Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet After Combofix


  • This topic is locked This topic is locked
3 replies to this topic

#1 blueskiestv

blueskiestv

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 June 2010 - 11:11 PM

After running combofix, I have lost my connection with the Internet.

Many of the network adaptors in device manager have errors and will not uninstall.

There are also duplicates of some of the devices.

I get registry errors when I try to update or reinstall the network drivers.

I'm on Vista. Any help will be appreciated.

Thanks

Below is the combofix logs:

ComboFix 10-05-31.02 - Vicki 06/06/2010 19:57:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.978 [GMT -5:00]
Running from: c:\users\Vicki\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Vb40032.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd


((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 01:20 . 2010-06-07 01:20 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2010-06-07 01:20 . 2010-06-07 01:20 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2010-06-07 01:17 . 2010-06-07 01:20 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Vicki Lea\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\QBDataServiceUser17\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\QBDataServiceUser17.HPlaptop\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Donna\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 01:17 . 2010-06-07 01:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-06 23:08 . 2010-02-05 21:17 3370400 ----a-w- c:\temp\ccsetup228.exe
2010-06-06 16:08 . 2010-06-06 16:08 -------- d-----w- c:\program files\Marvell
2010-06-06 16:08 . 2010-06-06 16:11 -------- d-----w- c:\users\Vicki\AppData\Roaming\TMP
2010-06-01 02:30 . 2010-06-01 02:30 -------- d-----w- c:\users\Vicki\AppData\Roaming\Malwarebytes
2010-06-01 02:29 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 02:29 . 2010-06-01 02:29 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 02:29 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 02:29 . 2010-06-06 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 22:57 . 2010-05-31 22:57 -------- d-----w- c:\users\Vicki\AppData\Roaming\SUPERAntiSpyware.com
2010-05-31 22:57 . 2010-05-31 22:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-31 22:56 . 2010-05-31 22:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-30 03:06 . 2010-05-30 03:06 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\CrashDumps
2010-05-26 15:18 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-15 12:53 . 2010-05-15 12:53 -------- d-----w- c:\users\Vicki\AppData\Local\tjnet
2010-05-12 14:29 . 2010-05-12 14:30 -------- d-----w- c:\users\Vicki\AppData\Roaming\mjusbsp
2010-05-11 23:24 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 01:18 . 2009-11-07 04:27 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-06 19:21 . 2009-11-13 21:09 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-06 19:21 . 2010-01-13 03:41 -------- d-----w- c:\users\Vicki\AppData\Roaming\Dropbox
2010-06-06 16:07 . 2008-06-23 15:20 -------- d-----w- c:\program files\HPQ
2010-06-06 05:19 . 2008-10-06 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 05:19 . 2008-07-26 05:13 -------- d-----w- c:\programdata\RingCentral
2010-06-05 23:31 . 2008-12-31 16:39 -------- d-----w- c:\program files\MioNet
2010-05-30 19:29 . 2010-05-30 19:29 8 --sh--r- c:\programdata\0AA75F7B15.sys
2010-05-26 05:29 . 2008-07-24 20:51 127424 ----a-w- c:\users\Vicki\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 02:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-26 02:26 . 2008-02-23 09:53 -------- d-----w- c:\programdata\Microsoft Help
2010-05-18 18:59 . 2008-07-26 03:38 -------- d-----w- c:\program files\Google
2010-05-17 18:23 . 2008-07-27 01:47 -------- d-----w- c:\users\Vicki\AppData\Roaming\Skype
2010-05-17 18:22 . 2008-07-27 01:56 -------- d-----w- c:\users\Vicki\AppData\Roaming\skypePM
2010-05-05 23:58 . 2010-05-05 23:58 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 23:57 . 2008-02-23 10:24 -------- d-----w- c:\program files\Java
2010-05-04 04:16 . 2009-07-14 02:26 -------- d-----w- c:\users\Vicki\AppData\Roaming\.oit
2010-04-27 17:58 . 2010-04-27 17:58 -------- d-----w- c:\program files\Citrix
2010-04-25 15:37 . 2009-11-13 21:09 248 --sh--r- c:\programdata\A79C58B0C5.sys
2010-04-24 03:23 . 2008-07-26 03:10 -------- d-----w- c:\program files\Common Files\Real
2010-04-24 03:23 . 2008-07-26 04:35 -------- d-----w- c:\program files\Real
2010-04-24 03:23 . 2010-04-24 03:23 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-24 03:22 . 2006-07-11 23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-21 00:03 . 2010-04-21 00:03 -------- d-----w- c:\users\Vicki\AppData\Roaming\Agilix
2010-04-20 23:45 . 2010-04-20 23:45 -------- d-----w- c:\program files\Common Files\Agilix
2010-04-20 23:45 . 2008-07-26 03:38 -------- d-----w- c:\program files\FranklinCovey
2010-04-20 23:43 . 2010-02-23 16:42 -------- d-----w- c:\programdata\Downloaded Installations
2010-04-14 16:12 . 2008-02-23 09:30 -------- d-----w- c:\program files\Microsoft Works
2010-04-12 22:29 . 2010-05-05 23:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 17:16 . 2010-03-29 16:56 186679 ----a-w- c:\windows\hpwins23.dat
2010-03-29 02:12 . 2008-10-17 20:55 306324296 ----a-w- C:\ACT2008Premium.zip
2010-03-28 19:27 . 2010-03-28 19:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-14 01:24 . 2008-07-25 01:41 244 ----a-w- c:\users\Vicki\AppData\Roaming\wklnhst.dat
2008-08-31 04:29 . 2008-08-31 04:29 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-03 06:16 . 2008-08-03 06:16 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-10-17 21:39 . 2008-10-17 21:39 56 --sha-r- c:\windows\System32\C5B0589CA7.sys
2008-10-17 21:42 . 2008-10-17 21:39 1890 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2008-06-11 32768]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"RCUI"="c:\progra~1\RINGCE~1\RINGCE~1\RCUI.exe" [2009-05-04 479232]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"cdloader"="c:\users\Vicki\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2009-10-02 82432]
"TSTimer"="c:\program files\Timeslips\TSTimer.exe" [2006-06-15 2429992]
"TranscodingService"="c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25626920]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2009-09-29 32768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-08-24 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-08-24 331776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-31 29744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]

c:\users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Vicki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sticky Notes.lnk]
path=c:\users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk
backup=c:\windows\pss\Sticky Notes.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R2 gupdate1c9d9011d09b560;Google Update Service (gupdate1c9d9011d09b560);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 133104]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\Vicki\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-31 29744]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 113680]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-02-22 1112560]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136]
S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2008-02-22 254320]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSvix86.sys [2010-05-28 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [2010-01-18 1310448]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [2008-06-10 139264]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [2009-01-28 351376]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [2006-06-15 705024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-29 3664384]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-07-01 1562096]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 15:27]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:11]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 04:11]

2008-12-12 c:\windows\Tasks\HPCeeScheduleForDonna.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-23 19:58]

2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{95FF96B9-9189-443D-8948-BA150DC61C17}.job
- c:\windows\system32\msfeedssync.exe [2010-04-04 04:54]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.tennesseetreasures.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=8953&affid=390-1
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
FF - ProfilePath - c:\users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\jha552z9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 20:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7100)
c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
c:\windows\system32\ieframe.dll
c:\program files\Pure Networks\Network Magic\nmspce2.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\msdtc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe
c:\windows\system32\msiexec.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Registry Mechanic\regmech.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-06-06 20:40:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 01:39
ComboFix2.txt 2010-06-06 04:22

Pre-Run: 64,013,565,952 bytes free
Post-Run: 63,623,217,152 bytes free

- - End Of File - - 81DFD4B2AD3717F5D9F6AB0DCE6205C5




BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 11 June 2010 - 02:04 PM

Greetings

I will see what I can do, but not makeing any promises

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\qoobox\ComboFix2.txt
  • click ok
  • copy and paste the report into this topic for me to review

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\ComboFix-quarantined-files.txt
  • click ok
  • copy and paste the report into this topic for me to review

let me have these two reports to start with

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 15 June 2010 - 04:42 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 AM

Posted 19 June 2010 - 10:44 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users