3DB.tmp

c:\windows\system32\SET3DE.tmp

c:\windows\system32\SET3E6.tmp

c:\windows\system32\SET3E8.tmp

c:\windows\system32\SET3EA.tmp

c:\windows\system32\SET3EB.tmp

c:\windows\system32\SET3EC.tmp

c:\windows\system32\SET3EE.tmp

c:\windows\system32\SET3F0.tmp

c:\windows\system32\SET3F5.tmp

c:\windows\system32\SET3F7.tmp

c:\windows\system32\SET3F8.tmp

c:\windows\system32\SET3FE.tmp

c:\windows\system32\SET40D.tmp

c:\windows\system32\SET410.tmp

c:\windows\system32\SET411.tmp

c:\windows\system32\SET412.tmp

c:\windows\system32\SET415.tmp

c:\windows\system32\SET41D.tmp

c:\windows\system32\SET424.tmp

c:\windows\system32\SET426.tmp

c:\windows\system32\SET42C.tmp

c:\windows\system32\SET42F.tmp

c:\windows\system32\SET431.tmp

c:\windows\system32\SET434.tmp

c:\windows\system32\SET446.tmp

c:\windows\system32\SET44A.tmp

c:\windows\system32\SET44C.tmp

c:\windows\system32\SET44E.tmp

c:\windows\system32\SET454.tmp

c:\windows\system32\SET455.tmp

c:\windows\system32\SET458.tmp

c:\windows\system32\SET463.tmp

c:\windows\system32\SET466.tmp

c:\windows\system32\SET46C.tmp

c:\windows\system32\SET46E.tmp

c:\windows\system32\SET46F.tmp

c:\windows\system32\SET471.tmp

c:\windows\system32\SET477.tmp

c:\windows\system32\SET47B.tmp

c:\windows\system32\SET483.tmp

c:\windows\system32\SET486.tmp

c:\windows\system32\SET488.tmp

c:\windows\system32\SET48E.tmp

c:\windows\system32\SET497.tmp

c:\windows\system32\SET498.tmp

c:\windows\system32\SET49C.tmp

c:\windows\system32\SET49E.tmp

c:\windows\system32\SET49F.tmp

c:\windows\system32\SET4A0.tmp

c:\windows\system32\SET4AC.tmp

c:\windows\system32\SET4B1.tmp

c:\windows\system32\SET4B7.tmp

c:\windows\system32\SET4C7.tmp

c:\windows\system32\SET4C8.tmp

c:\windows\system32\SET4CD.tmp

c:\windows\system32\SET4D7.tmp

c:\windows\system32\SET4E7.tmp

c:\windows\system32\SET4E8.tmp

c:\windows\system32\SET4EA.tmp

c:\windows\system32\SET4EB.tmp

c:\windows\system32\SET4EE.tmp

c:\windows\system32\SET4F3.tmp

c:\windows\system32\SET4F5.tmp

c:\windows\system32\SET4FC.tmp

c:\windows\system32\SET4FD.tmp

c:\windows\system32\SET4FE.tmp

c:\windows\system32\SET500.tmp

c:\windows\system32\SET501.tmp

c:\windows\system32\SET502.tmp

c:\windows\system32\SET503.tmp

c:\windows\system32\SET505.tmp

c:\windows\system32\SET507.tmp

c:\windows\system32\SET508.tmp

c:\windows\system32\SET50A.tmp

c:\windows\system32\SET50D.tmp

c:\windows\system32\SET50F.tmp

c:\windows\system32\SET514.tmp

c:\windows\system32\SET515.tmp

c:\windows\system32\SET51D.tmp

c:\windows\system32\SET524.tmp

c:\windows\system32\SET529.tmp

c:\windows\system32\SET52C.tmp

c:\windows\system32\SET52F.tmp

c:\windows\system32\SET531.tmp

c:\windows\system32\SET537.tmp

c:\windows\system32\SET53A.tmp

c:\windows\system32\SET53B.tmp

c:\windows\system32\SET53F.tmp

c:\windows\system32\SET540.tmp

c:\windows\system32\SET544.tmp

c:\windows\system32\SET545.tmp

c:\windows\system32\SET548.tmp

c:\windows\system32\SET54A.tmp

c:\windows\system32\SET54C.tmp

c:\windows\system32\SET54F.tmp

c:\windows\system32\SET552.tmp

c:\windows\system32\SET556.tmp

c:\windows\system32\SET558.tmp

c:\windows\system32\SET55A.tmp

c:\windows\system32\SET6B1.tmp

c:\windows\system32\SET6B7.tmp

c:\windows\system32\SET767.tmp

c:\windows\system32\SET768.tmp

c:\windows\system32\SET769.tmp

c:\windows\system32\SET76B.tmp

c:\windows\system32\SET76D.tmp

c:\windows\system32\SET76F.tmp

c:\windows\system32\SET771.tmp

c:\windows\system32\SET777.tmp

c:\windows\system32\SET778.tmp

c:\windows\system32\SET77B.tmp

c:\windows\system32\SET784.tmp

c:\windows\system32\SET785.tmp

c:\windows\system32\SET786.tmp

c:\windows\system32\SET788.tmp

c:\windows\system32\SET789.tmp

c:\windows\system32\SET78A.tmp

c:\windows\system32\SET78B.tmp

c:\windows\system32\SET78C.tmp

c:\windows\system32\SET78E.tmp

c:\windows\system32\SET78F.tmp

c:\windows\system32\SET790.tmp

c:\windows\system32\SET793.tmp

c:\windows\system32\SET79A.tmp

c:\windows\system32\SET79B.tmp

c:\windows\system32\SET79C.tmp

c:\windows\system32\SET79D.tmp

c:\windows\system32\SET79F.tmp

c:\windows\system32\SET7A1.tmp

c:\windows\system32\SET7A3.tmp

c:\windows\system32\SET7A7.tmp

c:\windows\system32\SET7AA.tmp

c:\windows\system32\SET7AC.tmp

c:\windows\system32\SET7AD.tmp

c:\windows\system32\SET7AE.tmp

c:\windows\system32\SET7B0.tmp

c:\windows\system32\SET7B5.tmp

c:\windows\system32\SET7B6.tmp

c:\windows\system32\SET7B7.tmp

c:\windows\system32\SET7B8.tmp

c:\windows\system32\SET7B9.tmp

c:\windows\system32\SET7BC.tmp

c:\windows\system32\SET7BF.tmp

c:\windows\system32\SET7C4.tmp

c:\windows\system32\SET7C5.tmp

c:\windows\system32\SET7C6.tmp

c:\windows\system32\SET7C8.tmp

c:\windows\system32\SET7CB.tmp

c:\windows\system32\SET7CC.tmp

c:\windows\system32\SET7CD.tmp

c:\windows\system32\SET7D3.tmp

c:\windows\system32\SET7D4.tmp

c:\windows\system32\SET7D7.tmp

c:\windows\system32\SET7DA.tmp

c:\windows\system32\SET7DB.tmp

c:\windows\system32\SET7E4.tmp

c:\windows\system32\SET7E5.tmp

c:\windows\system32\SET7E8.tmp

c:\windows\system32\SET7EA.tmp

c:\windows\system32\SET7EB.tmp

c:\windows\system32\SET7EC.tmp

c:\windows\system32\SET7ED.tmp

c:\windows\system32\SET7EE.tmp

c:\windows\system32\SET7EF.tmp

c:\windows\system32\SET7F3.tmp

c:\windows\system32\SET7FF.tmp

c:\windows\system32\SET804.tmp

c:\windows\system32\SET805.tmp

c:\windows\system32\SET806.tmp

c:\windows\system32\SET808.tmp

c:\windows\system32\SET809.tmp

c:\windows\system32\SET80A.tmp

c:\windows\system32\SET80D.tmp

c:\windows\system32\SET80E.tmp

c:\windows\system32\SET812.tmp

c:\windows\system32\SET813.tmp

c:\windows\system32\SET816.tmp

c:\windows\system32\SET817.tmp

c:\windows\system32\SET818.tmp

c:\windows\system32\SET81A.tmp

c:\windows\system32\SET81E.tmp

c:\windows\system32\SET81F.tmp

c:\windows\system32\SET820.tmp

c:\windows\system32\SET827.tmp

c:\windows\system32\SET828.tmp

c:\windows\system32\SET82E.tmp

c:\windows\system32\SET82F.tmp

c:\windows\system32\SET830.tmp

c:\windows\system32\SET831.tmp

c:\windows\system32\SET833.tmp

c:\windows\system32\SET838.tmp

c:\windows\system32\SET839.tmp

c:\windows\system32\SET83F.tmp

c:\windows\system32\SET845.tmp

c:\windows\system32\SET847.tmp

c:\windows\system32\SET849.tmp

c:\windows\system32\SET84A.tmp

c:\windows\system32\SET84B.tmp

c:\windows\system32\SET84E.tmp

c:\windows\system32\SET850.tmp

c:\windows\system32\SET856.tmp

c:\windows\system32\SET858.tmp

c:\windows\system32\SET859.tmp

c:\windows\system32\SET85C.tmp

c:\windows\system32\SET85E.tmp

c:\windows\system32\SET861.tmp

c:\windows\system32\SET866.tmp

c:\windows\system32\SET870.tmp

c:\windows\system32\SET872.tmp

c:\windows\system32\SET873.tmp

c:\windows\system32\SET874.tmp

c:\windows\system32\SET87B.tmp

c:\windows\system32\SET87C.tmp

c:\windows\system32\SET87F.tmp

c:\windows\system32\SET880.tmp

c:\windows\system32\SET881.tmp

c:\windows\system32\SET882.tmp

c:\windows\system32\SET883.tmp

c:\windows\system32\SET885.tmp

c:\windows\system32\SET886.tmp

c:\windows\system32\SET887.tmp

c:\windows\system32\SET889.tmp

c:\windows\system32\SET88A.tmp

c:\windows\system32\SET88B.tmp

c:\windows\system32\SET88D.tmp

c:\windows\system32\SET890.tmp

c:\windows\system32\SET895.tmp

c:\windows\system32\SET896.tmp

c:\windows\system32\SET897.tmp

c:\windows\system32\SET89C.tmp

c:\windows\system32\SET89D.tmp

c:\windows\system32\SET89E.tmp

c:\windows\system32\SET8A0.tmp

c:\windows\system32\SET8A3.tmp

c:\windows\system32\SET8A5.tmp

c:\windows\system32\SET8A6.tmp

c:\windows\system32\SET8A9.tmp

c:\windows\system32\SET8AA.tmp

c:\windows\system32\SET8AD.tmp

c:\windows\system32\SET8B0.tmp

c:\windows\system32\SET8B1.tmp

c:\windows\system32\SET8B3.tmp

c:\windows\system32\SET8B8.tmp

c:\windows\system32\SET8BA.tmp

c:\windows\system32\SET8BD.tmp

c:\windows\system32\SET8C0.tmp

c:\windows\system32\SET8C1.tmp

c:\windows\system32\SET8C2.tmp

c:\windows\system32\SET8C3.tmp

c:\windows\system32\SET8C6.tmp

c:\windows\system32\SET8C7.tmp

c:\windows\system32\SET8CD.tmp

c:\windows\system32\SET8CE.tmp

c:\windows\system32\SET8D0.tmp

c:\windows\system32\SET8D1.tmp

c:\windows\system32\SET8D7.tmp

c:\windows\system32\SET8D8.tmp

c:\windows\system32\SET8D9.tmp

c:\windows\system32\SET8DA.tmp

c:\windows\system32\SET8DB.tmp

c:\windows\system32\SET8DC.tmp

c:\windows\system32\SET8DE.tmp

c:\windows\system32\SET8E0.tmp

c:\windows\system32\SET8E3.tmp

c:\windows\system32\SET8EB.tmp

c:\windows\system32\SET8ED.tmp

c:\windows\system32\SET8EF.tmp

c:\windows\system32\SET8F0.tmp

c:\windows\system32\SET8F1.tmp

c:\windows\system32\SET8F3.tmp

c:\windows\system32\SET8F5.tmp

c:\windows\system32\SET8FA.tmp

c:\windows\system32\SET8FC.tmp

c:\windows\system32\SET8FD.tmp

c:\windows\system32\SET902.tmp

c:\windows\system32\SET90D.tmp

c:\windows\system32\SET910.tmp

c:\windows\system32\SET911.tmp

c:\windows\system32\SET912.tmp

c:\windows\system32\SET915.tmp

c:\windows\system32\SET91D.tmp

c:\windows\system32\SET924.tmp

c:\windows\system32\SET926.tmp

c:\windows\system32\SET92F.tmp

c:\windows\system32\SET931.tmp

c:\windows\system32\SET934.tmp

c:\windows\system32\SET946.tmp

c:\windows\system32\SET94A.tmp

c:\windows\system32\SET94C.tmp

c:\windows\system32\SET94E.tmp

c:\windows\system32\SET954.tmp

c:\windows\system32\SET955.tmp

c:\windows\system32\SET958.tmp

c:\windows\system32\SET963.tmp

c:\windows\system32\SET964.tmp

c:\windows\system32\SET966.tmp

c:\windows\system32\SET96C.tmp

c:\windows\system32\SET96E.tmp

c:\windows\system32\SET96F.tmp

c:\windows\system32\SET971.tmp

c:\windows\system32\SET974.tmp

c:\windows\system32\SET975.tmp

c:\windows\system32\SET979.tmp

c:\windows\system32\SET980.tmp

c:\windows\system32\SET983.tmp

c:\windows\system32\SET985.tmp

c:\windows\system32\SET98B.tmp

c:\windows\system32\SET994.tmp

c:\windows\system32\SET995.tmp

c:\windows\system32\SET999.tmp

c:\windows\system32\SET99B.tmp

c:\windows\system32\SET99C.tmp

c:\windows\system32\SET99D.tmp

c:\windows\system32\SET9A9.tmp

c:\windows\system32\SET9AE.tmp

c:\windows\system32\SET9B4.tmp

c:\windows\system32\SET9C4.tmp

c:\windows\system32\SET9C5.tmp

c:\windows\system32\SET9CA.tmp

c:\windows\system32\SET9D4.tmp

c:\windows\system32\SET9E3.tmp

c:\windows\system32\SET9E4.tmp

c:\windows\system32\SET9E6.tmp

c:\windows\system32\SET9E7.tmp

c:\windows\system32\SET9EA.tmp

c:\windows\system32\SET9EF.tmp

c:\windows\system32\SET9F1.tmp

c:\windows\system32\SET9F8.tmp

c:\windows\system32\SET9F9.tmp

c:\windows\system32\SET9FA.tmp

c:\windows\system32\SET9FC.tmp

c:\windows\system32\SET9FD.tmp

c:\windows\system32\SET9FE.tmp

c:\windows\system32\SET9FF.tmp

c:\windows\system32\SETA01.tmp

c:\windows\system32\SETA03.tmp

c:\windows\system32\SETA04.tmp

c:\windows\system32\SETA06.tmp

c:\windows\system32\SETA07.tmp

c:\windows\system32\SETA09.tmp

c:\windows\system32\SETA0B.tmp

c:\windows\system32\SETA10.tmp

c:\windows\system32\SETA11.tmp

c:\windows\system32\SETA19.tmp

c:\windows\system32\SETA20.tmp

c:\windows\system32\SETA25.tmp

c:\windows\system32\SETA28.tmp

c:\windows\system32\SETA2B.tmp

c:\windows\system32\SETA2D.tmp

c:\windows\system32\SETA31.tmp

c:\windows\system32\SETA33.tmp

c:\windows\system32\SETA34.tmp

c:\windows\system32\SETA38.tmp

c:\windows\system32\SETA39.tmp

c:\windows\system32\SETA3D.tmp

c:\windows\system32\SETA3E.tmp

c:\windows\system32\SETA41.tmp

c:\windows\system32\SETA43.tmp

c:\windows\system32\SETA45.tmp

c:\windows\system32\SETA48.tmp

c:\windows\system32\SETA4B.tmp

c:\windows\system32\SETA4F.tmp

c:\windows\system32\SETA51.tmp

c:\windows\system32\SETA53.tmp

c:\windows\system32\SETBA2.tmp

c:\windows\system32\SETBA8.tmp

c:\windows\system32\SETD141.tmp

c:\windows\system32\SETD169.tmp

c:\windows\system32\SETD16B.tmp

c:\windows\system32\SETD17A.tmp

c:\windows\$NtUninstallKB21333$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NM

-------\Legacy_NWSAPAGENT

-------\Legacy_RAYSAT3_4_6_18SERVER

-------\Service_nm

-------\Service_NwSapAgent

.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-03 02:05 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-04-18 00:33 . 2012-04-18 00:33 -------- d-----w- c:\windows\system32\tempdir

2012-04-18 00:33 . 2009-03-18 18:54 1103360 ----a-w- c:\windows\system32\cidfont.dll

2012-04-18 00:33 . 2005-05-31 07:25 1503232 ----a-w- c:\windows\system32\ptj.exe

2012-04-18 00:33 . 2007-06-27 20:15 4369408 ----a-w- c:\windows\system32\pdftk.exe

2012-04-18 00:33 . 2012-04-18 01:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-04-14 23:26 . 2012-04-14 23:27 -------- d-----w- c:\program files\HRBlock2011

2012-04-12 02:22 . 2012-04-14 07:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 07:03 . 2011-05-19 16:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-20 17:11 . 2011-05-13 04:11 151880 ----a-w- c:\windows\system32\mfevtps.exe

2012-02-22 17:29 . 2011-05-13 04:22 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 17:29 . 2011-05-13 04:21 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-02-22 17:29 . 2011-05-13 04:21 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 17:29 . 2011-05-13 04:21 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-02-22 17:29 . 2011-05-13 04:21 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 17:29 . 2011-05-13 04:21 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 17:29 . 2011-03-13 15:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-02-22 17:29 . 2007-02-09 04:28 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-02-22 17:29 . 2007-02-09 04:28 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 17:29 . 2007-02-09 04:28 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2006-06-01 21:39 . 2006-06-01 21:39 774144 ----a-w- c:\program files\RngInterstitial.dll

2009-07-27 13:02 . 2007-05-10 17:14 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2009-07-27 13:02 . 2007-05-10 17:14 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2009-07-27 13:02 . 2008-03-21 01:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2008-03-21 01:04 . 2008-03-21 01:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2006-11-22 20:18 . 2006-11-22 20:18 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2006-11-22 20:18 . 2006-11-22 20:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll

2012-03-19 20:55 . 2011-05-14 02:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-22 03:15 . 2008-09-03 14:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 18:01 . 2011-05-13 04:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys

[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys

[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2011-03-24 15:59 . 0F3FA9FDB976C567EC0491685CF4FDF7 . 912344 . . [1.9.2.16] . . c:\windows\ERDNT\cache\firefox.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]

"HostManager"="c:\program files\Common Files\AOL\1182480163\ee\AOLSoftware.exe" [2010-03-08 41800]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-28 273544]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\documents and settings\Vito\Start Menu\Programs\Startup\

eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]

QuickImportOEHelper.lnk - c:\program files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe [2007-6-29 10752]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Automatic E-Mail Printing.lnk - c:\program files\INETPRN\INETPRN1.EXE [2006-7-8 411648]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-28 24576]

HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

HOTSYNCSHORTCUTNAME.lnk - c:\program files\Handspring\Hotsync.exe [N/A]

Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2007-4-26 73728]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]

Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Common Files\\AOL\\1182480163\\ee\\aolsoftware.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\apache.exe"=

"c:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Vito\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/13/2011 12:21 AM 89792]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 4:18 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2011 9:11 AM 652360]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/13/2011 12:11 AM 151880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2011 9:11 AM 20464]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/13/2011 12:21 AM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/13/2011 12:21 AM 83856]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/13/2011 12:21 AM 214904]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/13/2011 12:22 AM 161632]

S2 pcouffin;FA312;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]

S2 Wusage;Wusage;c:\program files\Wusage8\wusages.exe [3/28/2008 5:43 PM 5285472]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:22 PM 253088]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/13/2011 12:21 AM 57600]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 10:47 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/13/2011 12:21 AM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/13/2011 12:21 AM 87656]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

SNTIE

SaiClass

imaservice

usnsvc

sr_watchdog

vstor2-ws60

MRESP50a64

wltwo51b

btwusb

MA-620

srtspx

PhilCam8116_XP

syslogd

RR2Ctrl

W8100PCI

bt3cusb

bthidmgr

siskp

tfsncofs

avp

jaguar

HssDrv

cis1284

p2pimsvc

p17xfilt

msftpsvc

NWUSBPort

LMS

kpfwsvc

se44mdm

USBDeviceService

MRESP50

FireTDI

cpucoolserver

mpfirewl

purgeieservice

SymIM

vet-rec

RushTopDevice

incdsrv

firelm01

cwbrxd

Sntnlusb

adihdaudaddservice

NwSapAgent

bc_tdi_f

incdrec

lxcgcustomerconnect

hpqcxs08

v124

AsIO

HpqKbFiltr

nimcdfxk

NETw3v32

s716mdm

msmframework

usbsermpt

sis162u

SI3112

revudfservice

ppped

mod7700

el90xbc

spcstb

vmauthdservice

aslm75

oracle_load_balancer_60_server-forms6ip14

PCASp50

QWAVEDRV

usbohci

NCPro

MMRTKRNL

SWUMX20

savrtpel

nsausvc

fah@c:+fah+fah-service+fah502-console.exe

elockservice

trioservice

sweepsrv.sys

HssTrayService

DCamUSBDXGTech

licensemanagersocket

oracle_load_balancer_60_server-forms6i

iAimFP6

se58obex

hddsvc

symantecantibotagent

brmfrmps

qfcoresvc

sfcure01

z800obex

CSRBC

slave

pavsrv

epfwtdi

symdns

btdriver

FETNDIS

iwebcal

jsdaemon

bgsvcgen

openldap-slapd

nmraapache

ma_cmidi_installerservice

w200mdfl

usbatapi2000

s616mgmt

fa_scheduler

cyberpowerups

mi-raysat_3dsmax9_32

umpusbxp

elosystemservice

mcredirector

webrootenterpriseclientservice

PID_08A0

USB28xxOEM

ser2pl

epson_pm_rpcv2_01

dot4print

fasttrackinstallerservice

usb_rndisx

tmlisten

Exportit

SE27mdm

MTDVC2_ENUM

pdlnslea

lxcr_device

wlmel51b

SQLAgent$LG_LP2

slpmonx

w550mgmt

ibmsmbus

clmtomcatstartersvc

psimsvc

wacommousefilter

DeviceScanner

JGOGO

vrservice

lmimirr

astcc

asuskeyboardservice

lemsgt

int15

SE2Dmgmt

profos

wandrv

IntelC51

CoachUsb

aavmker4

cpqfcalm

w39n51

tb2launch

npptnt2

rtl8187Se

atksgt

O2SCBUS

ss_mdfl

ptserial

dlcj_device

wwsecsvc

cfosspeed

s3psddr

sglfb

rnadirmultiplexor

wlsetupsvc

vmx86

ithsgt

zdeviceservice

PID_PEPI

netmdsb

CTMSHD

CX88AUD

s117unic

lcs

rnadiagreceiver

xcomm

mrobeservice

bcm4sbxp

dlbt_device

XAudio

cacheserver

se59mgmt

sisidex

iaimfp0

NWADI

iteatapi

UsbserFilt

Sk9920nt

digisptiservice

mindretrieve

k750mdfl

basic2

RivaTuner32

GBDevice

roxmediadb9

nlsvc

ati2mpaa

FiltUSBEMPIA

CamAv

avipbb

symsecureport

dptrackerd

cpntsrv

wampmysqld

lvcomser

agentsrv

proxyhostdriver

S3GIGP

CBN

pinnacleupdatesvc

dot4

NOWMEMDF

ipcsvc

mwagent

oracleorahome811cman

snapman380

L8042mou

tosrfnds

curtainssyssvc

se44obex

merakpop3

nisum

lwwlicenseservice

vpcvmm

kpf4

o2flash

protexislicensing

commserver

SlWdmSup

crystaloutputfileserver

fsaua

axsnmsvc

dlbu_device

hpzius12

GTSCSER

bh611

UMAXPCLS

sdhelper

iaimtv2

lanusb

bc_ip_f

Maplom

btwmodem

AMDPCI

VAIOMediaPlatform-MusicServer-UPnP

cmdmon

TOSHIBASoftModem

ulcdrhlp

ASDR

HPFXBULK

s217mgmt

NVR0Dev

hidbatt

rampartsvc

se44nd5

spbbcsvc

Xyz777s

teefer2

p1131vid

w200obex

slssvc

lvmvdrv

szkg

SaiNtBus

enecbpth

ikhlayer

webrootadminconsole

generichidservice

cxpt_service

msfwsvc

vpctcom

netcfgsvr

RMSvc

ibmpmsvc

oracleservicelocalora

npkcusb

cebdaldr

guardian2

uisp

rasirda

ghostsec

AppnBase

mstdc

P16X

nimcrpcsu

LPCFilter

Hotkey

TMHIDSRV

EPSON_EB_RPCV4_01

cics.region1

MA_CMIDI

vhidmini

slimsvc

hpt3xx

mlkkbdntdriver

MTC0001_ESB

s116mgmt

DfwWebAgent

sagefserver

epsonbidirectionalservice

rrspy

se58mdm

dbmang

mctaskmanager

utscsi

NICM

nsctop

alcxsens

pcidrv

lgsnd_filter

ialm

WINFLASH

DCamUSBMke2

upnp

avgntflt

NWDNS

CTDevice_Srv

s616mdm

NWSAP

dsNcAdpt

pktfilter

mcmispupdmgr

ccflic0

M3AD

iclarityqosservice

svv

ATIVTUTW

vncdrv

csctl50

tmtdi

bdselfpr

avgarcln

penclass

smstsmgr

nicser_wmp11

Cam5607

cpqnicmgmt

avgcoresvc

plsremotesvc

EACSys

IntuitUpdateService

w810mgmt

Ptserlp

wfxsvc

mpe

tdrpman

iaimfp1

MA8032U

pmj151la

pserve

nnsvc

PGPwded

rt2500usb

sfrem01

iAimFP7

pacsptisvr

sifilter

BrSerIf

sprtsvc_smartagent

C-Dilla

dnetc

hsf_msft

ifxtcs

raidmagt

qconsvc

DivisCTS

cobbmservice

TPwSav

atiavpci

transcode360

actser

Cinemsup

lktimesync

s125obex

mps9

mssql$microsoftbcm

tandpl

konfig

niorbk

ppa3

c-dillasrv

TMBMServer

dbustrcm

lxdm_device

VNUSB

AVerBDA

s217unic

avcgbdr

aksfridge

tfsndrct

Freedom

hap16v2k

qcdonner

EAWDMFD

ATKGFNEXSrv

vmnetadapter

HIDSwvd

se2Bnd5

navapsvc

Xyz777b

FTDIBUS

eeyeevnt

pop3d32

rpaservice

LMIRfsDriver

nsysaudm

srescan

ispwdsvc

ngdbserv

icam4usb

JRAID

EQDRV5

MTDVC2

oracleoradb10g_home1isql*plus

tiwlnsvc

XilinxPC4Driver

quickhealfirewall

MobilePreInstallerService

ehstart

sdcoreservice

sis315

ahcix86s

GVCplDrv

vaiomediaplatform-mobile-gateway

coste

smartwiservice

tversitymediaserver

idisw2km

E1000

buslogic

{a7447300-8075-4b0d-83f1-3d75c8ebc623}

MSTAPE

ggsemc

ofcpfwsvc

se45nd5

pdlnemap

SE2Ebus

MSIRCOMM

stylexpservice

ssisvr32

risdptsk

TICalc

PAR1284

brmfbags

fssfltr

HSX_DP

inort

issvc

cvintdrv

smbusp

aexnsclienttransport

grmnusb

vds

DC21x4

w200mgmt

servidor

ltxred

roxupnpserver

tbaspi

se2Bunic

bcoreusb

USIUDF

imagedrv

CA561

rimsptsk

sscdserd

prevxdriver

beatjammusicstreamingserver

wlankeeper

vmount2

iaimtv0

se44mgmt

Si3132r5

APLMp50

z800mdfl

crystalinputfileserver

psdistributionagent

webfilter

savrt

PTDCBus

pcnet

AR5416

hpzipr12

WUSB54GCSVC

As6frin

snareiis

w22n51

vvoice

mgactrl

jtagserver

se2Cunic

raidmsvr

ssm_mdm

procexp111

JiaoIO

EhttpSrv

tpkd

ikfileflt

adfs

vetfddnt

mcontrol

db2remotecmd

zunenetworksvc

TMKEmu

tsmservice

symsnap

UlSata

truecrypt

XBCD

SED133x

cpsvc

prevxagent

oracleorahomeclientcache

MSFWHLPR

fsssvc

yukonwlh

W700mdfl

elnkservice

DSI_SiUSBXp_3_1

ageremodemaudio

dntus26

roxliveshare9

pdlnatcm

lsdiorw

WNCPKT

w810obex

mcafeeframework

swupdtmr

omnidrv

flashcomadmin

sbiesvc

btwavdt

rapapp

AGV

ZTEusbser6k

k750bus

SE2Dobex

compbatt

lhidflt2

VAIOMediaPlatform-PhotoServer-UPnP

BTSLBCSP

StreamDispatcher

MtxDma0

lbtserv

mi-raysat_3dsMax2008_32

SRTSP

outpostfirewall

MSCamSvc

RalinkRegistryWriter

vwlogger

blueletaudio

DCamUSBEMPIA

iAimTV5

carboniteservice

awhost32

asapiw2k

ssscsisv

djsnetcn

SE26obex

i81x

W700bus

CoolerXPDriver

retrolauncher

vwd

mbmiodrvr

iolo_srv

dashsvc

richvideo

ami0nt

symantecantibotshim

se58unic

yediex

relational

usr11g

pdlnsv25

omniinet

vet-filt

rdnaoflsvc

clientservice

ql2100

procdd

cmuda3

EKECioCtl

CdaD10BA

qcmerced

tcpip6

cygserver

antivirservice

rtl8185

carboncopy32

ClntMgmt.sys

nvrd64

lvckap

Usb20Scan

crcdisk

nvax

ASNDIS5

U81xmdm

knobserv

TMMEmu

netw4x32

fasttx2k

amfilter

dwusbdnt

siswlsvc

DCamUSBMke

Intels51

rtm

vwkernel

HSFHWICH

ac97intc

addfiltr

SenFiltService

ZSMC303

afs2k

db2licd

regspy

s616bus

portmapper

NICSer_WPC300N

ctxcpuusync

HPSLPSVC

nmwcd

vc5secs

w810mdfl

AEADIFilters

ovsecurityserver

crauto

tdcmdpst

vnxservice

dphost

forcewarewebinterface

gdihook5

rt61

nimxdfk

BCMWLNPF

btserial

dlbx_device

TUWinStylerThemeSvc

mwssched

fix

epgspooler

mapserver6.3

cpqvcagent

webrootspysweeperservice

NxFsMon

AR5523

elagopro

cltnetcnservice

backuplauncher

se27unic

ssrtln

svcwmu

lvpr2mon

fsdfwd

cics.region2

mfetdik

smcservice

avgtdi

rt73

orbmediaservice

ASInsHelp

iirsp

LCcfltr

oracleorahome92tnslistener

smrt

paamsrv

alertmanager

PGPdisk

usbser

hap17v2k

UBHelper

ErrDev

aswtdi

RAPIProtocol

GcKernel

dwmrcs

artdhcp

NvNdis

OVT511Plus

itmrtsvc

logmein

zebrsce

WaveEnrollmentService

mssql$microsoftsmlbiz

qbcfmonitorservice

tunmp

dklogger

vpn5000service

v2imount

hnmsvc

ACDaemon

pavatscheduler

ccevtmgr

atimtag

ncupdatesvc

WIBUKEY

rxmssync

VirtualCam

pdlnshay

bobo

dcfssvc

nod32krn

diskperf

minilog

nv4

amdk77

omniusb

mcstrm

se58bus

ZDPSp50

KLOGNT

ovt519

avpnnic

samfilt

smartscaps

arrayssl_vpn_service3,0,1,9

R300

Rawwan

LHidFilt

mclogmanagerservice

cpqfws2e

smsmdd

avg7rsxp

vsapint

ossrv

ovmsmaccessmanager

NuidFltr

ntcharge

CDRPDACC

BootScreen

SE2Dmdm

msftesql

vaiomediaplatform-photoserver-appserver

videoacceleratorengine

aaksrv

pwisvc

tones

cdudf_xp

DCFS2K

mrvw245

sentinelprotectionserver

LPDSVC

anbmservice

tosrfbnp

mstdfrgs

Sunkfiltp

winpppoverethernet

CXTUNE

scdemu

igniteservice.exe

entertainment

eelogsvc

portio

rbfilter

imap4d32

mssqlserverolapservice

cdvp

efs

iaimtv4

softfax

sandboxu

oracleorahomedatagatherer

z525mgmt

vmnetdhcp

Wdf01000

ihcservice

KMW_SYS

ipsecmon

db2jds

se58nd5

EACSvrMngr

whoisd32

sfilter

s3savagemx

db2das00

NVXBAR

blueletscoaudio

bb-run

cq_mem

pae_avs

pavagente

askernel

TcUsb

magictuneengine

icraplus

msgame

wmconnectcds

cpqdmi

pdlndldl

CTSBLFX.DLL

iam

nbservice

Mtlmnt5

aliadwdm

bc_pat_f

lxcccustomerconnect

Blfp

ldlcserv

oraclexeclragent

STV680

icepack

AlKernel

U81xbus

pae_1394

schscnt

websensecpmcommunicationagent

s716mgmt

QWAVE

sonicwall_netextender

ftrtsvc

winachsx

ndiscm

FirePM

Xponaut_WBD

s117mgmt

ptbsync

s3ssavage

rollbackclientservice

useraccess7

se44unic

sansaservice

nmwcdc

nvmd

rpcapd

hibernation

pxfhmdfl

sshrmd

Stltrk2k

HWSCtrl

Pctspk

AVCamUSB20

snare

wanusb

thpsrv

usb20l

sscdbhk5

g400

SaiNtHid

smtpd32

CE3

mvdcodec

procexp90

yukonwxp

se26unic

SABProcEnum

Cap7134

wampapache

ASLDRService

acmservice

surveyor

emAudio

iAimFP5

olregcap

Spsmqvsm

imountsrv

purendis

pimsgss

EpmPsd

AeLookupSvc

merakcontrol

websensecommunicationagent

VRcore

rtl8023

s116mdfl

telnet

sympxsvc

winss

dnserver32

procmon10

bdpredir

suservice

oracleservicesecinst

lexbces

ASMMAP

ssfs0509

UDFReadr

CAMFLT

SWNC8U51

iAimTV6

amdk7

cxlpt

iPassPeriodicUpdateService

sony_ssm.sys

pcouffin

smserial

ngserver

AffinegyService

DMICall

RTSTOR

websensewfreportserver

Wbutton

msvsmon90

SQLAgent$MICROSOFTSMLBIZ

phc600

keriomailserver

mcdetect.exe

wpshelper

hsxhwazl

db2governor

TuneUp.Defrag

dkeysync

3dkeybd

napagent

SeratoUsb

trlokom_rmhsvc

iPassP

IOSLINK

beatjamupnpmusicserver

sskbfd

kservice

_iomega_active_disk_service_

ssm_mdfl

adiusbaw

tmesrv3

bcm43xx

milshieldcleaner

DM9102

ssmdrv

hpdskflt

ccalib8

SNPSTD3

WmaCDriverV32

rslinxng

pduip6000dmemcrdmgr

crystalaps

tifsfilter

sbhooksvc

networkx

igfx

NsTrcNT

BASFND

hSONYPVh

wmp54gsvc

shdserv

SbcpHid

QPSched

vmnetbridge

NAL

SMCB000

twotrack

motoswitchservice

s125mgmt

service1

nbf

nwcworkstation

winpowerrmi

edspport

com0com

Invoker

ntpr_nic_service2

authsyssvc

gameenum

tcpipBM

UNDPX2A

{d31a0762-0ceb-444e-acff-b049a1f6fe91}

uleadburninghelper

WmVirHid

SE2Emdfl

MagicTune

WmFilter

snac

xnacc

VX1000

hwdatacard

wtwservice

cusrvc

iap

arcltsrv

Amsmpu4p

sfhlp01

BUFADPT

MTsensor

lxdj_device

agrsrvce

pinnaclesys.mediaserver

ibmpmdrv

lp6nds35

FsVga

SiSRaid2

enum1394

DCamUSBSQTECH

lmouflt2

pepifilter

ISODrive

mr2kserv

w300bus

SWMX00

ZTEusbnmea

zebrbus

SMTPSVC

oraclemtsrecoveryservice

DELTA

hdaudaddservice

aswrdr

adaptecstoragemanageragent

USRpdA

wpsdrvnt

PCDCODEC

avsinc

tsircsrv

DSDrv4

mirrorv3

PSDFilter

cmdagent

mwstick

FlexBios

atimpab

c-dillacdac11ba

lvupdtio

bjmcmng

OracleOraHome92ClientCache

nscservice

wusb54gv2svc

AppnApi

SaiNtSub

rvsinst

pdlnsx25

NWHOST

dlcg_device

mmc_2K

MaVctrl

patrol_scheduler

ifp800

Defrag32

IASJet

unrealircd

pfmodnt

sit_bus

3combootp

raysatxsi5_0server

websensecamserver

hcwPP2

noipducservice

nipsvc

tfsnboio

a8djusb

s7oppitx

se45mgmt

sonypvu1

allegro

oracleorahomehttpserver

GV600_4

dtscsi

PSI_SVC_2

NICSer_WPC54G

emu10k

icdsptsv

wg3n

FGDSCSI

ctxcpusched

z800mgmt

usbvm321

nmwcdcm

videX32

pnkbstra

sp_clamsrv

WmBEnum

captureservice

vmkbd2

sisnic

MREMP50a64

pclepci

PNDIS5

msvad_simple

viairda

PXRDDriver

SPFDRV

zpnodecollector

z525mdm

dsncservice

qbfcservice

MSW_USB

pcampr5

lightscribeservice

vmodem

lockmgr

appnnode

marvinbus

DNE

pca

EUSBMSD

pdlndoem

pav_security

vmm

oracle_load_balancer_60_server-forms6ip9

ATIBTCAP

backupexecalertserver

pctfw1

s217mdm

Ncrc710

InCDsrvR

atmeltpm

dnwhodisp

protectionservice

aswlsvc

klif

wlancig

se26nd5

clisvc

w550mdfl

nidomainservice

SiS300i

CX23880

omniusbl

pctoolsfirewallplus

wmdmpmsp

penrendezvous

wencrservice

adpu320

IPFilter

resourcemanagermail

VCIDRV

ARSVC

NSSvcMgr

avgascln

taphss

naveng

nimcdlbk

BCMTPM

CdaC15BA

elnkupdateservice

monfilt

F700isw

symwsc

arhidfltr

nHancer

SE2Cbus

ATIVXSTW

ceepwrsvc

aracpi

WmUsbHid

ood2000

p3

savscan

w800mgmt

opcenum

MSFWDrv

navex15

NWSIPX32

ashampoodefragservice

ctxcpubal

elotouchscreen

tavsvc

MXOFX

npapimon

w800mdfl

iwebmsg

NTIDrvr

prosync1

ctdvda2k

ICM10USB

prohlp02

pdlndqll

scarddrv

icollectservice

hpwirelessmgr

RTLE8023xp

pctavsvc

CTAUDFX.DLL

HFACSVC

tpkmpsvc

pdscheduler

dvpapi

cwafrmiregistry

jobserver_report

intcazaudaddservice

ibmcicstransactiongateway

SE2Cmdfl

sglogplayer

ufad-ws60

rxfilter

pivotmou

pdfcreatormessages

picturetaker

pnmsrv

pivot

ipassconnectengine

snapman

BsHelpCS

DVDRC

incdrm

NMSCFG

bltrust

trayman

dot4ufd

wmccdsls

SimpTcp

SE2Cobex

ss_bus

VAIOMediaPlatform-MusicServer-HTTP

Intel_MIPMNMP

s117mdm

pavreport

enodpl

SPLITCAM

xfilt

imagesrv

USA49W2KP

SE2Emdm

MSICPL

W700mdm

lxct_device

Dfs

NPPTNT

fetnd5bv

mctskshd.exe

ndassvc

meraksmtp

mcusrmgr

pmsveh

LVVI500A

slee_503_service

genmcmn

pnkbstrb

HPFECP20

lxda_device

lckfldservice

InterBaseServer

inorpc

cqmgserv

SprintRcAppSvc

tsscoreservice

mrpostman

A88xXBar

odserv

UsbDiag

houdinilicenseserver

mssql$pinnaclesys

RecAgent

carboncopyscheduler

sptisrv

NxSysMon

SNMP

aswupdsv

lvtuner

ftpqueue

lpds

servicelayer

elbycdio

SNP2STD

wg111nd5

nvlddmkm

toscosrv

usrbridg

tmactmon

ScsiPort

tpsrv

tosrfsnd

cm102u32

Ndisipo

zBackupAssistService

qkbfiltr

ndasbus

wg6n

REVOSENS

zpjobq

Nsynas32

VICESYS

nvgts

ndasscsi

asuskbnt

nmservice

winachcf

prepdrvr

s616nd5

LwUsbHid

trufos

SWUMX51

upsmonservice

spmd

SMNDIS5

inspect

mohfilt

cpqarry2

wcontrol

FreshIO

BRGSp50

smbios

ARPolicy

regdefend

tos_sps32

thotkey

oracleorahome92pagingserver

cdrbsdrv

sysplant

ibmasrex

acsvc

hidgame

cdralw2k

wkscfgsrv

freepops

msi_wlan_service

symfw

admservice

AdobeActiveFileMonitor6.0

VirtualFD

pcdrndisuio

BCM43XV

osaio

nvpvrmon

wm

CoachAud

pcandis5

spmgr

nsm1mdfl

dnsexit

pxfhbus

zfdwm

PAC7302

CTEXFIFX.DLL

mnsframework

Machnm32

phnxvcdservice

tosrfusb

DivisCTP

shuttleengine

viaagp1

sscdbus

PcdrNt

a8djavs

icm10blk

sonytvc

besclient

Ktp

TCtrlIO

rspndr

nvstor32

omci

bgmainsvc

Pnp680r

U81xobex

mvwebserver

sandradatasrv

fingrd32

array_utility_service4,0,1,3

Video3D

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

MHN

BITS

wuauserv

ShellHWDetection

WmdmPmSN

helpsvc

uploadmgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:03]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005Core.job

- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005UA.job

- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]

.

2012-04-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]

.

2012-05-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]

.

2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-09 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-29 16:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB

FF - ProfilePath - c:\documents and settings\Vito\Application Data\Mozilla\Firefox\Profiles\3wlchgzf.Default User\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=

FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25

FF - user.js: extensions.funmoods_i.instlDay - 15371

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - ironto

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

.

------- File Associations -------

.

.txt=

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\\ftpdf_inst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 03:50

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

"ServiceDll"="%systemroot%\system32\CTHWIUT.DLL.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1608)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\docume~1\Vito\LOCALS~1\Temp\IadHide5.dll

c:\program files\Constant Contact\QuickImportOE\QuickImportOEHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\l3codeca.acm

c:\windows\system32\scg726.acm

c:\windows\system32\alf2cd.acm

c:\windows\system32\AC3ACM.acm

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\stsystra.exe

c:\windows\system32\rundll32.exe

c:\program files\Dell Support Center\gs_agent\dsc.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\NMSAccessU.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\wanmpsvc.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

.

**************************************************************************

.

Completion time: 2012-05-09 03:57:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-09 07:56

ComboFix2.txt 2011-04-13 21:35

.

Pre-Run: 20,902,223,872 bytes free

Post-Run: 48,468,447,232 bytes free

.

- - End Of File - - E3FE20CAA3CED8FB33D20091CFFC9A8A

Share this post


Link to post
Share on other sites

Download this file to your flash drive and copy it over to the infected pc before running

Please download and extract the following file. Then double click on it to merge it into the Registry. XPSP2 netsvcs

Share this post


Link to post
Share on other sites

Just to be sure... is this the only file I have to run? XPSP2 netsvcs

Share this post


Link to post
Share on other sites

After that run a new Combifix scan

Share this post


Link to post
Share on other sites

I ran both and the results are still the same. Still connect connect to the internet. Any other suggestions?

Here is the log:

ComboFix 12-05-08.02 - Vito 05/09/2012 14:54:27.3.2 - x86

Running from: F:\iexplore.exe.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-04-18 00:33 . 2012-04-18 00:33 -------- d-----w- c:\windows\system32\tempdir

2012-04-18 00:33 . 2009-03-18 18:54 1103360 ----a-w- c:\windows\system32\cidfont.dll

2012-04-18 00:33 . 2005-05-31 07:25 1503232 ----a-w- c:\windows\system32\ptj.exe

2012-04-18 00:33 . 2007-06-27 20:15 4369408 ----a-w- c:\windows\system32\pdftk.exe

2012-04-18 00:33 . 2012-04-18 01:48 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-04-14 23:26 . 2012-04-14 23:27 -------- d-----w- c:\program files\HRBlock2011

2012-04-12 02:22 . 2012-04-14 07:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 07:03 . 2011-05-19 16:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2006-06-01 21:39 . 2006-06-01 21:39 774144 ----a-w- c:\program files\RngInterstitial.dll

2009-07-27 13:02 . 2007-05-10 17:14 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2009-07-27 13:02 . 2007-05-10 17:14 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2009-07-27 13:02 . 2008-03-21 01:04 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2008-03-21 01:04 . 2008-03-21 01:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2006-11-22 20:18 . 2006-11-22 20:18 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2006-11-22 20:18 . 2006-11-22 20:18 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll

2012-03-19 20:55 . 2011-05-14 02:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-22 03:15 . 2008-09-03 14:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 18:01 . 2011-05-13 04:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys

[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys

[-] 2004-08-10 09:00 . 6A8FF660A23D38CB072AA29C4B55105F . 74752 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2011-03-24 15:59 . 0F3FA9FDB976C567EC0491685CF4FDF7 . 912344 . . [1.9.2.16] . . c:\windows\ERDNT\cache\firefox.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-05-09_07.30.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-05-09 18:53 . 2012-05-09 18:53 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat

+ 2012-05-09 18:53 . 2012-05-09 18:53 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\Vito\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]

"HostManager"="c:\program files\Common Files\AOL\1182480163\ee\AOLSoftware.exe" [2010-03-08 41800]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-28 273544]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\documents and settings\Vito\Start Menu\Programs\Startup\

eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]

QuickImportOEHelper.lnk - c:\program files\Constant Contact\QuickImportOE\QuickImportOEHelper.exe [2007-6-29 10752]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Automatic E-Mail Printing.lnk - c:\program files\INETPRN\INETPRN1.EXE [2006-7-8 411648]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-28 24576]

HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

HOTSYNCSHORTCUTNAME.lnk - c:\program files\Handspring\Hotsync.exe [N/A]

Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2007-4-26 73728]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]

Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Common Files\\AOL\\1182480163\\ee\\aolsoftware.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\apache.exe"=

"c:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Vito\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 4:18 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2011 9:11 AM 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2011 9:11 AM 20464]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]

S2 pcouffin;FA312;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]

S2 Wusage;Wusage;c:\program files\Wusage8\wusages.exe [3/28/2008 5:43 PM 5285472]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:22 PM 253088]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 10:47 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2010 4:46 PM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:03]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:46]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005Core.job

- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199213029-4131653828-3667059065-1005UA.job

- c:\documents and settings\Vito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 17:24]

.

2012-04-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]

.

2012-05-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-09 16:22]

.

2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-199213029-4131653828-3667059065-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-199213029-4131653828-3667059065-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-05-09 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-29 16:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB

FF - ProfilePath - c:\documents and settings\Vito\Application Data\Mozilla\Firefox\Profiles\3wlchgzf.Default User\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=

FF - user.js: extensions.funmoods_i.id - 94771608000000000000001372159c25

FF - user.js: extensions.funmoods_i.instlDay - 15371

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:52

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - ironto

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

.

------- File Associations -------

.

.txt=

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 15:26

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

"ServiceDll"="%systemroot%\system32\CTHWIUT.DLL.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,65,f5,b5,14,5c,90,45,b0,cc,d5,\

.

Completion time: 2012-05-09 15:28:09

ComboFix-quarantined-files.txt 2012-05-09 19:28

ComboFix2.txt 2012-05-09 07:57

ComboFix3.txt 2011-04-13 21:35

.

Pre-Run: 50,215,505,920 bytes free

Post-Run: 50,211,106,816 bytes free

.

- - End Of File - - 49D10C11440E62366770166CE8D31ED0

Share this post


Link to post
Share on other sites

Do this while I'm looking at the scan results

Go to Start > run > type the following into the open run box then press OK

services.msc

•Make sure all the following services are turned on. To turn on a service, click to select the check box.

Application Layer Gateway Service

Network Connections

Network Location Awareness (NLA)

Plug and Play

Remote Access Auto Connection Manager

Remote Access Connection Manager

Remote Procedure Call (RPC)

Telephony

Share this post


Link to post
Share on other sites

Are those services running?

Share this post


Link to post
Share on other sites

some were not and I started them

the only one I could not start is Network Location Awareness. I got an error 1968

Share this post


Link to post
Share on other sites

We won't worry about that one

Still no internet?

Share this post


Link to post
Share on other sites

Click Start> Run> type sfc /scannow Note the space.

(Note that there is a space between sfc and /scannow)

Share this post


Link to post
Share on other sites

I ran it and at one point it stopped and opened a File Protection Window and says: Files that are required for Windows to run properly must be copied to the DLL Cache. Insert your Windows XP Professional CD-Rom now.

Share this post


Link to post
Share on other sites

this is an old PC... do not have it... can I download it from somewhere?

Share this post


Link to post
Share on other sites

Lets keep trying.

Download to your flash drive and copy it to the infected pc's desktop

Download to your Desktop TCPIP_Fix.exe, a self-extracting ZIP archive (for XP only) from here: http://downloads.malwareremoval.com/BillCa...r/TCPIP_Fix.exe

* Double-click TCPIP_Fix.exe.

* Click the "Install" button on the bottom toolbar of the box that will open.

* The program will create a new Folder called TCPIP_Fix.

* Double-click to Open the new Folder, and then double-click the file within: TCPIP_Fix.cmd.

Do not run this more than once, as it will revert any changes made.

* A black box will briefly appear and then close. Reboot your machine and do the following:

* Click Start, click Run, and enter into the command box that opens: CMD and press [Enter]

* Type:

netsh int ip reset resetlog.txt

netsh winsock reset

* A prompt will appear after a moment if the command was done properly. It will state that a restart of your computer is necessary. Reboot your computer.

* You can now delete the download, and the new folder it created -- TCPIP_Fix.

Share this post


Link to post
Share on other sites

Did the first reboot and it is now doing a CHKDSK... it will take a little time...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.