1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

3 computers affected with trogan.gen

Discussion in 'Virus & Other Malware Removal' started by tomob, Jan 27, 2013.

Thread Status:
Not open for further replies.
  1. tomob

    tomob Thread Starter

    Joined:
    Dec 18, 2003
    Messages:
    212
    Files on the server all appear faded and many show as exe files sysamtec end point show frequent trogan.gen infections

    Below is the combofix and hijackthis logs on one of them

    combofix
    ComboFix 13-01-27.03 - Rob 01/27/2013 10:54:39.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1076 [GMT -5:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Don\g2ax_customer_downloadhelper_win32_x86.exe
    c:\documents and settings\Don\GoToAssistDownloadHelper.exe
    c:\documents and settings\Rob\Application Data\PriceGong
    c:\documents and settings\Rob\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\10.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\11123.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\2124.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\2994.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\300.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\592.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\6018.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\6927.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\946.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\947.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\9549.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\959.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\9880.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Rob\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Rob\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Rob\My Documents\ShopToWin
    c:\windows\system32\Temp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-21 19:27 . 2013-01-21 19:27 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
    2013-01-21 19:26 . 2013-01-21 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-01-21 19:26 . 2013-01-21 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-21 19:26 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 14:43 . 2013-01-25 20:26 -------- d-----w- C:\tom01162013
    2013-01-10 17:03 . 2013-01-10 17:03 -------- d-----w- c:\program files\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-14 16:48 . 2012-05-07 11:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-14 16:48 . 2011-05-31 10:14 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2004-08-04 04:56 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25 . 2004-08-04 03:17 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01 . 2009-08-19 22:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2004-08-04 04:56 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 12:17 . 2004-08-04 04:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 00:35 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
    2001-12-03 21:09 . 2010-03-09 17:53 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
    "RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    c:\documents and settings\Rob\Start Menu\Programs\Startup\
    DOSPRN.lnk - c:\program files\DOSPRN\DOSprn.exe [2011-6-29 815104]
    Dropbox.lnk - c:\documents and settings\Rob\Application Data\Dropbox\bin\Dropbox.exe [2013-1-4 28539232]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CardMinder Viewer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
    backup=c:\windows\pss\CardMinder Viewer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
    backup=c:\windows\pss\Conversion to PDF with ScanSnap Organizer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Driver Performer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Driver Performer.lnk
    backup=c:\windows\pss\Driver Performer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner File Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk
    backup=c:\windows\pss\Scanner File Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanSnap Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
    backup=c:\windows\pss\ScanSnap Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Adobe SendNow Desktop.lnk]
    path=c:\documents and settings\Don\Start Menu\Programs\Startup\Adobe SendNow Desktop.lnk
    backup=c:\windows\pss\Adobe SendNow Desktop.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^DOSPRN.lnk]
    path=c:\documents and settings\Don\Start Menu\Programs\Startup\DOSPRN.lnk
    backup=c:\windows\pss\DOSPRN.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2011-12-13 04:20 3305760 ----a-w- c:\documents and settings\Don\Local Settings\Application Data\Akamai\netsession_win.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2010-11-03 22:13 64104 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2012-02-23 15:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTSETBOOTKEY]
    2003-04-15 15:48 36864 ----a-w- c:\windows\system32\BTSetBootKey.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTUSRBDG]
    2003-11-06 03:21 53248 ----a-w- c:\windows\system32\BtUsrBdg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynSite]
    2008-09-25 09:01 1342072 ----a-w- c:\program files\Noel Danjou\DynSite\DynSite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-04-19 17:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-04-19 17:26 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-19 17:26 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeachtreePrefetcher.exe]
    2010-04-10 18:06 29480 ----a-r- c:\program files\Sage Software\Peachtree\PeachtreePrefetcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2012-06-06 18:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
    2009-02-04 22:55 548864 -c--a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2010-11-03 22:15 1833576 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-03-15 13:48 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\SUPDSvc.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Kyocera Mita\\FileUtility\\NsCatCom.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Documents and Settings\\Don\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Documents and Settings\\Don\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
    "c:\\Documents and Settings\\Rob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1583:TCP"= 1583:TCP:pervasive DBEngine
    "3351:TCP"= 3351:TCP:pervasive DBEngine
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\symds.sys [6/11/2012 5:50 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\symefa.sys [6/11/2012 5:50 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [1/15/2013 9:51 PM 997464]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\ironx86.sys [6/11/2012 5:50 PM 136312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 11:56 PM 14336]
    R2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\lonworks\bin\LnsMtsSvc.exe [9/21/2007 2:40 AM 62776]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/21/2013 2:26 PM 398184]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2013 2:26 PM 682344]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [6/11/2012 5:50 PM 130008]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [9/19/2012 6:20 AM 132056]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [9/15/2011 5:42 PM 126392]
    R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [6/6/2008 12:03 PM 435496]
    R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [1/3/2011 8:50 AM 57512]
    R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [1/3/2011 8:50 AM 15876]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/12/2012 6:54 PM 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130124.001\IDSXpx86.sys [1/24/2013 9:36 PM 373728]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2013 2:26 PM 21104]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/30/2012 2:21 PM 1691480]
    S3 LdvxBroker;Echelon xDriver Connection Broker;c:\lonworks\bin\LdvxBroker.exe [9/21/2007 2:40 AM 66872]
    S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [4/14/2004 2:52 PM 20736]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/25/2010 12:44 PM 18432]
    S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\Sage Software\Peachtree\SmartPostingService2011.exe [4/10/2010 1:32 PM 43816]
    S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2/12/2010 1:20 PM 127656]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/30/2012 1:46 PM 13024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 16:48]
    .
    2013-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
    .
    2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 16:07]
    .
    2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 16:07]
    .
    2013-01-27 c:\windows\Tasks\Norton AntiVirus - Don - Full System Scan.job
    - c:\program files\Norton Internet Security\Engine\18.7.2.3\navw32.exe [2012-06-11 00:01]
    .
    2013-01-27 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job
    - c:\program files\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-09-19 19:14]
    .
    2013-01-27 c:\windows\Tasks\ProgramUpdateCheck.job
    - c:\program files\File Type Assistant\tsassist.exe [2011-09-01 19:33]
    .
    2013-01-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-879983540-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2013-01-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-879983540-839522115-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2013-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-879983540-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2013-01-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-879983540-839522115-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
    DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} - hxxp://network.construction.com/ActiveX/FileDownloader2.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    MSConfigStartUp-DW6 - e:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    MSConfigStartUp-PfuSsSct - c:\program files\PFU\ScanSnap\PfuSsSct.exe
    MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
    MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-27 11:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    Completion time: 2013-01-27 11:20:34
    ComboFix-quarantined-files.txt 2013-01-27 16:20
    .
    Pre-Run: 368,407,367,680 bytes free
    Post-Run: 368,753,233,920 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - F274A34031A72896590BF4632B69E08D

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:38:40 AM, on 1/27/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\LonWorks\bin\LnsMtsSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kyocera Mita\FileUtility\nsCatCom.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DOSPRN\DOSprn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
    C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\24.0.1312.56\npchrome_frame.dll
    O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - Startup: DOSPRN.lnk = C:\Program Files\DOSPRN\DOSprn.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} (Documents Downloader Control 2.0) - http://network.construction.com/ActiveX/FileDownloader2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\24.0.1312.56\npchrome_frame.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Echelon xDriver Connection Broker (LdvxBroker) - Echelon Corporation - C:\LonWorks\bin\LdvxBroker.exe
    O23 - Service: Echelon Support Service for Microsoft Terminal Services (MTS) (LnsMtsSvc) - Echelon Corporation - C:\LonWorks\bin\LnsMtsSvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
    O23 - Service: Peachtree SmartPosting 2011 - Sage Software, Inc. - C:\Program Files\Sage Software\Peachtree\SmartPostingService2011.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
    O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe

    --
    End of file - 10435 bytes

    I will post the others later
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - computers affected trogan
  1. arjunkrishna
    Replies:
    0
    Views:
    253
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087077

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice