Jump to content

jimrex

Honorary Members
 View Profile  See their activity

  • Posts

    30

  • Joined

  • Last visited

 Content Type 

Everything posted by jimrex

  1. jimrex
    Hi. I noticed something interesting when you asked me to copy group order list. There is a reg just above that one called grou0 order list with almost the same items inside!!! Anyhow here is what you asked for Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList] "Base"=hex:13,00,00,00,0e,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\ 00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,\ 00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,\ 12,00,00,00,13,00,00,00 "Boot Bus Extender"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\ 00,00,05,00,00,00 "Extended Base"=hex:0d,00,00,00,01,00,00,00,02,00,00,00,04,00,00,00,0b,00,00,\ 00,05,00,00,00,0a,00,00,00,08,00,00,00,06,00,00,00,07,00,00,00,09,00,00,00,\ 0c,00,00,00,0d,00,00,00,0e,00,00,00 "Keyboard Class"=hex:01,00,00,00,01,00,00,00 "Keyboard Port"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,\ 00 "Ndis"=hex:0e,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\ 00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,00,0c,00,00,\ 00,0b,00,00,00,0e,00,00,00,0f,00,00,00 "Network"=hex:06,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,\ 00,00,00,06,00,00,00 "Parallel arbitrator"=hex:01,00,00,00,01,00,00,00 "PNP_TDI"=hex:09,00,00,00,05,00,00,00,01,00,00,00,02,00,00,00,07,00,00,00,04,\ 00,00,00,09,00,00,00,06,00,00,00,03,00,00,00,08,00,00,00 "Pointer Class"=hex:01,00,00,00,01,00,00,00 "Pointer Port"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00 "Primary Disk"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,\ 05,00,00,00 "SCSI CDROM Class"=hex:02,00,00,00,01,00,00,00,02,00,00,00 "SCSI Class"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "SCSI Miniport"=hex:40,00,00,00,00,01,00,00,01,01,00,00,19,00,00,00,01,00,00,\ 00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,\ 08,00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,\ 00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,\ 00,00,15,00,00,00,16,00,00,00,17,00,00,00,1a,00,00,00,18,00,00,00,1b,00,00,\ 00,1c,00,00,00,1d,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,23,00,00,00,\ 24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,29,00,00,00,2a,\ 00,00,00,2b,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,00,\ 00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,00,\ 00,37,00,00,00,38,00,00,00,39,00,00,00,3a,00,00,00,3b,00,00,00,3c,00,00,00,\ 3d,00,00,00,3e,00,00,00,3f,00,00,00,21,00,00,00 "SpoolerGroup"=hex:02,00,00,00,01,00,00,00,02,00,00,00 "System Bus Extender"=hex:0c,00,00,00,03,00,00,00,04,00,00,00,01,00,00,00,08,\ 00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,\ 00,00,05,00,00,00,06,00,00,00 "Video"=hex:02,00,00,00,02,00,00,00,01,00,00,00 "Video Init"=hex:01,00,00,00,01,00,00,00 "Video Save"=hex:01,00,00,00,01,00,00,00 "FSFilter Infrastructure"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Bottom"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Copy Protection"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Security Enhancer"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\ 00 "FSFilter Open File"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Physical Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,\ 03,00,00,00 "FSFilter Encryption"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Compression"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter HSM"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Cluster File System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,\ 00,00 "FSFilter System Recovery"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,\ 04,00,00,00 "FSFilter Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\ 00 "FSFilter Content Screener"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\ 00,04,00,00,00,05,00,00,00 "FSFilter Continuous Backup"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\ 00 "FSFilter Replication"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Anti-Virus"=hex:09,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,\ 00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00 "FSFilter Undelete"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "FSFilter Activity Monitor"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\ 00 "FSFilter Top"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00 "Filter"=hex:07,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\ 00,00,06,00,00,00,07,00,00,00 "PNP Filter"=hex:04,00,00,00,03,00,00,00,01,00,00,00,04,00,00,00,02,00,00,00 "Streams Drivers"=hex:01,00,00,00,01,00,00,00 "NetBIOSGroup"=hex:01,00,00,00,01,00,00,00
  2. jimrex
    Here it is Farbar Service Scanner Version: 08-05-2012 Ran by User (administrator) on 11-05-2012 at 02:43:01 Running from "C:\Documents and Settings\User\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Disabled. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returned error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) NetBT(6) PSched(7) Tcpip(4) 0x09000000050000000100000002000000070000000400000009000000060000000300000008000000 ATTENTION!=====> IpSec Tag value should be 5. ATTENTION!=====> IpSec Tag value is missing and it should be 5. **** End of log **** Should I get rid of all these programs once Iv'e run them?
  3. jimrex
    Hi, and thanks again Did what you asked, and here is the log. Still don't have IP address and cannot connect. Should I run this same scan again? ComboFix 12-05-10.02 - User 11/05/2012 1:44.1.2 - x86 Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi c:\documents and settings\User\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2 c:\documents and settings\User\Favorites\Thumbs.db c:\documents and settings\User\Local Settings\Temporary Internet Files\ab_1A1.tmp c:\documents and settings\User\Local Settings\Temporary Internet Files\ab_1A2.tmp c:\documents and settings\User\Local Settings\Temporary Internet Files\simpleadblock.msi c:\documents and settings\User\My Documents\~WRL0352.tmp c:\documents and settings\User\My Documents\~WRL2886.tmp c:\documents and settings\User\WINDOWS c:\windows\$NtUninstallKB60531$ c:\windows\$NtUninstallKB60531$\1000425851 c:\windows\$NtUninstallKB60531$\634767782\@ c:\windows\$NtUninstallKB60531$\634767782\cfg.ini c:\windows\$NtUninstallKB60531$\634767782\Desktop.ini c:\windows\$NtUninstallKB60531$\634767782\L\kmkgcnpi c:\windows\$NtUninstallKB60531$\634767782\oemid c:\windows\$NtUninstallKB60531$\634767782\U\00000001.@ c:\windows\$NtUninstallKB60531$\634767782\U\00000002.@ c:\windows\$NtUninstallKB60531$\634767782\U\00000004.@ c:\windows\$NtUninstallKB60531$\634767782\U\80000000.@ c:\windows\$NtUninstallKB60531$\634767782\U\80000004.@ c:\windows\$NtUninstallKB60531$\634767782\U\80000032.@ c:\windows\$NtUninstallKB60531$\634767782\version c:\windows\system32\dds_trash_log.cmd c:\windows\system32\Nagasoft c:\windows\system32\Nagasoft\Codecs\asyncflt.ax c:\windows\system32\Nagasoft\Codecs\atrc.dll c:\windows\system32\Nagasoft\Codecs\cook.dll c:\windows\system32\Nagasoft\Codecs\drvc.dll c:\windows\system32\Nagasoft\Codecs\raac.dll c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll c:\windows\system32\Nagasoft\GifShower.dll c:\windows\system32\Nagasoft\vjocx.dll c:\windows\system32\service c:\windows\system32\service\07032009_TIS17_SfFniAU.log c:\windows\system32\service\09022009_TIS17_SfFniAU.log c:\windows\system32\service\10022009_TIS17_SfFniAU.log c:\windows\system32\service\11032009_TIS17_SfFniAU.log c:\windows\system32\SET15B.tmp c:\windows\system32\SET15D.tmp c:\windows\system32\SET161.tmp c:\windows\system32\SET162.tmp c:\windows\system32\SET169.tmp c:\windows\system32\SET16B.tmp c:\windows\system32\SET1D6.tmp c:\windows\system32\SET1DD.tmp c:\windows\wc98pp.dll . c:\windows\system32\drivers\ipsec.sys was missing Restored copy from - c:\windows\system32\dllcache\ipsec.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_vvdsvc -------\Legacy_vvdsvc -------\Service_vvdsvc -------\Service_vvdsvc . . ((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 ))))))))))))))))))))))))))))))) . . 2012-05-10 16:03 . 2008-04-13 13:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys 2012-05-10 16:03 . 2008-04-13 13:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-05-08 23:11 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A709846-5FBE-44AA-8896-CD99F87233F5}\mpengine.dll 2012-05-08 12:57 . 2012-05-08 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun 2012-05-07 18:16 . 2012-04-13 07:36 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-05 13:21 . 2012-05-05 13:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\{4608863F-96B5-11E1-826D-B8AC6F996F26} 2012-05-05 11:42 . 2012-05-05 11:42 -------- d-----w- c:\documents and settings\User\Application Data\memoMiiO-HK 2012-05-05 11:40 . 2012-05-05 11:41 -------- d-----w- c:\program files\memoMiiO-HK 2012-04-28 09:58 . 2012-04-28 09:58 -------- d-----w- c:\program files\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 15:28 . 2011-05-30 04:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-09 15:27 . 2012-04-01 04:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-04 05:56 . 2011-05-23 13:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 10:44 . 2010-10-24 11:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 11:01 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2003-03-31 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2003-03-31 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll . [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2003-03-31 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2003-03-31 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\1226636\comctl32.dll [7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [7] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\86604\comctl32.dll [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2003-03-31 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2003-03-31 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2003-03-31 12:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll . [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2003-03-31 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll . [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2003-03-31 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll . [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2003-03-31 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2003-03-31 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll . [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2003-03-31 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "VTTimer"="VTTimer.exe" [2006-09-21 53248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-10 385024] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] . c:\documents and settings\User\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-4-27 27264496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-02-08 12:38 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= . R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/10/2010 7:59 PM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/04/2007 2:00 PM 12856] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [17/04/2007 2:00 PM 13408] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 PM 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1/04/2012 2:35 PM 253088] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [30/05/2011 3:27 PM 14592] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2010 12:11 PM 135664] S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2010 12:11 PM 135664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs S7oppilx . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:36] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-05-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03] . 2012-05-06 c:\windows\Tasks\UPDATER.job - c:\documents and settings\User\My Documents\UPDATER.exe [2011-05-30 04:31] . 2012-05-10 c:\windows\Tasks\User_Feed_Synchronization-{9D82F2A1-14C8-45C5-BD16-8ECA24E56CA0}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Grand Master Chess OnLine - c:\program files\Alawar\gmchess\Uninstall.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-11 02:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(1968) c:\windows\system32\WININET.dll c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\VTTimer.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-05-11 02:15:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-10 16:15 . Pre-Run: 11,472,457,728 bytes free Post-Run: 12,867,149,824 bytes free . - - End Of File - - 46783C8759CE68B3FCB716CFC13D537F
  4. jimrex
    Thank you for answering me. Hope this works out. Here is the info you were after . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 23:45:58 on 2012-05-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.554 [GMT 10:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\memoMiiO-HK\memoMiiO-HK.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac uSearch Page = hxxp://www.google.com uWindow Title = Microsoft Internet Explorer provided by OptusNet uSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AutorunsDisabled - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [VTTimer] VTTimer.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173184360781 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.freecricket.tv/plugins/freecricket.cab DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - hxxp://www.belairresort.com.au/virtual-tour/tours/cabs/svideo3.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{03781020-5ECC-48FF-B925-FED478BC9CDB} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-6 22168] R1 MpKsl7c7883cc;MpKsl7c7883cc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKsl7c7883cc.sys [2012-5-10 29904] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-10 47640] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408] RUnknown MpKslbf9d4c48;MpKslbf9d4c48; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253088] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?] S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [2011-5-30 14592] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-05-10 08:26:36 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKsl7c7883cc.sys 2012-05-09 15:46:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKslbf9d4c48.sys 2012-05-09 03:38:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\offreg.dll 2012-05-08 23:11:46 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\mpengine.dll 2012-05-07 18:16:05 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-05-05 13:22:57 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-05-05 13:21:57 -------- d-----w- c:\documents and settings\user\local settings\application data\{4608863F-96B5-11E1-826D-B8AC6F996F26} 2012-05-05 11:42:13 -------- d-----w- c:\documents and settings\user\application data\memoMiiO-HK 2012-05-05 11:40:50 -------- d-----w- c:\program files\memoMiiO-HK 2012-04-28 09:58:25 -------- d-----w- c:\program files\Dropbox . ==================== Find3M ==================== . 2012-05-09 15:28:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-09 15:27:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec . ============= FINISH: 23:48:37.32 ===============
  5. jimrex
    Hi I think that I am in big trouble. I recently found sirefef.ac and .ah through MSE which kept on finding them every 15 min. While malware found nothing. MSE recently updated itself and asked me to restart. Since then I cant get online. Modem working fine, however my comp cant get an IP address. If I try and repair, it says failed to query TCP/IP settings of the connections. I did a system restore and now MSE found sirefef.j and win32/karagany.I Any advice????
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.