1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

internet not working - registry keys deleted by malware

Discussion in 'Virus & Other Malware Removal' started by thermo, Apr 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. thermo

    thermo Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    4
    I saw several other threads were to run FSS, so I did too:

    Farbar Service Scanner Version: 01-03-2012
    Ran by engineer (administrator) on 10-04-2012 at 12:29:02
    Running from "E:\work"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Tcpip Service is not running. Checking service configuration:
    The start type of Tcpip service is OK.
    The ImagePath of Tcpip service is OK.

    IpSec Service is not running. Checking service configuration:
    The start type of IpSec service is OK.
    The ImagePath of IpSec service is OK.
    Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


    Connection Status:
    ==============
    Localhost is blocked.
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Disabled. The default start type is Auto.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    Srservice Service is not running. Checking service configuration:
    The start type of Srservice service is OK.
    The ImagePath of Srservice service is OK.
    The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

    sr Service is not running. Checking service configuration:
    The start type of sr service is set to Disabled. The default start type is Boot.
    The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


    System Restore Disabled Policy:
    ========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR"=DWORD:1


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    Windows Update:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    acsint(9) acsmux(10) Gpc(6) IPSec(5) mfetdi2k(8) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)
    0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
    Attention! IpSec Tag value should be 4.

    **** End of log ****

    Thanks in advance
     
  2. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,904
  3. thermo

    thermo Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    4
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:44:00 PM, on 4/10/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\engineer\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3070731
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
    O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
    O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [drivermgr] C:\Documents and Settings\engineer\Application Data\devicemgrpro.exe
    O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\engineer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [lntnwfwi] C:\DOCUME~1\engineer\LOCALS~1\Temp\xiupukroq\lwbsmyosika.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NextMove PCI (2) Auto Initialization.lnk = C:\Program Files\Mint Machine Center\PCIWizard.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29B16EC0-2500-4DFF-9B5A-E87BAEBAA2C3}: NameServer = 130.207.244.244,130.207.244.251
    O17 - HKLM\System\CS1\Services\Tcpip\..\{29B16EC0-2500-4DFF-9B5A-E87BAEBAA2C3}: NameServer = 130.207.244.244,130.207.244.251
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: NecUsb3Sevices - USB3Sw32.dll (file missing)
    O20 - Winlogon Notify: USB3Sw32 - USB3Sw32.dll (file missing)
    O23 - Service: Invoker (amoagent) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Pmj151la (as32svc) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Ntsvcmgr (cdrbsdrv) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Was (crystalinputfileserver) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Device Manager - Unknown owner - C:\Documents.exe (file missing)
    O23 - Service: EventServer - TODO: <Company name> - C:\Program Files\Thermo\Avantage\Bin\EventServer.exe
    O23 - Service: UMPass (FETNDIS) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    O23 - Service: Spectrometer - Unknown owner - C:\Program Files\Thermo\Avantage\Bin\Spectrometer.exe
    O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
    O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    O23 - Service: Ma763004 (winpppoverethernet) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: OsaFsLoc (ZY202_XP) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

    --
    End of file - 11118 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by engineer at 13:44:24 on 2012-04-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2030.1427 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
    uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
    uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3070731
    uInternet Settings,ProxyServer = http=127.0.0.1:18810
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\engineer\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [lntnwfwi] c:\docume~1\engineer\locals~1\temp\xiupukroq\lwbsmyosika.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
    mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
    mRun: [<NO NAME>]
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [drivermgr] c:\documents and settings\engineer\application data\devicemgrpro.exe
    mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nextmo~1.lnk - c:\program files\mint machine center\PCIWizard.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{29B16EC0-2500-4DFF-9B5A-E87BAEBAA2C3} : NameServer = 130.207.244.244,130.207.244.251
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: NecUsb3Sevices - USB3Sw32.dll
    Notify: USB3Sw32 - USB3Sw32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\engineer\application data\mozilla\firefox\profiles\v5b2keq9.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\engineer\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-3-27 461864]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-9-19 24064]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-3-28 89624]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2011-8-31 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-6-8 132416]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2011-8-31 147984]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-8-31 66880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-27 148520]
    R2 T226_1D;T226 Device Driver(T226_1D.sys);c:\windows\system32\drivers\T226_1D.sys [2009-10-14 31104]
    R2 T237DRV;T237 Device Driver(T237DRV.sys);c:\windows\system32\drivers\T237DRV.sys [2009-10-14 29312]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-9-19 2066968]
    R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-6-1 1590216]
    R2 VGUSBDRV;T227 Device Driver(VGUSBDRV.sys);c:\windows\system32\drivers\VGUSBDRV.sys [2009-10-14 36736]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-9-19 144480]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-27 180072]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-27 59288]
    R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-6-1 10688]
    R3 USBMotion;USBMotion.SYS - USB Motion Controller;c:\windows\system32\drivers\USBMotion.sys [2009-10-14 19968]
    S2 avg7alrt;Cdr4_xp;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 avg7rsw;W3svc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    S2 clientservice;Camdrl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 Device Manager;Device Manager;c:\documents and settings\engineer\application data\devicemgrsvc.bat [2012-3-24 115]
    S2 lpx;Mvc25U870_VID_1262&PID_25FD;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 mcdetect.exe;Ashampoodefragservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 mcproxy;Clr_optimization_v2.0.50215_32;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 mcrdsvc;S616mdfl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 navex15;Prismxl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 ofcpfwsvc;Afs2k;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 ofcservice;W800mdfl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
    S2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-4-10 77824]
    S2 T226_LDR;T226 Detector Firmware Loader (T226_LDR.sys);c:\windows\system32\drivers\T226_LDR.sys [2009-10-14 10496]
    S2 T227_LDR;K-Alpha Spectrometer Firmware Loader (T227_LDR.sys);c:\windows\system32\drivers\T227_LDR.sys [2009-10-14 21888]
    S2 T237_LDR;T237 Firmware Loader (T237_LDR.sys);c:\windows\system32\drivers\T237_LDR.sys [2009-10-14 14720]
    S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-1-13 476112]
    S2 ZY202_XP;OsaFsLoc;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
    S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-3-25 38440]
    S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-3-25 57000]
    S3 EventServer;EventServer;c:\program files\thermo\avantage\bin\EventServer.exe [2010-8-6 135168]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-27 87808]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
    S3 Spectrometer;Spectrometer;c:\program files\thermo\avantage\bin\Spectrometer.exe [2010-8-6 598016]
    S4 ACU;ACU;c:\docume~1\engineer\locals~1\temp\ACU.exe [2010-8-2 523136]
    S4 HGIPYIKNBOZCJV;HGIPYIKNBOZCJV;c:\docume~1\engineer\locals~1\temp\HGIPYIKNBOZCJV.exe [2010-8-2 543616]
    .
    =============== Created Last 30 ================
    .
    2012-04-10 16:49:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7bca64-f852-4f90-a24a-a5983279078d}\offreg.dll
    2012-03-30 13:48:28 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a7bca64-f852-4f90-a24a-a5983279078d}\mpengine.dll
    2012-03-29 19:50:33 -------- d-----w- c:\documents and settings\engineer\application data\SUPERAntiSpyware.com
    2012-03-28 13:31:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-03-28 13:30:55 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 06:02:40 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2012-03-27 18:36:58 38400 ----a-w- c:\windows\system32\USB3Sw32.dll
    2012-03-27 17:40:58 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-03-27 17:40:58 65960 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2012-03-27 17:40:58 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-03-27 17:40:58 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-03-27 17:40:58 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2012-03-27 17:40:58 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-03-27 17:40:58 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2012-03-27 17:40:58 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-03-27 03:19:34 1324 ----a-w- c:\documents and settings\engineer\local settings\application data\d3d9caps.tmp
    2012-03-26 18:10:49 -------- d-----w- c:\documents and settings\engineer\.sslexplorer
    2012-03-25 23:35:30 57000 ----a-r- c:\windows\system32\drivers\acsmux.sys
    2012-03-25 23:35:29 38440 ----a-r- c:\windows\system32\drivers\acsint.sys
    2012-03-25 23:35:24 -------- d-----w- c:\program files\Cisco
    2012-03-24 15:38:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-24 15:37:08 115 ---h--w- c:\documents and settings\engineer\application data\devicemgrsvc.bat
    2012-03-24 15:36:51 210051234 ----a-w- c:\documents and settings\engineer\application data\devicemgrpro.exe
    2012-03-24 15:36:43 -------- d-----w- c:\documents and settings\engineer\local settings\application data\AppCore
    2012-03-20 18:49:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-03-20 18:49:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    .
    ==================== Find3M ====================
    .
    2012-03-10 02:50:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-13 17:18:33 10704 ----a-w- c:\windows\system32\vpncategories.dll
    2012-01-13 17:18:28 33232 ----a-w- c:\windows\system32\vpnevents.dll
    2012-01-13 17:08:23 23464 ----a-w- c:\windows\system32\drivers\vpnva.sys
    2012-01-13 17:08:20 409848 ----a-w- c:\windows\system32\vpngina.dll
    .
    ============= FINISH: 13:45:30.73 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-10 16:43:08
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.02.0
    Running: p8xqffdr.exe; Driver: C:\DOCUME~1\engineer\LOCALS~1\Temp\pwtdqpow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DE1290]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DE12A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DE12D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DE1326]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DE127C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DE1254]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DE1268]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DE12BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DE12FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DE12E6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DE1350]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DE133C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DE1310]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  4. thermo

    thermo Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    4
    Hi, I haven't received a reply within 48 hours, just wanted to make it more noticed. thanks
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

    ***************************************************

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

    Note: If you have SP3, use the SP2 package.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  6. thermo

    thermo Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    4
    ComboFix 12-04-16.02 - expert 04/18/2012 21:03:19.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2030.1242 [GMT -4:00]
    Running from: c:\documents and settings\expert\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\expert\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\expert\Local Settings\Application Data\{BA14C115-B92D-4DF3-A05C-1E20323B063A}
    c:\documents and settings\expert\Local Settings\Application Data\{BA14C115-B92D-4DF3-A05C-1E20323B063A}\chrome.manifest
    c:\documents and settings\expert\Local Settings\Application Data\{BA14C115-B92D-4DF3-A05C-1E20323B063A}\chrome\content\overlay.xul
    c:\documents and settings\expert\Local Settings\Application Data\{BA14C115-B92D-4DF3-A05C-1E20323B063A}\install.rdf
    c:\documents and settings\testuser\Local Settings\Application Data\{F560089D-429A-498A-8427-986035912176}
    c:\documents and settings\testuser\Local Settings\Application Data\{F560089D-429A-498A-8427-986035912176}\chrome.manifest
    c:\documents and settings\testuser\Local Settings\Application Data\{F560089D-429A-498A-8427-986035912176}\chrome\content\overlay.xul
    c:\documents and settings\testuser\Local Settings\Application Data\{F560089D-429A-498A-8427-986035912176}\install.rdf
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-18 14:40 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{545A3E6E-0E3C-4931-934B-A77554B7B070}\mpengine.dll
    2012-04-18 14:34 . 2012-04-18 14:34 -------- d-----w- c:\windows\LastGood
    2012-04-18 14:28 . 2008-04-14 12:00 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2012-04-18 14:28 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2012-03-31 14:02 . 2012-03-31 14:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2012-03-28 13:57 . 2012-03-28 13:57 -------- d-----w- c:\documents and settings\expert\Application Data\Malwarebytes
    2012-03-28 13:31 . 2012-03-28 13:31 -------- d-----w- c:\documents and settings\expert\Application Data\SUPERAntiSpyware.com
    2012-03-28 13:31 . 2012-03-28 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-03-28 13:30 . 2012-03-28 13:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 06:02 . 2011-09-01 00:07 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2012-03-27 17:40 . 2011-09-01 00:07 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-03-27 17:40 . 2011-09-01 00:07 65960 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2012-03-27 17:40 . 2011-09-01 00:07 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-03-27 17:40 . 2011-09-01 00:07 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-03-27 17:40 . 2011-09-01 00:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2012-03-27 17:40 . 2011-09-01 00:07 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-03-27 17:40 . 2011-09-01 00:07 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2012-03-27 17:40 . 2011-09-01 00:07 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-03-27 17:00 . 2012-03-27 17:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2012-03-26 18:10 . 2012-03-26 18:10 -------- d-----w- c:\documents and settings\engineer\.sslexplorer
    2012-03-25 23:35 . 2012-01-13 17:07 57000 ----a-r- c:\windows\system32\drivers\acsmux.sys
    2012-03-25 23:35 . 2012-01-13 17:07 38440 ----a-r- c:\windows\system32\drivers\acsint.sys
    2012-03-25 23:35 . 2012-03-25 23:35 -------- d-----w- c:\program files\Cisco
    2012-03-20 18:49 . 2012-03-20 18:49 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-20 18:49 . 2012-03-20 18:49 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-18 14:30 . 2010-02-22 19:15 0 ----a-w- c:\documents and settings\expert\Local Settings\Application Data\WavXMapDrive.bat
    2012-03-14 02:15 . 2010-08-04 13:40 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-10 02:50 . 2011-05-17 17:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 12:44 . 2010-08-02 21:37 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-20 18:49 . 2011-04-24 16:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-09-01 00:07 . 2012-03-27 17:40 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-18_14.30.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-25 16:16 . 2012-04-18 14:35 80180 c:\windows\system32\perfc009.dat
    - 2008-04-25 16:16 . 2012-04-18 14:21 80180 c:\windows\system32\perfc009.dat
    + 2008-04-25 16:16 . 2012-04-18 14:35 467156 c:\windows\system32\perfh009.dat
    - 2008-04-25 16:16 . 2012-04-18 14:21 467156 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-04-22 09:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-04-22 09:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
    "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
    "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
    "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-04-10 1810432]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
    "drivermgr"="c:\documents and settings\engineer\Application Data\devicemgrpro.exe" [2012-04-18 192512]
    "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NextMove PCI (2) Auto Initialization.lnk - c:\program files\Mint Machine Center\PCIWizard.exe [2007-8-3 50432]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\UltraVNC\\vncviewer.exe"=
    "c:\\Documents and Settings\\engineer\\Application Data\\devicemgrpro.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5900:TCP"= 5900:TCP:vnc5900
    "5800:TCP"= 5800:TCP:vnc5800
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [9/19/2009 11:19 AM 24064]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/28/2012 2:02 AM 89624]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 12:56 AM 133968]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2011 8:07 PM 22816]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/27/2012 1:40 PM 148520]
    R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 7:08 AM 77824]
    R2 T226_1D;T226 Device Driver(T226_1D.sys);c:\windows\system32\drivers\T226_1D.sys [10/14/2009 10:21 AM 31104]
    R2 T237DRV;T237 Device Driver(T237DRV.sys);c:\windows\system32\drivers\T237DRV.sys [10/14/2009 10:21 AM 29312]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [9/19/2009 2:46 AM 2066968]
    R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [6/1/2010 4:03 PM 1590216]
    R2 VGUSBDRV;T227 Device Driver(VGUSBDRV.sys);c:\windows\system32\drivers\VGUSBDRV.sys [10/14/2009 10:21 AM 36736]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [1/13/2012 1:17 PM 476112]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/19/2009 11:19 AM 144480]
    R3 EventServer;EventServer;c:\program files\Thermo\Avantage\Bin\EventServer.exe [8/6/2010 11:29 AM 135168]
    R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [6/1/2010 4:03 PM 10688]
    R3 Spectrometer;Spectrometer;c:\program files\Thermo\Avantage\Bin\Spectrometer.exe [8/6/2010 11:29 AM 598016]
    R3 USBMotion;USBMotion.SYS - USB Motion Controller;c:\windows\system32\drivers\USBMotion.sys [10/14/2009 11:02 AM 19968]
    S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
    S2 Device Manager;Device Manager;c:\documents and settings\engineer\Application Data\devicemgrsvc.bat [3/24/2012 11:37 AM 115]
    S2 T226_LDR;T226 Detector Firmware Loader (T226_LDR.sys);c:\windows\system32\drivers\T226_LDR.sys [10/14/2009 10:21 AM 10496]
    S2 T227_LDR;K-Alpha Spectrometer Firmware Loader (T227_LDR.sys);c:\windows\system32\drivers\T227_LDR.sys [10/14/2009 10:21 AM 21888]
    S2 T237_LDR;T237 Firmware Loader (T237_LDR.sys);c:\windows\system32\drivers\T237_LDR.sys [10/14/2009 10:21 AM 14720]
    S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [3/25/2012 7:35 PM 38440]
    S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [3/25/2012 7:35 PM 57000]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/27/2012 1:40 PM 87808]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
    S4 ACU;ACU;c:\docume~1\engineer\LOCALS~1\Temp\ACU.exe [8/2/2010 12:54 PM 523136]
    S4 HGIPYIKNBOZCJV;HGIPYIKNBOZCJV;c:\docume~1\engineer\LOCALS~1\Temp\HGIPYIKNBOZCJV.exe [8/2/2010 12:58 PM 543616]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    NecUsb3Sevic REG_MULTI_SZ NecUsb3
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    CTDevice_Srv
    oracleorahome90agent
    sonicwall_netextender
    ZuneWlanCfgSvc
    tosrfhid
    QV2KUX
    DumaNT
    UMAXPCLS
    tifsfilter
    ALYac_PZSrv
    Sk9920nt
    dvd_2K
    pdiddcci
    SE2Cbus
    apphostsvc
    purendis
    tifm
    EAWDMFD
    tomcatcws3
    nvenetfd
    bthidenum
    incdrec
    NETw5x32
    bc_ip_f
    RMCAST
    McciCMService
    navex15
    Accelerometer
    vcdsecs
    wlluc48b
    VRcore
    NPPTNT
    backupclientsvc
    ni_nic
    cmigameport
    mcrdsvc
    astcc
    iolodmv
    windrvNT
    bthmodem
    cpucoolserver
    wacomvhid
    Stltrk2k
    IntuitUpdateService
    passthru
    hidbatt
    nv
    netdetect
    rtl8185
    harmony
    vmsprog
    pca
    winpowermonitor
    trioservice
    buslogic
    yukonwlh
    RMSvc
    lvtuner
    pdlnemap
    winss
    vsapint
    oracleorahomedatagatherer
    nfmservice
    {a7447300-8075-4b0d-83f1-3d75c8ebc623}
    s125mdfl
    cwafadmincontroller
    hdaudaddservice
    sqlagent$soshome22
    qserver
    ikhlayer
    szkg
    sifilter
    vaiomediaplatform-musicserver-appserver
    prfldsvc
    A4S2600
    GcKernel
    pshost
    elnkservice
    knobserv
    btdriver
    ibmpmsvc
    61883
    videX32
    tifmsony
    spcsutilityservice
    sermouse
    dbmanagerscheduler
    MA-620
    smsmdd
    snmptrapdservice
    hwpsgt
    KLOGNT
    RDID1007
    adsservice
    RadProbe
    ood2000
    fcprintservice
    ofcservice
    tangoservice
    psadd
    AtiPcie
    tgsrvc_smartagent
    mcdbus
    elbycdfl
    qmofiltr
    IntelC53
    WD_FireWire_HID
    aeaudio
    mdc8021x
    mcdetect.exe
    downloadmanagerlite
    kbstuff
    NICSer_WPC300N
    iam
    ScFBPNT2
    SNTIE
    CTEAPSFX.DLL
    bobo
    susbser
    nvata
    ativraxx
    w300bus
    vzcdbsvc
    winpppoverethernet
    emAudio
    tdrpman174
    smtpd32
    cdrbsdrv
    RTSTOR
    delldmi
    EMSCR
    cxlpt
    ssscsisv
    ssrtln
    lmimaint
    aslm75
    SDdriver
    SE26bus
    clientservice
    se45unic
    retrolauncher
    IBM_LLC2
    amoagent
    as32svc
    p17xfilt
    rvscc
    s117nd5
    SeaPort
    fallback
    crystalinputfileserver
    CAM1210
    icepack
    sysenforce
    NdisFilt
    FireHook
    SaiH040B
    Xponaut_WBD
    wg3n
    npkcsvc
    nchssvad
    qkbfiltr
    wmp54gv4svc
    DN2AKNET
    zebrmdfl
    sysmgmthp
    webupdate
    lpx
    adpu320
    MaVctrl
    G400DH
    webdriveservice
    compbatt
    CnxTrUsb
    USBDongle
    msfwsvc
    nicser_wmp11
    SrvcEKIOMngr
    ofcpfwsvc
    HpqKbFiltr
    mssql$soshome22
    SRVLOC
    sis162u
    rootmodem
    bh611
    CTAudSvcService
    tfsncofs
    Invoker
    bgsvcgen
    regmon701
    mmc_2K
    se44obex
    vmkbd2
    ovmsmaccessmanager
    DSI_SiUSBXp_3_1
    advservice
    CX23880
    wlancfg
    x10nets
    ISAMSvc
    asuskeyboardservice
    avg7alrt
    WacomVKHid
    genmcmn
    msloop
    dcstor32
    MaxtorFrontPanel1
    imountsrv
    JiaoCap
    se59bus
    eeyeevnt
    remoterecord
    ds1
    AR5523
    NsTrcNT
    atitunep
    msvsmon90
    amusbprt
    catchme
    se2Dnd5
    mcproxy
    oracleorahome811cman
    cpqfws2e
    rdnaoflsvc
    queuemgr
    FET5X86V
    acprfmgrsvc
    BootScreen
    SrvcTPIOMngr
    megamonitorsrv
    ppmoucls
    dlcc_device
    int15
    ASFWHide
    ehrecvr
    WIBUKEY
    CA561
    pcdrndisuio
    se2Cunic
    cpqfcalm
    yats32
    nvax
    fireport
    npapimon
    mi-raysat_3dsmax8
    ACDaemon
    tsmservice
    retroexplauncher
    dlaboiom
    sisidex
    Dfs
    LEX_AS_NIC_SERVICE_YNOS
    btwmodem
    atmeltpm
    transcode360
    ss_mdfl
    efs
    websensedcagent
    sprtsvc_dellsupportcenter
    MTDVC2
    aniwzcsdservice
    axskbus
    dlcf_device
    s616unic
    useraccess
    sfhlp02
    hsf_dpv
    BsHelpCS
    FETNDIS
    SRTSP
    avg7rsw
    btaudio
    Rasman
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    wscsvc
    xmlprov
    napagent
    hkmsvc
    BITS
    wuauserv
    ShellHWDetection
    helpsvc
    WmdmPmSN
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829228684-345874965-846607573-1010Core.job
    - c:\documents and settings\engineer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 22:02]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829228684-345874965-846607573-1010UA.job
    - c:\documents and settings\engineer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 22:02]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829228684-345874965-846607573-1011Core.job
    - c:\documents and settings\expert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-31 23:52]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829228684-345874965-846607573-1011UA.job
    - c:\documents and settings\expert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-31 23:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: Interfaces\{29B16EC0-2500-4DFF-9B5A-E87BAEBAA2C3}: NameServer = 130.207.244.244,130.207.244.251
    FF - ProfilePath - c:\documents and settings\expert\Application Data\Mozilla\Firefox\Profiles\p5x2vo2a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://grover.mirc.gatech.edu/
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-18 21:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,3b,ae,93,fe,b2,b3,41,88,86,b4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,3b,ae,93,fe,b2,b3,41,88,86,b4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(864)
    c:\windows\system32\VPNGina.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(920)
    c:\windows\system32\wvauth.dll
    .
    Completion time: 2012-04-18 21:09:21
    ComboFix-quarantined-files.txt 2012-04-19 01:09
    ComboFix2.txt 2012-04-18 14:36
    .
    Pre-Run: 128,532,787,200 bytes free
    Post-Run: 128,529,281,024 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - EEA89AE8FDB42F42058D0197F41D3AF9
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,656
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    Driver::
    HGIPYIKNBOZCJV
    
    NetSvcs::
    CTDevice_Srv
    oracleorahome90agent
    sonicwall_netextender
    ZuneWlanCfgSvc
    tosrfhid
    QV2KUX
    DumaNT
    UMAXPCLS
    tifsfilter
    ALYac_PZSrv
    Sk9920nt
    dvd_2K
    pdiddcci
    SE2Cbus
    apphostsvc
    purendis
    tifm
    EAWDMFD
    tomcatcws3
    nvenetfd
    bthidenum
    incdrec
    NETw5x32
    bc_ip_f
    RMCAST
    McciCMService
    navex15
    Accelerometer
    vcdsecs
    wlluc48b
    VRcore
    NPPTNT
    backupclientsvc
    ni_nic
    cmigameport
    mcrdsvc
    astcc
    iolodmv
    windrvNT
    bthmodem
    cpucoolserver
    wacomvhid
    Stltrk2k
    IntuitUpdateService
    passthru
    hidbatt
    nv
    netdetect
    rtl8185
    harmony
    vmsprog
    pca
    winpowermonitor
    trioservice
    buslogic
    yukonwlh
    RMSvc
    lvtuner
    pdlnemap
    winss
    vsapint
    oracleorahomedatagatherer
    nfmservice
    {a7447300-8075-4b0d-83f1-3d75c8ebc623}
    s125mdfl
    cwafadmincontroller
    hdaudaddservice
    sqlagent$soshome22
    qserver
    ikhlayer
    szkg
    sifilter
    vaiomediaplatform-musicserver-appserver
    prfldsvc
    A4S2600
    GcKernel
    pshost
    elnkservice
    knobserv
    btdriver
    ibmpmsvc
    61883
    videX32
    tifmsony
    spcsutilityservice
    sermouse
    dbmanagerscheduler
    MA-620
    smsmdd
    snmptrapdservice
    hwpsgt
    KLOGNT
    RDID1007
    adsservice
    RadProbe
    ood2000
    fcprintservice
    ofcservice
    tangoservice
    psadd
    AtiPcie
    tgsrvc_smartagent
    mcdbus
    elbycdfl
    qmofiltr
    IntelC53
    WD_FireWire_HID
    aeaudio
    mdc8021x
    mcdetect.exe
    downloadmanagerlite
    kbstuff
    NICSer_WPC300N
    iam
    ScFBPNT2
    SNTIE
    CTEAPSFX.DLL
    bobo
    susbser
    nvata
    ativraxx
    w300bus
    vzcdbsvc
    winpppoverethernet
    emAudio
    tdrpman174
    smtpd32
    cdrbsdrv
    RTSTOR
    delldmi
    EMSCR
    cxlpt
    ssscsisv
    ssrtln
    lmimaint
    aslm75
    SDdriver
    SE26bus
    clientservice
    se45unic
    retrolauncher
    IBM_LLC2
    amoagent
    as32svc
    p17xfilt
    rvscc
    s117nd5
    SeaPort
    fallback
    crystalinputfileserver
    CAM1210
    icepack
    sysenforce
    NdisFilt
    FireHook
    SaiH040B
    Xponaut_WBD
    wg3n
    npkcsvc
    nchssvad
    qkbfiltr
    wmp54gv4svc
    DN2AKNET
    zebrmdfl
    sysmgmthp
    webupdate
    lpx
    adpu320
    MaVctrl
    G400DH
    webdriveservice
    compbatt
    CnxTrUsb
    USBDongle
    msfwsvc
    nicser_wmp11
    SrvcEKIOMngr
    ofcpfwsvc
    HpqKbFiltr
    mssql$soshome22
    SRVLOC
    sis162u
    rootmodem
    bh611
    CTAudSvcService
    tfsncofs
    Invoker
    bgsvcgen
    regmon701
    mmc_2K
    se44obex
    vmkbd2
    ovmsmaccessmanager
    DSI_SiUSBXp_3_1
    advservice
    CX23880
    wlancfg
    x10nets
    ISAMSvc
    asuskeyboardservice
    avg7alrt
    WacomVKHid
    genmcmn
    msloop
    dcstor32
    MaxtorFrontPanel1
    imountsrv
    JiaoCap
    se59bus
    eeyeevnt
    remoterecord
    ds1
    AR5523
    NsTrcNT
    atitunep
    msvsmon90
    amusbprt
    catchme
    se2Dnd5
    mcproxy
    oracleorahome811cman
    cpqfws2e
    rdnaoflsvc
    queuemgr
    FET5X86V
    acprfmgrsvc
    BootScreen
    SrvcTPIOMngr
    megamonitorsrv
    ppmoucls
    dlcc_device
    int15
    ASFWHide
    ehrecvr
    WIBUKEY
    CA561
    pcdrndisuio
    se2Cunic
    cpqfcalm
    yats32
    nvax
    fireport
    npapimon
    mi-raysat_3dsmax8
    ACDaemon
    tsmservice
    retroexplauncher
    dlaboiom
    sisidex
    Dfs
    LEX_AS_NIC_SERVICE_YNOS
    btwmodem
    atmeltpm
    transcode360
    ss_mdfl
    efs
    websensedcagent
    sprtsvc_dellsupportcenter
    MTDVC2
    aniwzcsdservice
    axskbus
    dlcf_device
    s616unic
    useraccess
    sfhlp02
    hsf_dpv
    BsHelpCS
    FETNDIS
    SRTSP
    avg7rsw
    btaudio
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "NecUsb3Sevic"=-
    
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

    [
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1048742