Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with redirect virus, please


  • This topic is locked This topic is locked
43 replies to this topic

#1 sfbrown

sfbrown

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 17 December 2011 - 10:08 PM

Having now read the headings on this forum, I find that I have already violated one of the guidelines; I regret that, and hope that it will not create problems in locating assistance.

Apparently I have contracted the redirect virus. I noticed it a day or so ago, and immediately ran SuperAntiSpyware; cleaned a lot of things, but didn't resolve the problem. So I tried a Symantics scan - same result. Eventually, I found that the network adapter had been compromised -- I cannot get online with either LAN or wireless. The system shows a connection, but cannot find web pages.

Decided to check online (a different computer) and found your site. I noticed that in several cases people were advised to download and run Combofix; this, of course is where I fouled up. I downloaded and ran the program (several times); used a flash drive to move the program from the good computer to the infected machine.

While I realize that I have 'jumped the gun' by running Combofix too soon, I am hopeful that there may be some sort of solution. The log I received from the most recent scan is printed below. BTW -- I did disable Symantics before running the scan -- Combofix did not recognize that it was disabled, and I just ran it anyway.

Thanks so much for any possible help.


Steve Brown


ComboFix 11-12-17.02 - sbrown10 12/17/2011 19:52:44.5.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3024.2232 [GMT -6:00]
Running from: c:\users\sbrown10\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\User\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\techadmin\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\tcrisp\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\mconley\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\Default.bak\AppData\Local\temp
2011-12-18 01:58 . 2011-12-18 01:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-17 19:47 . 2011-12-18 01:58 -------- d-----w- c:\users\sbrown10\AppData\Local\temp
2011-12-17 19:37 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 05:43 . 2011-12-16 05:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-14 01:03 . 2011-12-14 01:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 05:38 . 2011-12-11 05:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-11 05:38 . 2011-12-11 05:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-11 05:38 . 2011-12-11 05:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-11 05:38 . 2011-12-11 05:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 04:52 . 2011-12-11 04:52 -------- d-----w- c:\users\sbrown10\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 04:52 . 2011-12-17 15:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 04:52 . 2011-12-11 04:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-24 02:19 . 2011-11-24 02:19 -------- d-----w- c:\program files\Pinnacle
2011-11-24 02:18 . 2003-11-11 00:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-24 02:17 . 2003-11-11 00:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-24 02:17 . 2003-11-11 00:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-24 02:17 . 2003-11-11 00:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-24 02:17 . 2003-11-11 00:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-24 02:17 . 2011-11-24 02:18 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-24 02:17 . 2011-11-24 02:17 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-17 05:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-10-07 2429]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-04-02 115624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
c:\users\sbrown10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2011-3-18 1543624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Notify.lnk - c:\novell\GroupWise\notify.exe [2010-1-7 212992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-13226\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-15959\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-23347\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-25738\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-09-11 18:36 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 2X SSO Service;2X SSO Service;c:\program files\2X\Client\\TUXCredProv.exe [2011-03-19 657864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-07 106104]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 14:31]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://meridian.msstate.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXPopup.cab
DPF: {B9D9D0B5-EE16-4EB2-8CF3-DB96EBD31488} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXWebSelect.cab
FF - ProfilePath - c:\users\sbrown10\AppData\Roaming\Mozilla\Firefox\Profiles\9nowpyk6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.meridian.msstate.edu
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-17 19:59:37
ComboFix-quarantined-files.txt 2011-12-18 01:59
ComboFix2.txt 2011-12-17 21:02
ComboFix3.txt 2011-12-17 20:38
ComboFix4.txt 2011-12-17 20:04
ComboFix5.txt 2011-12-18 01:51
.
Pre-Run: 126,925,750,272 bytes free
Post-Run: 126,864,539,648 bytes free
.
- - End Of File - - 89F4C3D013640AAAEE541404110DDBF3

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 18 December 2011 - 06:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 18 December 2011 - 08:32 PM

Gringo,

Thanks so very much for your assistance. Please find pasted below (in this order): DDS.txt; Attach;txt; and Report.txt (log from the RKUnhooker).

You asked also about problems I had experienced. This issue became apparent on the computer only about three days ago. Search engines (I use primarily Yahoo) were redirecting my requests to odd pages. At times, new tabs were being opened as well -- these would also move to pages that were not what had been requested.

Shortly thereafter, I noticed that the network adapter was no longer working; I tried both wireless and LAN, both were unable to navigate to any site, although the computer indicated that a connection was active.

It was at this point that I ran the malware detection programs that I normally use, with no effect. And, as I mentioned in my initial post, I tried to use the Combofix, after a cursory reading of some of the other suggestions on the site. I realize now, of course that this was premature.

That's pretty much the state of things now. Once again, I am indebted for any help. Here are the logs:


(DDS.txt)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by sbrown10 at 19:17:20 on 2011-12-18
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3024.2133 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\2X\Client\TUXCredProv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\2X\Client\APPServerClient.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://meridian.msstate.edu/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\sbrown10\appdata\roaming\micros~1\windows\startm~1\programs\startup\2xclie~1.lnk - c:\program files\2x\client\APPServerClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\notify.lnk - c:\novell\groupwise\notify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXPopup.cab
DPF: {B9D9D0B5-EE16-4EB2-8CF3-DB96EBD31488} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXWebSelect.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{24C88266-D7CF-4543-831F-9ACF14C9956C} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{24C88266-D7CF-4543-831F-9ACF14C9956C}\1445C4D275946494 : DhcpNameServer = 172.16.48.1 205.152.37.23 205.152.144.23 205.152.132.23
TCP: Interfaces\{24C88266-D7CF-4543-831F-9ACF14C9956C}\751647B696E637D275962756C6563737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sbrown10\appdata\roaming\mozilla\firefox\profiles\9nowpyk6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.meridian.msstate.edu
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 2X SSO Service;2X SSO Service;c:\program files\2x\client\TUXCredProv.exe [2011-3-18 657864]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-10 106104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 ntrigserv;ntrigserv;c:\program files\n-trig\n-trig software bundle\srvany.exe [2010-9-14 13312]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-4-1 1839888]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\drivers\NtrigDigitizerUSBLowerFilter.sys [2010-9-14 5632]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
.
=============== Created Last 30 ================
.
2011-12-18 01:59:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-17 19:47:48 -------- d-----w- c:\users\sbrown10\appdata\local\temp
2011-12-17 19:37:21 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-17 18:59:43 98816 ----a-w- c:\windows\sed.exe
2011-12-17 18:59:43 518144 ----a-w- c:\windows\SWREG.exe
2011-12-17 18:59:43 256000 ----a-w- c:\windows\PEV.exe
2011-12-17 18:59:43 208896 ----a-w- c:\windows\MBR.exe
2011-12-16 05:43:48 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-12-14 01:03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 05:38:55 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-11 05:38:40 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2011-12-11 05:38:28 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2011-12-11 05:38:19 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-11 04:52:55 -------- d-----w- c:\users\sbrown10\appdata\roaming\SUPERAntiSpyware.com
2011-12-11 04:52:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-11 04:52:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-24 02:19:00 -------- d-----w- c:\program files\Pinnacle
2011-11-24 02:18:59 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-11-24 02:17:23 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-11-24 02:17:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-11-24 02:17:23 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-11-24 02:17:22 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-11-24 02:17:21 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-11-24 02:17:21 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
.
==================== Find3M ====================
.
.
============= FINISH: 19:17:50.03 ===============




(Attach.txt)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 9/10/2010 4:22:20 PM
System Uptime: 12/18/2011 7:10:07 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M373P
Processor: Intel® Core™2 Duo CPU U9600 @ 1.60GHz | Microprocessor | 1601/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 118.207 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 10/31/2011 8:06:50 AM - Installed Comcast Desktop Software (v1.2.1)
RP53: 11/3/2011 7:39:53 AM - Removed Comcast Desktop Software (v1.2.1)
RP54: 11/23/2011 9:54:35 AM - Scheduled Checkpoint
RP56: 11/23/2011 8:19:11 PM - Installed Pinnacle USB device drivers
RP57: 11/23/2011 8:19:53 PM - Device Driver Package Install: Pinnacle Systems Sound, video and game controllers
RP58: 12/16/2011 11:30:45 PM - Windows Modules Installer
RP59: 12/17/2011 7:30:50 AM - Restore Operation
.
==== Installed Programs ======================
.
.
2X Client
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Software Update
BioAPI Framework
Boingo Wi-Fi
CA Pest Patrol Realtime Protection
Core FTP Lite 1.3b
Dell ControlVault Host Components Installer
Dell Driver Download Manager
Dell Security Device Driver Pack
Dell Touchpad
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
Google Earth
Google Update Helper
GroupWise
Java Auto Updater
Java™ 6 Update 24
LiveUpdate 3.3 (Symantec Corporation)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
N-trig DuoSense Multi-touch package for Windows 7
PowerDVD DX
QuickTime
Rhapsody
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Skype Toolbars
Skype™ 5.3
SUPERAntiSpyware
Symantec Endpoint Protection
Texas Instruments TUSB3410 drivers.
TUSB3410
UPEK TouchChip Fingerprint Reader
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows NT Messaging
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 7:16:53 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
12/18/2011 7:16:53 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
12/18/2011 7:16:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.
12/18/2011 7:16:51 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/18/2011 7:12:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}
12/18/2011 7:10:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/18/2011 7:10:40 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/18/2011 7:10:39 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/18/2011 7:10:39 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/18/2011 7:10:39 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ESUAD due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/18/2011 7:10:36 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
12/18/2011 7:09:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:09:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
12/18/2011 7:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/18/2011 7:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/18/2011 7:09:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/18/2011 7:09:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/18/2011 7:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2011 7:09:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/18/2011 7:08:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX vwififlt Wanarpv6 WfpLwf
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:57 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 7:08:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:08:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:08:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 7:04:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user ESUAD\sbrown10 SID (S-1-5-21-2656419486-2547868452-1258724827-15959) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/17/2011 7:58:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/17/2011 2:29:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}
12/17/2011 12:17:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache eeCtrl SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX Wanarpv6
12/17/2011 1:40:02 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/16/2011 9:51:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf
12/16/2011 9:51:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/15/2011 10:58:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================



(Report.txt -RKUnhooker log)

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9963A000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9568256 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x83209000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x83209000 PnpManager 4259840 bytes
0x83209000 RAW 4259840 bytes
0x83209000 WMIxWDM 4259840 bytes
0x9A033000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2519040 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x82530000 Win32k 2404352 bytes
0x82530000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90066000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111216.017\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x8B837000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B488000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x97F40000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B68C000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8B105000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9E235000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x94ED1000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B032000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B22C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB4026000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x97E95000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x97E0D000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8B618000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x98272000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9E353000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9891D000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9E304000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9001B000 C:\Windows\System32\Drivers\SRTSP.SYS 307200 bytes (Symantec Corporation, Symantec AutoProtect)
0x9881B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B36D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B2AB000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x94E5F000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x988C8000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B0C3000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x98399000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B9BA000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B743000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x94F92000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x99F5A000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x99F93000 C:\Windows\system32\DRIVERS\e1y6032.sys 233472 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 6 deserialized driver)
0x83619000 ACPI_HAL 225280 bytes
0x83619000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B43A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x98894000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B7C9000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x982D7000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B980000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9896D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B3CD000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8B808000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9A2A4000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x9A301000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8B5B7000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xB40B0000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B304000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B400000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B781000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8B000000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8B1B0000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x94F6F000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9A3A8000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98371000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9E2D6000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x97F1F000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x98213000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x94E2E000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x98875000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x98310000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82440000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x97E6B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x99600000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x94FCD000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B1D3000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x94F56000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9899C000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9A2D0000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x97EF9000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9A2E9000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9A385000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9A3CA000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9A3E2000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9A000000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x98800000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B200000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x901E6000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111216.017\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x99FD7000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B5E2000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x94EB5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9834E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9A373000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9A354000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8B600000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x989E0000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B46E000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9890C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B339000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B0AA000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9832F000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x94E4F000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B7B1000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x94EA5000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x98361000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B35D000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x98866000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x97F11000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x98340000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x98264000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B3BF000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B675000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9A023000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B29D000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9A366000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x989BF000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9A33A000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9A32D000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E2F7000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x98234000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9962C000 C:\Windows\System32\Drivers\cvusbdrv.sys 49152 bytes (Broadcom Corporation, Broadcom Credential Vault USB Driver)
0x97E89000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8B025000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B352000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x989CC000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x989F1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x99621000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x98259000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9A39D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B7A6000 C:\Windows\system32\DRIVERS\PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0x982CC000 C:\Windows\system32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x99FCC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B32E000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x989B5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x983E4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x983DA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9A017000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9E2CC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90000000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x9A29A000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B21F000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xB4090000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B216000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB40E1000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x989D7000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8B683000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8B47F000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x82790000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B9B1000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x94EC8000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x99FEA000 C:\Windows\system32\DRIVERS\WinUSB.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x9A34B000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B2F3000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B0BB000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B34A000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B7C1000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B96000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B2FC000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x98241000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x98249000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x98251000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B800000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90011000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9A3F9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB40DA000 C:\Users\sbrown10\AppData\Local\Temp\mbr.sys 28672 bytes
0x9000A000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B3B8000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x98309000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x98393000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9A347000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9A021000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9A031000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 18 December 2011 - 08:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 18 December 2011 - 11:05 PM

Thanks again.

No new problems -- computer seems to be working well, except that I now cannot locate any wireless networks; the adapter indicates that there are no networks available. I'm in the same room with the router.

Decided not to attempt any further repairs until I hear from you.


Thanks.

ComboFix 11-12-17.02 - sbrown10 12/18/2011 21:46:55.6.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3024.2199 [GMT -6:00]
Running from: c:\users\sbrown10\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\User\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\techadmin\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\tcrisp\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\mconley\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\Default.bak\AppData\Local\temp
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-17 19:47 . 2011-12-19 03:52 -------- d-----w- c:\users\sbrown10\AppData\Local\temp
2011-12-17 19:37 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 05:43 . 2011-12-16 05:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-14 01:03 . 2011-12-14 01:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 05:38 . 2011-12-11 05:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-11 05:38 . 2011-12-11 05:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-11 05:38 . 2011-12-11 05:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-11 05:38 . 2011-12-11 05:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 04:52 . 2011-12-11 04:52 -------- d-----w- c:\users\sbrown10\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 04:52 . 2011-12-17 15:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 04:52 . 2011-12-11 04:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-24 02:19 . 2011-11-24 02:19 -------- d-----w- c:\program files\Pinnacle
2011-11-24 02:18 . 2003-11-11 00:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-24 02:17 . 2003-11-11 00:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-24 02:17 . 2003-11-11 00:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-24 02:17 . 2003-11-11 00:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-24 02:17 . 2003-11-11 00:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-24 02:17 . 2011-11-24 02:18 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-24 02:17 . 2011-11-24 02:17 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-17 05:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-10-07 2429]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-04-02 115624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
c:\users\sbrown10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2011-3-18 1543624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Notify.lnk - c:\novell\GroupWise\notify.exe [2010-1-7 212992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-13226\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-15959\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-23347\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2656419486-2547868452-1258724827-25738\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-09-11 18:36 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 2X SSO Service;2X SSO Service;c:\program files\2X\Client\\TUXCredProv.exe [2011-03-19 657864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-07 106104]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 14:31]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://meridian.msstate.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXPopup.cab
DPF: {B9D9D0B5-EE16-4EB2-8CF3-DB96EBD31488} - hxxps://esuobweb.emporia.edu/obweb/activex/OBXWebSelect.cab
FF - ProfilePath - c:\users\sbrown10\AppData\Roaming\Mozilla\Firefox\Profiles\9nowpyk6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.meridian.msstate.edu
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 21:54:08
ComboFix-quarantined-files.txt 2011-12-19 03:54
ComboFix2.txt 2011-12-18 01:59
ComboFix3.txt 2011-12-17 21:02
ComboFix4.txt 2011-12-17 20:38
ComboFix5.txt 2011-12-19 03:46
.
Pre-Run: 126,899,425,280 bytes free
Post-Run: 126,837,694,464 bytes free
.
- - End Of File - - AECFAEFE79493B85C31F8001A750B537

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 18 December 2011 - 11:39 PM

Hello


restart the computer check for wireless

if not working go into device manager and uninstall the wireless controler and reboot computer and let it get reinstalled


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 19 December 2011 - 12:17 AM

Got it -- thanks! The reboot allowed the computer to recognize the adapter.

However, the primary problem remains -- adapter shows that there is a connection (indicates 'limited' connection), but will not connect with any page or address; get the standard message that server at 'so-and-so' cannot be found. This holds true for multiple sites and two different browsers.


Thanks,
sfb

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 19 December 2011 - 12:43 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 19 December 2011 - 07:59 PM

Sorry to have taken so long in reply. Here is the FSS log:


Farbar Service Scanner
Ran by sbrown10 (administrator) on 19-12-2011 at 07:58:26
Microsoft Windows 7 Enterprise (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-08-10 15:11] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9


Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 20 December 2011 - 12:26 AM

Hello

I need you to go here - http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/ and download seven.zip

Open seven.zip and double click on tdx.reg

when asked to merge allow it

restart the computer and check internet

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 20 December 2011 - 07:50 AM

Did this, restarted computer -- no change; still no connection.

May or may not be significant - when opening seven.zip, I was given the usual warnings about dangers of making changes to registry, etc., but never saw the term 'merge' used at all. Again, maybe not a big issue.

Thanks.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 20 December 2011 - 07:59 AM

Hello


rerun Farbar Service Scanner for me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 20 December 2011 - 08:18 AM

Here is the result:


Farbar Service Scanner
Ran by sbrown10 (administrator) on 20-12-2011 at 07:16:51
Microsoft Windows 7 Enterprise (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-08-10 15:11] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9


Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 20 December 2011 - 01:24 PM

Hello


in the zip file I had you download is a file called LEGACY_tdx.reg I need you to merge this file also into the registry double click to run it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sfbrown

sfbrown
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 20 December 2011 - 01:29 PM

OK -- tried this Got the following error message:

"Cannot import C:\Users\sbrown10\appdata\local\temp\temp1_seven.zip\legacy_tdx.reg: Error accessing the Registry"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users