Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected FBI Virus/Malware; No SafeMode [Solved]


  • This topic is locked This topic is locked

#16
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
FSS.txt:

Farbar Service Scanner Version: 27-10-2012
Ran by eamuser (administrator) on 31-10-2012 at 09:57:15
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) RTLTEAMING(8) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


I want you to go into the device manager and uninstall the network card and then restart the computer and let it get reinstalled


gringo
  • 0

#18
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Good morning Gringo,

Ethernet Controller uninstalled via device manager, system restart.
...
Found New Hardware: Ethernet Controller
Found New Hardware Wizard open

Install software automatically or Specific location?
*Note: I have no cd or internet connection for driver download, only drivers I found for this device previously were for Vista systems, not XP [I'm unsure how this system got XP on it in the first place, it's stickered as a Win7 machine with a Win7 Key Sticker on the backside]

Continue automatically for a default Windows Driver?
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
default windows driver
  • 0

#20
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
"The wizard could not find the software on your computer for... Ethernet Controller"

Options:
- Connect to internet & search
- Do not connect

FYI, before coming here and getting your help when I was running off Hiren's Boot CD I was able to connect to the internet quickly using PENetwork.exe, I searched around a bit and found that the integrated ethernet card is of the "Realtek PCIe FE Family Controller" type. Driver found: i386\System32\DRIVERS\Rtenicxp.sys. What might PENetwork be doing differently to access the needed driver than Windows is currently doing?

Instructions?

Edited by cramit02, 31 October 2012 - 09:32 AM.

  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
try going here - http://www.realtek.c...3&GetDown=false

and download this - WinXP, Win2K, Win2003 Auto Installation Program (SID:1522309)
  • 0

#22
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Jeez, I went to the Dell support site and not Realtek... *forehead smack*

Installing/restarting now... will update in a few.

Thanks Gringo


[Update]

Internet connection restored. Can't believe I didn't think to goto the freaking Realtek website.

Right on and many thanks Gringo. Next step in the process?

Edited by cramit02, 31 October 2012 - 11:05 AM.

  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
That is so great I am doing backflips right now!!!


check things out and let me know if we still have any problems left



gringo
  • 0

#24
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Are we talking literal backflips here? =)

As far as I can tell there are no remaining issues. We've run it thru quite a few cleanup programs, got Safe Mode working and internet connectivity restored. Is there anything that you'd like for me to do to finalize the process or do you think we're done?
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

Advertisements


#26
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Computer seems to be working in order, nothing that I can tell is out of place anyway. No problems running ComboFix.

ComboFix after running CFScript:


ComboFix 12-10-31.03 - eamuser 11/01/2012 8:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2281 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 14:03 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-11-01 14:03 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-10-31 17:08 . 2012-10-31 17:08 -------- d-----w- c:\program files\Common Files\Java
2012-10-31 17:08 . 2012-10-31 17:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-31 17:08 . 2012-10-31 17:08 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-31 17:08 . 2012-10-31 17:08 -------- d-----w- c:\program files\Java
2012-10-31 16:59 . 2010-09-23 20:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-10-31 14:31 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-31 14:29 . 2012-10-31 14:29 -------- d-----w- C:\RegBackup
2012-10-31 14:28 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-31 14:28 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-31 14:28 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-31 14:28 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-31 14:28 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-31 14:28 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-31 14:26 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-10-31 14:25 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-10-31 14:24 . 2008-04-14 05:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-10-31 14:23 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-10-31 14:23 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-10-31 14:23 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-10-31 14:23 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-10-31 14:23 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-10-31 14:23 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-10-31 14:23 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-10-31 14:23 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-10-31 14:23 . 2008-04-14 05:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-10-31 14:23 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-10-31 14:23 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-10-31 14:21 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-10-31 14:20 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-10-31 14:18 . 2008-04-14 04:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2012-10-31 14:17 . 2001-08-17 18:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-10-31 14:16 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-10-31 14:15 . 2008-04-14 03:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-10-31 14:14 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-31 14:13 . 2001-08-17 18:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
2012-10-31 14:12 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-10-31 14:11 . 2008-04-14 04:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-10-31 14:10 . 2008-04-14 05:10 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2012-10-31 14:09 . 2001-08-17 17:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2012-10-31 14:08 . 2008-04-14 05:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-10-31 14:07 . 2001-08-18 03:36 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2012-10-31 14:06 . 2001-08-17 17:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2012-10-31 14:05 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-10-31 13:48 . 2012-10-31 14:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-31 13:48 . 2012-10-31 14:40 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-30 15:03 . 2012-10-31 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-30 15:03 . 2012-10-30 15:03 -------- d-----w- c:\program files\AVAST Software
2012-10-30 14:54 . 2012-10-31 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2012-10-30 14:54 . 2012-10-30 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-10-25 14:48 . 2012-10-25 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 21:59 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-08 19:35 . 2012-10-08 19:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 17:08 . 2010-10-27 18:14 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-25 19:06 . 2012-09-25 19:06 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-08-28 15:14 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-13 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-13 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"KASHMNDSHF73467808252560"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-08-24 409600]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-16 15:05 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAMNDSHF73467808252560]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/1/2012 7:40 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/1/2012 7:40 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121005.002\BHDrvx86.sys [10/5/2012 1:23 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/1/2012 7:40 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/1/2012 7:40 PM 149624]
R2 KAMNDSHF73467808252560;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [10/29/2010 1:09 PM 851968]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [5/11/2012 10:40 AM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/2/2012 12:17 PM 12856]
R2 MSSQL$MOBILEDB;SQL Server (MOBILEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/14/2005 2:51 AM 28768528]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/1/2012 7:40 PM 138272]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [10/27/2010 12:22 PM 22016]
R2 VZWConfigService;VZW Config Service;c:\program files\Novatel Wireless\LTE Support\VZWMSConfig.exe [4/16/2012 8:06 AM 218160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2012 1:07 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121101.001\IDSXpx86.sys [10/31/2012 9:06 PM 373728]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [10/29/2010 1:09 PM 17920]
S0 cerc6;cerc6; [x]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [11/8/2011 2:52 PM 13824]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [11/8/2011 2:52 PM 17408]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [5/3/2012 10:43 AM 296448]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [5/3/2012 10:43 AM 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [5/3/2012 10:43 AM 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [5/3/2012 10:43 AM 176384]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys --> c:\windows\system32\DRIVERS\PTUMWBus.sys [?]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys --> c:\windows\system32\DRIVERS\PTUMWCDF.sys [?]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys --> c:\windows\system32\DRIVERS\PTUMWCSP.sys [?]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys --> c:\windows\system32\DRIVERS\PTUMWFLT.sys [?]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys --> c:\windows\system32\DRIVERS\PTUMWMdm.sys [?]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys --> c:\windows\system32\DRIVERS\PTUMWNET.sys [?]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys --> c:\windows\system32\DRIVERS\PTUMWNSP.sys [?]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys --> c:\windows\system32\DRIVERS\PTUMWVsp.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [10/27/2010 12:22 PM 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [10/27/2010 12:22 PM 17408]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [11/29/2011 2:20 AM 32408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.47.41 10.1.0.238 65.24.0.168
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 09:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-D3B3-T282-7E18-N3DU-U8TZ-SANPJD1"
"Activated"="N"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-11-01 09:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-01 14:08
ComboFix2.txt 2012-10-30 16:09
.
Pre-Run: 468,466,946,048 bytes free
Post-Run: 468,461,625,344 bytes free
.
- - End Of File - - 8637690A3871F8031D57A502499C3BFE
  • 0

#27
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#28
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
What've you got in mind, if you don't mind me asking?


Add-Remove Programs.txt:

CCleaner
Dell Resource CD
Diagnostic Utility
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Infor EAM Mobile Full VGA version
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 37
Kaseya Agent (mil-eam-01.trs.ny - kaseya.mindshift.com)
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MOBILEDB)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Norton 360
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Mobile Broadband Drivers
Verizon Wireless USB551L Firmware Updates
VZAccess Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

just checking that everything is updated to secure up the PC




These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 37 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#30
cramit02

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
MBAM Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
eamuser :: MIL-EAM-01 [administrator]

11/1/2012 10:33:55 AM
mbam-log-2012-11-01 (10-33-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183235
Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:48 AM, on 11/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KASHMNDSHF73467808252560] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1288200836609
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kaseya Agent (KAMNDSHF73467808252560) - Kaseya International Limited - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: VZW Config Service (VZWConfigService) - Novatel Wireless Inc. - C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5602 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP