No internet connection after malware removal, please help

sthomas12 · 15-Jul-2012, 07:09 PM #1

I removed a malware and eversince, i am not able to connect to the internet. I tried everything described in the internet to get connectivity back nut not successful. Can you please help.

Below is the results from running MTB and Farbar.

MTB results:

____________________________

MiniToolBox by Farbar Version: 15-07-2012
Ran by pearl (administrator) on 15-07-2012 at 18:04:19
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : pearl-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-68-63-61-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f1cc:7dfe:ac1f:8a29%14(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.138.41(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

General failure.

General failure.

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
14 ...00 22 68 63 61 fe ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.138.41 276
169.254.138.41 255.255.255.255 On-link 169.254.138.41 276
169.254.255.255 255.255.255.255 On-link 169.254.138.41 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.138.41 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.138.41 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 276 fe80::/64 On-link
14 276 fe80::f1cc:7dfe:ac1f:8a29/128
On-link
1 306 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/15/2012 05:58:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2012 05:56:51 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/15/2012 05:50:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 05:46:35 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/15/2012 05:22:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 05:22:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" 1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (07/15/2012 05:58:44 PM) (Source: Service Control Manager) (User: )
Description: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller%%1058

Error: (07/15/2012 05:58:44 PM) (Source: Service Control Manager) (User: )
Description: Microsoft IPv6 Tunnel Miniport Adapter Driver%%1058

Error: (07/15/2012 05:58:44 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Tun Miniport Adapter Driver%%1058

Error: (07/15/2012 05:58:44 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (07/15/2012 05:58:24 PM) (Source: Service Control Manager) (User: )
Description: Akamai NetSession Interface110001Restart the service

Error: (07/15/2012 05:58:24 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service1

Error: (07/15/2012 05:58:12 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (07/15/2012 05:57:54 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/15/2012 05:52:39 PM) (Source: Service Control Manager) (User: )
Description: Akamai NetSession Interface110001Restart the service

Error: (07/15/2012 05:52:38 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Microsoft Office Sessions:
=========================
Error: (07/15/2012 05:58:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2012 05:56:51 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/15/2012 05:50:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (07/15/2012 05:50:44 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/15/2012 05:46:35 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/15/2012 05:22:28 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (07/15/2012 05:22:28 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Wi ndows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Agere Systems PCI-SV92PP Soft Modem
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
Akamai NetSession Interface
Apple Mobile Device Support (Version: 5.1.1.4)
ATI Catalyst Install Manager (Version: 3.0.685.0)
ccc-utility64 (Version: 2008.0722.2135.36815)
ccCommon64 (Version: 107.0.5.5)
GearDrvs (Version: 5.0.0.2)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart 5510 series Basic Device Software (Version: 24.0.342.0)
HP Photosmart 5510 series Product Improvement Study (Version: 24.0.342.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.1.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
MobileMe Control Panel (Version: 3.1.8.0)
runtime64 (Version: 1.0.0)
SPBBC 64bit (Version: 107.1.0.15)
SpyHunter (Version: 4.9.10.3956)
Symantec Real Time Storage Protection Component (x64) (Version: 10.2.3.9)
SymNet x64 (Version: 8.0.3.4)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3838.27 MB
Available physical RAM: 2206.61 MB
Total Pagefile: 7863.07 MB
Available Pagefile: 5926.97 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.74 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:150.45 GB) NTFS
2 Drive d: (HP PS5510) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
7 Drive i: () (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT

========================= Users: ========================================

User accounts for \\PEARL-PC

Administrator Guest pearl

**** End of log ****

FARBAR Results
________________
Farbar Service Scanner Version: 08-07-2012
Ran by pearl (administrator) on 15-07-2012 at 18:06:59
Running from "C:\Users\pearl\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2011-02-19 16:59] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

**etaf** · 16-Jul-2012, 02:03 PM #2

would you do a tcp/ipstack repair - see below
and also show the status of the following services - see below

what firewall / security suite is on the pc

the virus may still be present on the PC

------------------------------------------------------------------------

TCP/IP stack repair options for use with Vista/Windows 7

Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Note: Type only the text in bold for the following commands.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset IPv4 TCP/IP stack to installation defaults. netsh int ipv4 reset reset.log
and press enter

Reset IPv6 TCP/IP stack to installation defaults. netsh int ipv6 reset reset.log
and press enter

Reboot the machine.

If you receive the message
The requested operation requires elevation.
Then please open the command prompt as administrator - as requested above
Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Please note and post back - if you receive the message
Access is Denied

Post back the results here - we need to know these commands worked correctly
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste

Details also here
http://support.microsoft.com/kb/299357

------------------------------------------------------------------------

------------------------------------------------------------------------
Services

We would like to see some status information for each of the services listed below to do this goto

Start> {Run in XP} {Search box in Vista/W7}> CMD to open a DOS window and type:
SERVICES.MSC
OR
Control Panel>
Administrative Tools>
Services>

then for each of the servies listed below - Please post back the following status information -
If the service is Started/Stopped
and
If the service is Automatic/Manual

COM+ Event System (for WZC issues)
Computer Browser
DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
Server
TCP/IP Netbios helper
Wireless Zero Configuration (XP wireless configurations only)
WLAN AutoConfig (Windows 7 & Vista wireless configurations only)
Workstation

If a service is not running,
right click on the service
then click on properties and now check the dependencies.

Check each of the dependencies and see which one is preventing the service from running.

sthomas12 · 16-Jul-2012, 06:19 PM #3

Here is the data you requested. I am running McAfee, no virus found. I also has spyhunter for spyware. I did all you asked, but still no internet connection. What else can i look at?

reset log

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netsh winsock reset catalog

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

C:\Windows\system32>netsh int ipv4 reset reset.log
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.

C:\Windows\system32>netsh int ipv6 reset reset.log
Reseting Echo Request, OK!
A reboot is required to complete this action.

C:\Windows\system32>

Services log

COM+ Event System (for WZC issues) started automatic
Computer Browser started automatic
DHCP Client started automatic
DNS Client started automatic
Network Connections started Manual
Network Location Awareness started automatic
Remote Procedure Call (RPC) started automatic
Server started automatic
TCP/IP Netbios helper started automatic
Wireless Zero Configuration (XP wireless configurations only) no wirless card, not applicaable

WLAN AutoConfig (Windows 7 & Vista wireless configurations only) no wilress card, not applicable

Workstation started automatic

Ihatecats · 17-Jul-2012, 12:14 AM #4

Instructions in link below for changing DNs server.
http://www.computerhope.com/issues/ch001161.htm
Change your dns to the below.

Preferred DNs 208.67.222.222

Alternate dns 208.67.220.220

Open your device manager hit the start button then right click on computer then select properties then select device manager.

In device manager, click the View menu and select Show hidden devices

Then hit view again and select devices by connection.

Then scroll down right click and uninstall the drivers listed below,dont worry these will be reinstalled upon reboot by windows.

Ancillary Function driver for Winsock
Net BT
Http
Net Io Legacy Support Driver
Tcp/ip Protical Driver
Tcp/ip Registry Compatibility
NSI proxy Service

Each of these files will request a rebot after uninstall wait until the last one to reboot.

run the mcafee removal tool and reboot.
http://majorgeeks.com/downloadget.ph...4f95b4c72f1b9e

Download TCP optimizer then under choose settings put a tick next to optimal then select apply changes and reboot .
http://www.speedguide.net/downloads.php

Download the internet repair tool check all boxes run it and reboot when prompted.
http://majorgeeks.com/downloadget.ph...f942b034a8b48c

sthomas12 · 17-Jul-2012, 12:51 AM #5

I did everything you asked me to do, however still no network connection. it is not the router because i can connect another computer to it and access internet. Anything else I should try?

Ihatecats · 17-Jul-2012, 01:13 AM #6

Create a new user and see if you can connect.
http://windows.microsoft.com/en-us/w...a-user-account

http://www.vistax64.com/tutorials/93...nt-create.html

sthomas12 · 17-Jul-2012, 01:21 AM #7

tried creating another account but no network connection still.

**etaf** · 17-Jul-2012, 02:10 AM #8

i suspect the virus is still on the pc -

would you read the following link at reply with the requested logs

http://forums.techguy.org/virus-othe...e-posting.html

sthomas12 · 04:28 PM

Attached are the logs you requested. I did not run GMER since i have a 64 bit machine. I still don have connectivity and would appreciate any help you can give me.

< EDIT by etaf moderator - to post logs into a reply >

ATTACH LOG

Quote:

.
"UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG."
"IF REQUESTED, ZIP IT UP & ATTACH IT"
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/14/2009 8:12:45 PM
System Uptime: 7/21/2012 2:34:04 PM (0 hours ago)
.
Motherboard: Gateway | | RS780
Processor: AMD Phenom(tm) 9150e Quad-Core Processor | AM2 | 1800/200mhz
.
==== Disk Partitions =========================
.
"C: is FIXED (NTFS) - 586 GiB total, 149.278 GiB free."
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
"K: is FIXED (FAT32) - 30 GiB total, 29.786 GiB free."
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1500
1500_Help
1500Trb
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
AppCore
Apple Application Support
Apple Software Update
Backup
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BufferChm
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
ccCommon
Cisco Connect
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DigiDo
DocProc
DocProcQFolder
eSupportQFolder
Fax
Gateway Games
Gateway Recovery Management
GearDrvs
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photo Creations
HP Photosmart 5510 series Help
HP Photosmart Essential
HP Product Assistant
HP Update
HPProductAssistant
HPSSupply
ImageMixer 3 SE Ver.5 Transfer Utility
ImageMixer 3 SE Ver.5 Video Tools
Immunet Protect
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
KB0817 Keyboard Driver
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft Default Manager
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.2
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
PDFCreator
Picasa 3
PlayOn
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2007
Quicken 2010
Quicken WillMaker Plus 2010
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Send to SmugMug
Skins
SolutionCenter
Spybot - Search & Destroy
Status
swMSM
Symantec Technical Support Controls
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
WebEx
WebReg
Zero Assumption Recovery Version 8.4
.
==== Event Viewer Messages From Past Week ========
.
"7/21/2012 2:34:28 PM, Error: EventLog [6008] - The previous system shutdown at 12:58:20 PM on 7/21/2012 was unexpected."
"7/17/2012 4:14:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl ImmunetProtectDriver ImmunetSelfProtectDriver spldr SRTSPX SYMTDI Wanarpv6"
"7/17/2012 4:14:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start."
"7/17/2012 4:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service WSearch with arguments """" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}"
"7/17/2012 4:14:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service EventSystem with arguments """" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}"
"7/17/2012 4:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service ShellHWDetection with arguments """" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}"
"7/16/2012 5:09:42 PM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The specified module could not be found."
"7/15/2012 6:16:16 PM, Error: EventLog [6008] - The previous system shutdown at 6:13:44 PM on 7/15/2012 was unexpected."
"7/15/2012 6:12:02 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 2 time(s)."
"7/15/2012 5:51:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect."
"7/15/2012 5:51:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Empowering Technology Service service to connect."
"7/15/2012 5:51:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect."
"7/15/2012 5:51:00 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion."
"7/15/2012 5:51:00 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion."
"7/15/2012 5:30:26 PM, Error: Service Control Manager [7000] - The NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
"7/15/2012 5:23:01 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s)."
"7/15/2012 5:23:01 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s)."
"7/15/2012 5:23:01 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service."
"7/15/2012 5:13:05 PM, Error: Service Control Manager [7000] - The Microsoft Tun Miniport Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
"7/15/2012 5:13:05 PM, Error: Service Control Manager [7000] - The Microsoft IPv6 Tunnel Miniport Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
"7/15/2012 4:59:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service."
"7/15/2012 4:55:01 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. " Signatures Attempted: Current Error Code: 0x8050a001 "Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. " Signatures loading: Backup Loading signature version: 1.129.902.0 Loading engine version: 1.1.8502.0
"7/15/2012 4:41:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running."
"7/15/2012 4:40:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect."
"7/15/2012 4:40:45 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion."
"7/15/2012 4:40:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1053"" attempting to start the service WSearch with arguments """" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}"
"7/15/2012 4:40:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service."
"7/15/2012 4:39:22 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23)."
"7/15/2012 4:06:34 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting."
"7/15/2012 4:05:08 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
"7/15/2012 4:05:08 PM, Error: Service Control Manager [7000] - The int15 service failed to start due to the following error: A device attached to the system is not functioning."
.
==== End Of File ===========================

DDS LOG

Quote:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
Run by pearl at 14:51:26 on 2012-07-21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.2245 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Users\pearl\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\pearl\Desktop\ABBYY_FR10_PE_ESD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
"uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>"
uSearchAssistant = hxxp://www.google.com/ie
"uSearchURL,(Default) = hxxp://www.google.com/search?q=%s"
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=28883b190000000000000022686361fe&tlver =1.4.19.19&affID=19404
uURLSearchHooks: H - No File
"mWinlogon: Userinit=userinit.exe,"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
"TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
"uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"uRun: [swg] ""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"""
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
"uRun: [Google Update] ""C:\Users\pearl\AppData\Local\Google\Update\GoogleUpdate.exe"" /c"
"uRun: [Akamai NetSession Interface] ""C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe"""
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
"uRun: [SPMTray] ""C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"""
"mRun: [ccApp] ""c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"""
"mRun: [osCheck] ""c:\Program Files (x86)\Norton 360\osCheck.exe"""
"mRun: [Adobe Reader Speed Launcher] ""C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"""
"mRun: [StartCCC] ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" MSRun"
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
"mRun: [Smart Copy] ""C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe"" -A"
mRun: [eRecoveryService]
"mRun: [P2Go_Menu] ""C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe"" ""C:\Program Files (x86)\CyberLink\Power2Go"" UpdateWithCreateOnce ""SOFTWARE\CyberLink\Power2Go\6.0"""
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"mRun: [Immunet Protect] ""C:\Program Files\Immunet Protect\2.0.17\iptray.exe"""
"mRun: [DigiDo] ""C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe"" startup"
"mRun: [Microsoft Default Manager] ""C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe"" -resume"
"mRun: [APSDaemon] ""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"""
"mRun: [QuickTime Task] ""C:\Program Files (x86)\QuickTime\QTTask.exe"" -atboottime"
"mRun: [QuickTime Plugin Install] ""C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe"""
"mRun: [SunJavaUpdateSched] ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"""
"mRun: [iTunesHelper] ""C:\Program Files (x86)\iTunes\iTunesHelper.exe"""
"mRun: [Malwarebytes' Anti-Malware] ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe"" /starttray"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/naf/html/nafcom.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ti.webex.com/client/T25L10NSP41EP7/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
"TCP: Interfaces\{407BA84B-05E3-4C0B-B74E-65ACD4E36144} : NameServer = 208.67.222.222,208.67.220.220"
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
"TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
"mRun-x64: [ccApp] ""c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"""
"mRun-x64: [osCheck] ""c:\Program Files (x86)\Norton 360\osCheck.exe"""
"mRun-x64: [Adobe Reader Speed Launcher] ""C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"""
"mRun-x64: [StartCCC] ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" MSRun"
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
"mRun-x64: [Smart Copy] ""C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe"" -A"
mRun-x64: [eRecoveryService]
"mRun-x64: [P2Go_Menu] ""C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe"" ""C:\Program Files (x86)\CyberLink\Power2Go"" UpdateWithCreateOnce ""SOFTWARE\CyberLink\Power2Go\6.0"""
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"mRun-x64: [Immunet Protect] ""C:\Program Files\Immunet Protect\2.0.17\iptray.exe"""
"mRun-x64: [DigiDo] ""C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe"" startup"
"mRun-x64: [Microsoft Default Manager] ""C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe"" -resume"
"mRun-x64: [APSDaemon] ""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"""
"mRun-x64: [QuickTime Task] ""C:\Program Files (x86)\QuickTime\QTTask.exe"" -atboottime"
"mRun-x64: [QuickTime Plugin Install] ""C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe"""
"mRun-x64: [SunJavaUpdateSched] ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"""
"mRun-x64: [iTunesHelper] ""C:\Program Files (x86)\iTunes\iTunesHelper.exe"""
"mRun-x64: [Malwarebytes' Anti-Malware] ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe"" /starttray"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pearl\AppData\Roaming\Mozilla\Firefox\Profiles\hnuno34z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Users\pearl\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\pearl\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\pearl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\pearl\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
"user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);"
============= SERVICES / DRIVERS ===============
.
R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090910.001\IDSvia64 .sys [2009-9-10 370224]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\system32\DRIVERS\Immun etProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetProtect.sys [?]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\system32\DRIVE RS\ImmunetSelfProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-4-14 24576]
R2 ImmunetProtect;Immunet Protect;C:\Program Files\Immunet Protect\2.0.17\agent.exe [2011-2-19 272080]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-17 149352]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 655944]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-4-23 2976632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-19 1153368]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-5-4 996256]
"R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]"
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 250056]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-3 1245064]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS --> C:\Windows\system32\Drivers\SYMNDISV.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-21 93184]
.
=============== Created Last 30 ================
.
7/18/2012 6:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2281FC6-480A-449A-8872-AD5E53BC29FD}\offreg.dll
7/17/2012 22:59 -------- d-----w- C:\Program Files\HitmanPro
7/17/2012 22:58 -------- d-----w- C:\ProgramData\HitmanPro
7/17/2012 20:27 -------- d-----w- C:\Users\pearl\AppData\Roaming\Malwarebytes
7/17/2012 20:27 -------- d-----w- C:\ProgramData\Malwarebytes
7/17/2012 20:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
7/17/2012 20:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
7/15/2012 22:34 -------- d-s---w- C:\Windows\SysWow64\Microsoft
7/15/2012 21:55 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2281FC6-480A-449A-8872-AD5E53BC29FD}\mpengine.dll
7/8/2012 3:06 -------- d-----w- C:\ProgramData\B7E85B350001CD52000B771AEEC1FB6E
6/26/2012 19:14 -------- d-----w- C:\Users\pearl\AppData\Local\Macromedia
.
==================== Find3M ====================
.
6/23/2012 18:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
6/23/2012 18:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 14:52:25.24 ===============

HIJACKTHIS LOG

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:50:31 PM, on 7/21/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Users\pearl\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\pearl\Desktop\ABBYY_FR10_PE_ESD.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McUICnt.exe
J:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=28883b190000000000000022686361fe&tlver =1.4.19.19&affID=19404
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: BHO_PROJECT - {9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
O4 - HKLM\..\Run: [DigiDo] "C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe" startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] "C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pearl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pearl\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (Nafi Class) - file:///D:/naf/html/nafcom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ti.webex.com/client/T25L10NS...x/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{407BA84B-05E3-4C0B-B74E-65ACD4E36144}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{407BA84B-05E3-4C0B-B74E-65ACD4E36144}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Immunet Protect (ImmunetProtect) - Immunet Corporation - C:\Program Files\Immunet Protect\2.0.17\agent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 15249 bytes

**etaf** · 21-Jul-2012, 04:24 PM **#10**

i have moved you thread to the virus forum

also the logs need to be posted into a reply - which i will edit and do for you

it may take 48 hours to get a reply - if you do not get a reply after that time - just reply with the word "bump"
that will take this thread to the top of the forum again

sthomas12 · 22-Jul-2012, 01:51 AM **#11**

Still looking for some help here.

sthomas12 · 22-Jul-2012, 01:52 AM **#12**

bump

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

No internet connection after malware removal, please help

Find the solution to your computer problem!

Find the solution to your
computer problem!