Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant remove the prodram


  • Please log in to reply
16 replies to this topic

#1 akuigla

akuigla

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 18 September 2009 - 12:36 PM

Maybe there is a problem
I have a strange program on my pc.It is called Windows system scanner and has a java icon in front.
The publisher is Computing.net
I tried to remove the program with add/remove options and the strange tab shows saying that is unable to completely remove the program???
The same results was when CCleaner tried to run uninstaller.Then I renamed a program and tried to uninstall it but no efect whatsoever.I asked on Computing.net what for is that program.They replied that they dont publish the programs.
My pc is running normally.
On last scans from AVG,MBAM and Syperantispyware no threats found.
But when I run Sophos antirootkit once a week, afterwards AFT cleaner or CCleaner always remove between two of them around 150 to 200 mb of crap!Like something is generating a rootkits inside my pc
Id like to remove the program.Please give me a hand to do that.
Thanks
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 AM

Posted 18 September 2009 - 10:14 PM

Hi, well I found where it came from. But no real solution there.

http://www.computing.net/answers/windows-x...er-/177091.html

Try removing it with Revo Uninstaller


Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 19 September 2009 - 01:49 PM

Thank you for your answer
Revo successfully unistallled te program.However,the same message=Unable to completely uninstall application=apeared during the unistalation.
Since I already have Malwarebytes ant-imalware do you want me to uninstall this one and download a new one?
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 AM

Posted 19 September 2009 - 08:14 PM

Hello. first Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Have you run a search to see if it returns any related files?

Edited by boopme, 19 September 2009 - 08:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 20 September 2009 - 12:09 PM

I did as you said.
Revo found total of nine items in registry and thruought entire pc.
All were removed
Malvarebytes shows no infections after a quick scan.However,on search for files and folders with internet connections, my home page,which is yahoo,appeared with the tab with the question:A program on your computer suggests change of home page?? It was from yahoo...something...to something...yahoo..I didnt write it down.I tried to delete it but info tab said that file does not exist,do I want to create it?No of course
Now I remember that about 5 days ago MBAM found one trojan agent and removed it.and Superantispyware found two Trojan agents with 11 items infected.One of them was browser hijacker-I remember that clearly.
Everything was removed.
My browser is Internet explorer
What do you suggest?
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 AM

Posted 20 September 2009 - 03:33 PM

SINO
Let's run System INvestigator by Olrik

Please download SINO by Artellos from here
  • Save SINO to a place you can remember and run SINO.exe.
  • Then please check the following checkboxes:

    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Ipconfig
    Ping
    Netstat
    Hosts file
    Shares
    Routing Table


  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad file will pop up, Please copy and paste the content of the notepad into your next reply.
Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.


Now run part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 22 September 2009 - 09:23 AM

Hello,
sorry for the delay.These is Sino log.Smith fraud wont do the scan
System Investigator by Olrik
Log Created On: 2000_21-09-2009
SINO Version: 2.4.8.9

Total RAM: 893 MB | Free RAM: 135 MB | Pagefile Size: 1193 MB
C: | 64227 MB out of 101498 MB Free | Local Fixed Disk
D: | 6169 MB out of 10239 MB Free | Local Fixed Disk
E: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: USER1-PC
Username: user1
Language Setting: SRL
Windows Directory: C:\Windows
Windows Version: Windows Vista Service Pack 2
UAC Status: On

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 432
[C:\Windows\system32\csrss.exe] - Process ID: 492
[C:\Windows\system32\wininit.exe] - Process ID: 552
[C:\Windows\system32\csrss.exe] - Process ID: 564
[C:\Windows\system32\winlogon.exe] - Process ID: 616
[C:\Windows\system32\services.exe] - Process ID: 644
[C:\Windows\system32\lsass.exe] - Process ID: 696
[C:\Windows\system32\lsm.exe] - Process ID: 704
[C:\Windows\system32\svchost.exe] - Process ID: 892
[C:\Windows\system32\svchost.exe] - Process ID: 952
[C:\Windows\System32\svchost.exe] - Process ID: 1004
[C:\Windows\system32\Ati2evxx.exe] - Process ID: 1076
[C:\Windows\System32\svchost.exe] - Process ID: 1088
[C:\Windows\System32\svchost.exe] - Process ID: 1128
[C:\Windows\system32\svchost.exe] - Process ID: 1148
[audiodg.exe] - Process ID: 1280
[C:\Windows\system32\svchost.exe] - Process ID: 1312
[C:\Windows\system32\SLsvc.exe] - Process ID: 1328
[C:\Windows\system32\svchost.exe] - Process ID: 1376
[C:\Windows\system32\Ati2evxx.exe] - Process ID: 1468
[C:\Windows\system32\svchost.exe] - Process ID: 1588
[C:\Windows\system32\taskeng.exe] - Process ID: 1968
[C:\Windows\system32\Dwm.exe] - Process ID: 1976
[C:\Windows\System32\spoolsv.exe] - Process ID: 2028
[C:\Windows\system32\svchost.exe] - Process ID: 188
[C:\Windows\Explorer.EXE] - Process ID: 348
[C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe] - Process ID: 1572
[C:\Windows\system32\svchost.exe] - Process ID: 1608
[C:\Windows\system32\svchost.exe] - Process ID: 1924
[C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe] - Process ID: 1860
[C:\PROGRA~1\AVG\AVG8\avgrsx.exe] - Process ID: 2224
[C:\PROGRA~1\AVG\AVG8\avgnsx.exe] - Process ID: 2268
[C:\Program Files\Dell Support Center\bin\sprtsvc.exe] - Process ID: 2448
[C:\Windows\system32\STacSV.exe] - Process ID: 2476
[C:\Windows\system32\svchost.exe] - Process ID: 2524
[C:\Windows\System32\svchost.exe] - Process ID: 2556
[C:\Windows\system32\SearchIndexer.exe] - Process ID: 2644
[C:\Windows\system32\DRIVERS\xaudio.exe] - Process ID: 2820
[C:\PROGRA~1\AVG\AVG8\avgemc.exe] - Process ID: 2872
[C:\Program Files\AVG\AVG8\avgcsrvx.exe] - Process ID: 3060
[C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe] - Process ID: 3220
[C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] - Process ID: 3588
[C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe] - Process ID: 3628
[C:\Windows\System32\WLTRAY.EXE] - Process ID: 3652
[C:\Program Files\AVG\AVG8\avgtray.exe] - Process ID: 3700
[C:\Program Files\Dell Support Center\bin\sprtcmd.exe] - Process ID: 3708
[C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe] - Process ID: 3748
[C:\Program Files\Digital Line Detect\DLG.exe] - Process ID: 3756
[C:\Program Files\Dell\QuickSet\quickset.exe] - Process ID: 3764
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 3948
[C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe] - Process ID: 500
[C:\Program Files\HSDPA USB MODEM\USB Modem.exe] - Process ID: 1456
[C:\Program Files\Windows Media Player\wmpnscfg.exe] - Process ID: 1240
[C:\Program Files\Windows Media Player\wmpnetwk.exe] - Process ID: 1736
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 2328
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 4112
[C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe] - Process ID: 4376
[C:\Windows\system32\taskeng.exe] - Process ID: 4708
[C:\Windows\system32\wuauclt.exe] - Process ID: 4900
[C:\Users\user1\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 5168
[C:\Windows\system32\taskeng.exe] - Process ID: 6028
[C:\Windows\system32\wbem\WmiApSrv.exe] - Process ID: 1596
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 3840

<<<< Startup Items >>>>

[Sidebar] - <HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
[WindowsWelcomeCenter] - <HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - rundll32.exe oobefldr.dll,ShowWelcomeCenter
[Sidebar] - <HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
[WindowsWelcomeCenter] - <HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - rundll32.exe oobefldr.dll,ShowWelcomeCenter
[Bluetooth] - <Common Startup> - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
[Digital Line Detect] - <Common Startup> - C:\PROGRA~1\DIGITA~1\DLG.exe
[QuickSet] - <Common Startup> - C:\PROGRA~1\Dell\QuickSet\quickset.exe
[Windows Defender] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SynTPEnh] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[DELL Webcam Manager] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
[Broadcom Wireless Manager UI] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Windows\system32\WLTRAY.exe
[AVG8_TRAY] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\PROGRA~1\AVG\AVG8\avgtray.exe
[dellsupportcenter] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Background Intelligent Transfer Service (BITS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Bluetooth Support Service (BthServ) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k bthsvcs
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Windows Event Log (Eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
InstallDriver Table Manager (IDriverT) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Netlogon (Netlogon) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Smart Card (SCardSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Terminal Services (TermService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
WebClient (WebClient) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Application Experience (AeLookupSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Information (Appinfo) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Ati External Event Utility (Ati External Event Utility) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\Ati2evxx.exe
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
AVG Free8 E-mail Scanner (avg8emc) - Running [Auto | Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgemc.exe
AVG Free8 WatchDog (avg8wd) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
BLFDX (BLFDX) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Users\user1\AppData\Local\Temp\BLFDX.exe
Certificate Propagation (CertPropSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
DFS Replication (DFSR) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\DFSR.exe
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
DSBrokerService (DSBrokerService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\DellSupport\brkrsvc.exe"
Extensible Authentication Protocol (EapHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Media Center Service Launcher (ehstart) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ReadyBoost (EMDMgmt) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Function Discovery Provider Host (fdPHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Resource Publication (FDResPub) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k GPSvcGroup
Human Interface Device Access (hidserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
IWYHZF (IWYHZF) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Users\user1\AppData\Local\Temp\IWYHZF.exe
CNG Key Isolation (KeyIso) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
KtmRm for Distributed Transaction Coordinator (KtmRm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
McAfee Real-time Scanner (McShield) - Stopped [Auto | Not_Stoppable | Not_Pausable] - None
McAfee SystemGuards (McSysmon) - Stopped [Auto | Not_Stoppable | Not_Pausable] - None
Windows Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Microsoft iSCSI Initiator Service (MSiSCSI) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network List Service (netprofm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Peer Networking Identity Manager (p2pimsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Program Compatibility Assistant Service (PcaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Name Resolution Protocol (PNRPsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
RoxMediaDB9 (RoxMediaDB9) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
Roxio Hard Drive Watcher 9 (RoxWatch9) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
Smart Card Removal Policy (SCPolicySvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Terminal Services Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Software Licensing (slsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SLsvc.exe
SL UI Notification Service (SLUINotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SNMP Trap (SNMPTRAP) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
Secure Socket Tunneling Protocol Service (SstpSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SigmaTel Audio Service (STacSV) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\STacSV.exe
stllssvr (stllssvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Tablet PC Input Service (TabletInputService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
TPM Base Services (TBS) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic Service Host (WdiServiceHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k wdisvc
Diagnostic System Host (WdiSystemHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Event Collector (Wecsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Error Reporting Service (WerSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Remote Management (WS-Management) (WinRM) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
WLAN AutoConfig (Wlansvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
WMI Performance Adapter (wmiApSrv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe
Parental Controls (WPCSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
XAudioService (XAudioService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\DRIVERS\xaudio.exe

<<<< bcdedit >>>>


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx OptOut

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : user1-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1D-D9-E6-61-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1D-D9-56-54-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-9E-AE-58
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{02579E02-87F7-4985-BB99-C6F3FE5962B1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9116AF60-3DCF-4D31-BC89-4786B9D3115B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3AA23776-E67A-45E2-A54E-77288CDAF35F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


<<<< Pinging >>>>

Pinging to www.opendns.com
There was a problem executing a ping to www.opendns.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

OpenDNS IP Test
Pinging to 208.67.222.222 [208.67.222.222]:

Response - None
Response - None
Response - None
Response - None

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

Pinging to www.youtube.com
There was a problem executing a ping to www.youtube.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

YouTube IP Test
Pinging to 208.117.236.69 [208.117.236.69]:

Response - None
Response - None
Response - None
Response - None

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Can not obtain ownership information
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

Can not obtain ownership information
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
[services.exe]
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING
[avgnsx.exe]
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
[avgemc.exe]
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING
[avgnsx.exe]
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING
[avgnsx.exe]
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information
TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
[lsass.exe]
TCP [::]:49156 [::]:0 LISTENING
[services.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:50741 *:*
[iexplore.exe]
UDP 127.0.0.1:54430 *:*
[iexplore.exe]
UDP 127.0.0.1:58835 *:*
SSDPSRV
[svchost.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:58834 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::ffff:ffff:fffe%8]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::28d1:fe96:5c9e:994b%12]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::6875:2169:4cab:4caf%9]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::8134:1358:65ba:5211%10]:1900 *:*
SSDPSRV
[svchost.exe]

<<<< Routing Table >>>>

===========================================================================
Interface List
12 ...00 1d d9 e6 61 64 ...... Bluetooth Device (Personal Area Network)
10 ...00 1d d9 56 54 e9 ...... Dell Wireless 1390 WLAN Mini-Card
9 ...00 1c 23 9e ae 58 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.{02579E02-87F7-4985-BB99-C6F3FE5962B1}
19 ...00 00 00 00 00 00 00 e0 isatap.{9116AF60-3DCF-4D31-BC89-4786B9D3115B}
17 ...00 00 00 00 00 00 00 e0 isatap.{3AA23776-E67A-45E2-A54E-77288CDAF35F}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

<<<< Hosts File >>>>

The HOSTS file is 1102 Bytes in size.






<<<< Active Shares >>>>

Share: ADMIN$ - Path: C:\Windows
Share: C$ - Path: C:\
Share: D$ - Path: D:\
Share: F$ - Path: F:\
Share: IPC$ - Path:


END OF LOG FILE, Date of Completion: 2000_21-09-2009 ----------
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#8 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 22 September 2009 - 11:44 AM

This time I run Smithfraud as administrator and was ok.This is the log
SmitFraudFix v2.424

Scan done at 18:36:49,95, uto 22.09.2009
Run from C:\Users\user1\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\user1


C:\Users\user1\AppData\Local\Temp


C:\Users\user1\Application Data


Start Menu


C:\Users\user1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{02579E02-87F7-4985-BB99-C6F3FE5962B1}: NameServer=195.66.160.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{02579E02-87F7-4985-BB99-C6F3FE5962B1}: NameServer=195.66.160.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{02579E02-87F7-4985-BB99-C6F3FE5962B1}: NameServer=195.66.160.1


Scanning for wininet.dll infection


End
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#9 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 24 September 2009 - 05:50 AM

Did I say something wrong?
Nobody is answering... :thumbsup:
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#10 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 03 October 2009 - 01:02 AM

Hello.
I realized that all of you are quite busy helping others with greater problems than mine,and Ive decided to run Smith Fraud ,as administrator,not in safe mode.
That was a mistake.
Afterwards I found that Smithfraud fix did some damage on my pc.First,my home page,Yahoo,was eliminated and msn established as new one?Than remote connection were allowed??My desktop screen were reduced,about 4 cm on both sides were black?When Ive seen that my heart skipped a bit!I thought for a second BSOD!
My first thought was to run a System restore,and I did.To my unpleasant surprise a info tab displayed-System Restore didnt complete successfully:Un unspecified error occured.-
To make long story short:I managed to fix all but System restore.Still doesnt work.I uninstaled SmithFraud fix and Sino beta.
I take complete responsibility.Bussiness impact were minimal.
AVG,MBAM and Syperantispyware shows no infections.My pc is litle bit slower than usual,but otherwise is ok.And System Restore doesnt work.
Any idea how to put back in function System restore?
Thank you.
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 AM

Posted 03 October 2009 - 07:30 PM

Hello, sorry I lost you. Didn't get Email notification. Do you have an install CD?
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 04 October 2009 - 08:25 AM

Hi,
Thank you for your answer.It will be nice if you tell me did you see any infections in the logs Ive posted before.And I need to know what for are the steps I need to performe?Is it for the infections you found in the Smithfraud fix log and Sino log,or is it for the System restore that doesnt work?
Also.when I went to Microsoft update to check my updates,an info displayed that I must be logged as Administrator.Error #was 0x7DDD70002.
Another strange thing.Ther are four groups of administrators in my pc,even Im the only one who uses my pc?When I tried to remove some,a tab appeared with info that Im in about to perform an operation which may make my pc unstable???And the question am I sure that I want to proceed?Ive stopped because I dont know what is it.
I apologize for so meny problems Im giving,but it is possible that all is related and it will be easier for you to if you have more data.
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#13 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 04 October 2009 - 10:58 AM

Hi,
I apologize for the wrong error # Ive written.The correct error# is 0x8DDD0002.Maybe it is related to the way Im receiving Microsoft update.which is notification.So far Im receiving updates from Microsoft regulary and I update without problems.Only when I go to Microsoft update I receive the error# 0x8DDD0002.
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 AM

Posted 05 October 2009 - 07:50 PM

See if the methods from MSFT here straighten that out. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 akuigla

akuigla
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montenegro
  • Local time:03:46 AM

Posted 06 October 2009 - 01:26 PM

Hi,
I tried but didnt work.Maybe because my pc runs on vista,not on xp.If you have time please look at my logs posted before and tell me if there were any infections.
If you give a fish to a hungry man,you have feed him for one day.If you teach a man how to fish,you have feed him for the whole life!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users