Tech Support Forum - View Single Post

drwatson · 10-10-2007, 11:04 PM

I ran the file as requested and killed the "InetCntrl" process since it pertains to my Bsafe Online, firewall and virus scanner. When I am able to kill that process early enough on login, I have not had any similar occurances.

Coould it be that the inetcntrl just became corrupt or infected?

Here is the the file results:

ComboFix 07-10-09.3 - lcladmin 10/10/2007 23:46:43.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.372 [GMT -5:00]
Running from: C:\Documents and Settings\lcladmin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-10 23:46 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2007-10-10 19:54 <DIR> d-------- C:\SAV32CLI
2007-10-10 18:25 <DIR> d-------- C:\WINNT\ERUNT
2007-10-09 23:42 <DIR> d-------- C:\Deckard
2007-10-09 23:22 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-09 23:06 <DIR> d-------- C:\Documents and Settings\lcladmin\Application Data\Talkback
2007-10-09 23:05 <DIR> d-------- C:\Documents and Settings\lcladmin\Application Data\Google
2007-10-09 21:04 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\Google
2007-10-09 21:03 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\Talkback
2007-10-09 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-17 05:00 --------- d-----w C:\Program Files\RegCleaner
2007-08-17 04:54 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\RegistrySmart
2007-08-17 04:10 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\Uniblue
2007-08-13 22:16 --------- d-----w C:\Program Files\Orwell
2007-08-13 21:45 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\Notepad++
2007-08-11 19:38 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\eBookPro6
2007-08-04 20:19 93,248 ------w C:\WINNT\Orwell Uninstaller.exe
2004-04-07 14:07 271 ---h--w C:\Program Files\DESKTOP.INI
2004-04-07 14:07 21,952 ---h--w C:\Program Files\FOLDER.HTT
2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((( snapshot@Tue 10-09-2007_23.24.53.07 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-28 03:03:23 C:\WINNT\ERUNT\SDFIX\ERDNT.EXE
----a-w 339,968 2007-10-11 03:25:54 C:\WINNT\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 98,304 2007-10-11 03:25:55 C:\WINNT\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 03:03:23 C:\WINNT\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 335,872 2007-10-10 23:26:01 C:\WINNT\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
----a-w 98,304 2007-10-10 23:26:01 C:\WINNT\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
----a-w 280,269 2007-10-11 00:24:39 C:\WINNT\system32\InetCntrl\AV\avvclean.dat
----a-w 9,070,405 2007-10-11 00:24:36 C:\WINNT\system32\InetCntrl\AV\avvnames.dat
----a-w 223,413 2007-10-11 00:24:36 C:\WINNT\system32\InetCntrl\AV\avvscan.dat
----a-w 3,253 2007-10-11 00:25:16 C:\WINNT\system32\InetCntrl\Data\progctrl.bin
----a-w 67,173 2007-10-11 04:46:36 C:\WINNT\system32\InetCntrl\Data\userpolicy.bin
.
----a-w 280,109 2007-10-10 00:13:50 C:\WINNT\system32\InetCntrl\AV\avvclean.dat
----a-w 9,065,365 2007-10-10 00:13:47 C:\WINNT\system32\InetCntrl\AV\avvnames.dat
----a-w 223,381 2007-10-10 00:13:47 C:\WINNT\system32\InetCntrl\AV\avvscan.dat
----a-w 3,173 2007-10-10 04:05:50 C:\WINNT\system32\InetCntrl\Data\progctrl.bin
----a-w 67,129 2007-10-10 04:05:27 C:\WINNT\system32\InetCntrl\Data\userpolicy.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [12/17/03 06:40a]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"gcasServ"="E:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/05 12:12p]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [05/25/04 10:16a]
"InetCntrl"="C:\WINNT\system32\InetCntrl\InetCntrl.exe" [01/29/07 11:10a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/06 04:57p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
discfix.lnk - C:\DELL\discfix.cmd [1980-01-01 01:00:00]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-04-28 21:27:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=interceptor.dll

R2 BrSerial;Brother Serial Driver;\??\C:\WINNT\system32\drivers\BrSerial.sys
R2 dmsmbios;dmsmbios;\??\C:\WINNT\System32\dmsmbios.sys
R2 SECScheduleService;Search Engine Commando Schedule Service;E:\Program Files\Search Engine Commando\ScheduleService.exe
R3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 23:48:05
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 10/10/2007 23:49:10
C:\ComboFix2.txt ... 10/09/07 11:25p
.
--- E O F ---

10-10-2007, 11:04 PM	#8 (permalink)
drwatson Registered User Join Date: Oct 2007 Posts: 7 OS: Windows 2000	Re: All Apps close immediately, help please. I ran the file as requested and killed the "InetCntrl" process since it pertains to my Bsafe Online, firewall and virus scanner. When I am able to kill that process early enough on login, I have not had any similar occurances. Coould it be that the inetcntrl just became corrupt or infected? Here is the the file results: ComboFix 07-10-09.3 - lcladmin 10/10/2007 23:46:43.2 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.372 [GMT -5:00] Running from: C:\Documents and Settings\lcladmin\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-10 23:46 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat 2007-10-10 19:54 <DIR> d-------- C:\SAV32CLI 2007-10-10 18:25 <DIR> d-------- C:\WINNT\ERUNT 2007-10-09 23:42 <DIR> d-------- C:\Deckard 2007-10-09 23:22 51,200 --a------ C:\WINNT\NirCmd.exe 2007-10-09 23:06 <DIR> d-------- C:\Documents and Settings\lcladmin\Application Data\Talkback 2007-10-09 23:05 <DIR> d-------- C:\Documents and Settings\lcladmin\Application Data\Google 2007-10-09 21:04 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\Google 2007-10-09 21:03 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\Talkback 2007-10-09 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-17 05:00 --------- d-----w C:\Program Files\RegCleaner 2007-08-17 04:54 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\RegistrySmart 2007-08-17 04:10 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\Uniblue 2007-08-13 22:16 --------- d-----w C:\Program Files\Orwell 2007-08-13 21:45 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\Notepad++ 2007-08-11 19:38 --------- d-----w C:\Documents and Settings\cwatson.CWATSONHM\Application Data\eBookPro6 2007-08-04 20:19 93,248 ------w C:\WINNT\Orwell Uninstaller.exe 2004-04-07 14:07 271 ---h--w C:\Program Files\DESKTOP.INI 2004-04-07 14:07 21,952 ---h--w C:\Program Files\FOLDER.HTT 2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((( snapshot@Tue 10-09-2007_23.24.53.07 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-09-28 03:03:23 C:\WINNT\ERUNT\SDFIX\ERDNT.EXE ----a-w 339,968 2007-10-11 03:25:54 C:\WINNT\ERUNT\SDFIX\Users\00000001\NTUSER.DAT ----a-w 98,304 2007-10-11 03:25:55 C:\WINNT\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 163,328 2007-09-28 03:03:23 C:\WINNT\ERUNT\SDFIX_First_Run\ERDNT.EXE ----a-w 335,872 2007-10-10 23:26:01 C:\WINNT\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT ----a-w 98,304 2007-10-10 23:26:01 C:\WINNT\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat ----a-w 280,269 2007-10-11 00:24:39 C:\WINNT\system32\InetCntrl\AV\avvclean.dat ----a-w 9,070,405 2007-10-11 00:24:36 C:\WINNT\system32\InetCntrl\AV\avvnames.dat ----a-w 223,413 2007-10-11 00:24:36 C:\WINNT\system32\InetCntrl\AV\avvscan.dat ----a-w 3,253 2007-10-11 00:25:16 C:\WINNT\system32\InetCntrl\Data\progctrl.bin ----a-w 67,173 2007-10-11 04:46:36 C:\WINNT\system32\InetCntrl\Data\userpolicy.bin . ----a-w 280,109 2007-10-10 00:13:50 C:\WINNT\system32\InetCntrl\AV\avvclean.dat ----a-w 9,065,365 2007-10-10 00:13:47 C:\WINNT\system32\InetCntrl\AV\avvnames.dat ----a-w 223,381 2007-10-10 00:13:47 C:\WINNT\system32\InetCntrl\AV\avvscan.dat ----a-w 3,173 2007-10-10 04:05:50 C:\WINNT\system32\InetCntrl\Data\progctrl.bin ----a-w 67,129 2007-10-10 04:05:27 C:\WINNT\system32\InetCntrl\Data\userpolicy.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [12/17/03 06:40a] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "gcasServ"="E:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/05 12:12p] "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [05/25/04 10:16a] "InetCntrl"="C:\WINNT\system32\InetCntrl\InetCntrl.exe" [01/29/07 11:10a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/06 04:57p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ discfix.lnk - C:\DELL\discfix.cmd [1980-01-01 01:00:00] C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-04-28 21:27:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=interceptor.dll R2 BrSerial;Brother Serial Driver;\??\C:\WINNT\system32\drivers\BrSerial.sys R2 dmsmbios;dmsmbios;\??\C:\WINNT\System32\dmsmbios.sys R2 SECScheduleService;Search Engine Commando Schedule Service;E:\Program Files\Search Engine Commando\ScheduleService.exe R3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\Drivers\BrScnUsb.sys R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 23:48:05 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 10/10/2007 23:49:10 C:\ComboFix2.txt ... 10/09/07 11:25p . --- E O F ---