Oh my god, I just got my Internet Access back. This is momentous! I've been working on this for a day and a half.
Awaiting further instructions.
Oh my god, I just got my Internet Access back. This is momentous! I've been working on this for a day and a half.
Awaiting further instructions.
Hi,
What was it you did so that others can see what steps you took.
----------
Run a new scan with ComboFix and post that new log so we can see what we have still.
First of all, my internet access may be a bit shaky yet. Just now I had to renew my ip address again.
I tried about 50 different things over the last day and half. And then I unplugged my modem and waited for a couple of minutes and then plugged it back in and boom, I got access. But, I had unplugged my modem so that it would reset a couple times before and tried to renew the ip address and it didn't work. I did something that fixed things over the course of the many things I tried, but until I reset the modem, the fix help. So, sadly, I am unable to pinpoint the one thing that I did to get my access back. But something I did worked.
I can tell you that I even after downloading my drivers from the vendor site, I still had no audio and my drives were not recognized and i worked on that for quite a while. I ran a utility that was on my PC for years called Microsoft Fixit Center. When I ran that, it fixed my audio driver and the two CD drives. That's a microsoft free utility that you can download that will try to correct certain problems you are having.
Hi,
LOL!! Of course...reset the router hahahaha!! Sometimes the most obvious and easy fix is the one overlooked. Great Job!! :D
When you get a chance be sure to run a new scan with ComboFix and post the new log.
Well, trust me, it wasn't just resetting the modem, because I tried that a number of times. It was a combination of one of the other fixes I implemented and then resetting the modem that finally gave me my access back. The connection is working really well right now.
If I recall correctly, a Combofix "scan" does more than scan if it detects a problem. So, I'd like to figure out how to force a system backup so that I can restore in case Combofix decides to start deleting things again. So, I will create a restore point and then run Combofix and post. One thing I notice is that there are suspicious processes in my process list, but they are disabled and don't run. I'd like to delete the processes completely but not sure if I should. I say suspicious because there are no descriptions of the processes, they have seemingly random names and they have no dependencies. But like I said, they are set as manual and disabled.
Hi,
Ok I will wait for the ComboFix log. The infection you had on your system was the real deal and there is no telling what damage it may have done while running around in your computer. It seems like it has been neutralized but we may be dealing with the damage control now.
I did set a restore point this morning. Truthfully, I'm not sure if that's the same as a complete back-up or not. I hope that it is.
It does seem that the infection was neutralized. I don't see any of the symptoms that I saw before. There are still drivers that don't seem to be in place. There is software that doesn't work anymore. This infection in combination with the fix definitely left a trail of destruction. All of the essentials of the PC are working again, though. And I can always reload software that no longer works if I need to, so I'm in a much happier place now.
I will run the combofix tonight and post here even though it scares me to death to do it.
And once again, Jeff, thank you so much for your assistance through this process.
Mike
Hi,
Well it isn't a backup but at least we can get your system back to the same point it is in now.I'm not sure if that's the same as a complete back-up or not.
When you get the new ComboFix log post that.
You are more than welcomeAnd once again, Jeff, thank you so much for your assistance through this process.
Hi Jeff, I don't want you to think that I'm deathly afraid of Combofix, but I purchased an external harddrive and backed up my C drive before running it. So when you see Seagate and Memeo in the logs, that's what that it.
Also, I should note that when I ran combofix, a message popped up that said it was out of date and would run with reduced functionality.
A quick spot check seems to indicate that my basic PC functions are intact. The only thing I notice is that my Firewall won't start. I'm going to reboot the PC to see if that resolves it.
Here are the logs:
ComboFix 12-04-10.02 - Mike Hoover 04/17/2012 5:05.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.270 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
FW: Sunbelt Personal Firewall *Enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\fad.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
F:\Autorun.inf
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 09:12 . 2012-04-17 09:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Seagate
2012-04-17 01:48 . 2012-04-17 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2012-04-17 01:47 . 2012-04-17 09:13 -------- d-----w- c:\documents and settings\Mike Hoover\Application Data\Memeo
2012-04-17 01:47 . 2012-04-17 01:47 -------- d-----w- c:\documents and settings\Mike Hoover\Application Data\Seagate
2012-04-17 01:47 . 2012-04-17 01:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate
2012-04-17 01:45 . 2012-04-17 01:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2012-04-17 01:45 . 2012-04-17 01:47 -------- d-----w- c:\program files\Common Files\Memeo
2012-04-17 01:45 . 2012-04-17 01:46 -------- d-----w- c:\program files\Memeo
2012-04-17 01:45 . 2012-04-17 01:45 -------- d-----w- c:\documents and settings\Mike Hoover\Local Settings\Application Data\temp
2012-04-15 15:39 . 2012-04-15 15:39 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-15 12:15 . 2012-04-17 09:13 -------- d-----w- c:\windows\system32\CatRoot2
2012-04-15 12:03 . 2001-08-18 02:36 32256 ----a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-04-15 12:02 . 2008-04-13 18:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2012-04-15 12:02 . 2001-08-17 18:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-04-15 12:02 . 2001-08-17 16:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-04-15 12:02 . 2001-08-17 18:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-04-15 12:02 . 2001-08-17 17:28 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
2012-04-14 18:48 . 2012-04-15 12:38 -------- d-----w- C:\ERDNT
2012-04-14 17:34 . 2012-04-14 17:34 -------- d-----w- c:\program files\Broadcom
2012-04-14 17:26 . 2002-08-29 10:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-04-14 13:55 . 2012-04-14 13:55 -------- d-----w- c:\program files\CONEXANT
2012-04-14 13:55 . 2002-10-07 16:29 11027 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2012-04-14 13:55 . 2002-10-07 16:17 69632 ----a-w- c:\windows\system32\mdmxsdk.dll
2012-04-14 13:55 . 2002-10-09 17:50 170499 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2012-04-14 13:55 . 2002-10-09 17:50 1175536 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2012-04-14 13:55 . 2002-10-09 17:44 604240 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2012-04-14 13:46 . 2002-09-26 22:04 27786 ----a-w- c:\windows\system32\HSFCI004.dll
2012-04-14 13:45 . 2001-08-22 12:42 13632 ----a-w- c:\windows\system32\drivers\omci.sys
2012-04-13 22:34 . 2006-03-02 00:30 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys
2012-04-13 22:34 . 2005-05-06 18:42 1339776 ----a-w- c:\windows\system32\drivers\IntelC51.sys
2012-04-13 22:34 . 2005-05-06 18:40 47360 ----a-w- c:\windows\system32\drivers\IntelC53.sys
2012-04-13 22:34 . 2005-05-06 18:40 36880 ----a-w- c:\windows\system32\drivers\mohfilt.sys
2012-04-13 22:34 . 2005-05-06 18:39 172032 ----a-w- c:\windows\system32\intelmoh.dll
2012-04-13 22:34 . 2005-05-06 18:39 49152 ----a-w- c:\windows\system32\mhwt.dll
2012-04-11 12:00 . 2012-04-11 12:00 1409 ----a-w- c:\windows\QTFont.for
2012-04-10 21:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-10 21:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2012-04-10 19:55 . 2007-04-26 14:21 302000 ----a-w- c:\windows\system32\drivers\fwdrv.sys
2012-04-08 23:44 . 2012-04-08 23:44 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-08 20:26 . 2012-04-08 20:26 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 11:34 . 2008-03-18 23:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-07 11:34 . 2010-08-03 01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-05-01 12:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 01:25 . 2004-08-24 00:32 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2010-06-24 23:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2002-08-29 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2002-08-29 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-25 13:11 . 2011-05-23 10:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-08-29 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2001-02-27 00:16 . 2010-05-23 01:29 53295 ----a-w- c:\program files\opera\program\plugins\PlugDef.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-09-26 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
.
c:\documents and settings\Mike Hoover\Start Menu\Programs\Startup\
Seagate Product Registration.lnk - c:\documents and settings\Mike Hoover\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2012-4-16 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-9-2 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ %I
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
.
R1 fwdrv;Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fwdrv.sys [4/10/2012 3:55 PM 302000]
R1 khips;Kerio HIPS Driver;c:\windows\SYSTEM32\DRIVERS\khips.sys [4/26/2007 10:21 AM 72624]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 8:33 PM 25824]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\SYSTEM32\ngvpnmgr.exe [5/18/2011 2:48 AM 290472]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 10:47 AM 14088]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [4/26/2007 10:21 AM 1234480]
R3 NgLog;Aventail VPN Logging;c:\windows\SYSTEM32\DRIVERS\nglog.sys [5/18/2011 2:11 AM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\SYSTEM32\DRIVERS\ngvpn.sys [5/18/2011 2:11 AM 81480]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 NgFilter;Aventail VPN Filter;c:\windows\SYSTEM32\DRIVERS\ngfilter.sys [5/18/2011 2:11 AM 23112]
S3 NgWfp;Aventail VPN Callout;c:\windows\SYSTEM32\DRIVERS\ngwfp.sys [5/18/2011 2:11 AM 25160]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
efs
aegisp
nsm1bus
MRENDIS5
NWADI
w70n51
s117bus
ctaud2k
netdevio
rchost
houdiniserver
HFACSVC
ctdvda2k
atikmdag
pciSd
racsvc
defwatch
vpcnfltr
Subsonic
GT680x
sskbfd
aaksrv
zntport
vstor2-ws60
lanusb
procmon10
w810bus
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3448474522-3304514054-2523392379-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3448474522-3304514054-2523392379-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Mike Hoover\Application Data\Mozilla\Firefox\Profiles\h1ofpo0d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 05:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sskbfd]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6760)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Memeo\Memeo Send\MemeoSend.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
.
**************************************************************************
.
Completion time: 2012-04-17 05:27:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 09:26
ComboFix2.txt 2012-04-13 06:10
ComboFix3.txt 2012-04-10 23:00
ComboFix4.txt 2012-04-10 21:53
ComboFix5.txt 2012-04-17 08:58
.
Pre-Run: 51,769,405,440 bytes free
Post-Run: 51,755,446,272 bytes free
.
- - End Of File - - 877757EEFF49AC6F3E2FA2BC0BB5A2D6
My firewall started up on reboot.
I have a number of suspicious processes/services and I'm going to list them. If you know if I can delete them with no ill affects, please let me know. None have descriptions or the descriptions match the display name. Some are listed as automatic, but only one process is actually running.
I just now realize that I don't know how to delete a process, but I could disable them. I was going to delete the last one on the list because it references an exe file that doesn't exist, but it seems all I can do is disable it.
Service name: pcscnsrv Displayname Asusgsb
Service name: vstor2-ws60 Displayname CTEDSPSY.DLL
Service name: ctdvda2k Display name: Cwcspud
Service name: houdiniserver Display name: Dot4ufd
Service name: HFACSVC Display name: Dvpapi
Service name: atikmdag Display name: Hcf_msft
Service name: aegisp Display name: RIOUNIV
Service name: efs Display name: Szserver
Service name: wscsvc Display name: wscsvc (this one is running. When I click on properties, a message says Configuration Manager: The specified device instance handle does not correspond to a present device)
Service name: ZipToA Display name: ZipToA