|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
04-30-2008, 11:43 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 7
OS: windows xp
|
Limited or No Connectivity
I have a computer running windows xp, one day my wife told me that the computer needed reset because the internet wasn't working properly. I shut down the computer and started it back up and when I went to click on the Administrator Icon on my login screen, it wasn't there, there was some 'Guest' icon which had never been there before. I ended up changing the login to the classic so that I could type in 'Administrator' and login to the userid that way. When I did, the internet icon in the bottom tray displayed 'limited or no connectivity', so I tried clicking on repair, and the window came up and then said it was unable to fix it. I tried loggin out and back in, but same problem. I tried shutting down my network card and connecting with my wireless card, but still same problem under 'Adminstrator' userid. I knew that it was not the modem, because I have a laptop where I can connect to the modem as well as I can connect with my Ipod touch via wireless. I decided to log into the other guest account that I saw was there and for some strange reason was able to get connectivity with the internet. Shut the computer down, started back up and tried 'Administrator' again, but no luck. I figured I would goto control panel and system to try to do a system restore, but when I click on the tap, it gives me the following:
RUN DLL An exception occurred while trying to run "c:\WINNT\system32\shell32.dll, Control_Run DLL "C:\WINNT\system32\sysdm.ap1", system the 'sysdm.ap1' is the way it was spelled, not a typo. I can only access the internet with the 'Administrator1' user login, however when I got to log out of that and then back into the 'Administrator' user login, that's when the "limited or no connectivity" warning pops up. I know my brother in law did install a poker thing onto my computer while visiting and have heard that that may be the trouble that something planted itself under the profile it was installed under, so I uninstalled it and still no luck, kinda running out of things to try, any help would be appreciated. I have gone through and did the 5 Steps prior to posting a HiJackThis log, and the following is the log from Main.txt(note I have also attached the Extra.txt and the ActiveScan text files): Deckard's System Scanner v20071014.68 Run by Administrator on 2008-05-01 00:10:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; System Restore is disabled (service is not running). -- Last 5 Restore Point(s) -- 9: 2008-02-05 01:10:44 UTC - RP105 - Installed MaxBlast 4 8: 2008-02-04 22  47 UTC - RP104 - System Checkpoint7: 2008-02-03 21 51 UTC - RP103 - System Checkpoint6: 2008-02-02 21:01:49 UTC - RP102 - Software Distribution Service 3.0 5: 2008-02-02 20:33:28 UTC - RP101 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-02-02 18:27:45 UTC - RP97 - Removed Nero Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-01 00:16:45 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINNT\system32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\explorer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\TELUS\TELUS Security service\Freedom.exe C:\Program Files\TELUS\eProtect Advisor\TEPA.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe C:\Program Files\Real\RealPlayer\realplay.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe C:\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe" O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: Yahoo! Cribbage () - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaudio.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} () - O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmvax.cab O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...1F/wmvadvd.cab O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kupferschmidt.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192067944164 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192074972297 O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...017.7809490741 O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: dvpapi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe -- End of file - 12678 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADScript - shell\open\command - C:\WINNT\NOTEPAD.EXE "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ANIO (ANIO Service) - c:\winnt\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver> R2 FreeTdi (Freedom Filter (24214)) - c:\winnt\system32\drivers\freetdi.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom> R2 PPCLASS - c:\winnt\system32\drivers\ppclass.sys <Not Verified; Silitek Corporation.; > R3 Freedom (Freedom Miniport) - c:\winnt\system32\drivers\freedom.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom> R3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S2 PPSCAN - c:\winnt\system32\drivers\ppscan.sys <Not Verified; Shuttle Technology.; > S3 LVPrcMon (Logitech LVPrcMon Driver) - c:\winnt\system32\drivers\lvprcmon.sys S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing) S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrempr5.sys (file missing) S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing) S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing) S3 usbhub20 (USB 2.0 Root Hub Support) - c:\winnt\system32\drivers\usbhub20.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> S4 l8042prt (Logitech Keyboard and PS/2 Mouse Port Driver) - c:\winnt\system32\drivers\l8042prt.sys <Not Verified; Logitech; MouseWare> S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows> R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 SBHookSvc - c:\progra~1\teluse~1\smartb~1\sbhooksvc.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: C-Media AC97 Audio Device Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0A141019&REV_A0\3&61AAA01&0&17 Manufacturer: C-Media Name: C-Media AC97 Audio Device PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0A141019&REV_A0\3&61AAA01&0&17 Service: cmuda Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: SiS 900 PCI Fast Ethernet Adapter Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0A141019&REV_90\3&61AAA01&0&18 Manufacturer: SiS Name: SiS 900 PCI Fast Ethernet Adapter PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0A141019&REV_90\3&61AAA01&0&18 Service: SISNIC Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: D-Link WDA-2320 RangeBooster G Desktop Adapter Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3A1B1186&REV_01\3&61AAA01&0&58 Manufacturer: Atheros Name: D-Link WDA-2320 RangeBooster G Desktop Adapter PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3A1B1186&REV_01\3&61AAA01&0&58 Service: AR5416 -- Scheduled Tasks ------------------------------------------------------------- 2008-04-29 19:43:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-01 and 2008-05-01 ----------------------------- 2008-05-01 00 00 686630 --a------ C:\dss.exe2008-04-30 22:56:54 0 d-------- C:\Program Files\ZonedOut 2008-04-30 22:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-30 22:18:35 0 d-------- C:\Program Files\SpywareBlaster 2008-04-30 19:59:51 0 d-------- C:\Program Files\Panda Security 2008-04-23 20 58 0 d-------- C:\Program Files\Windows Live Safety Center2008-04-22 23:40:16 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Apple Computer 2008-04-21 20:26:27 0 d-------- C:\Program Files\Radialpoint 2008-04-14 00:39:34 0 d-------- C:\Documents and Settings\Administrator1\Administrator1 2008-04-14 00:34:18 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Macromedia 2008-04-14 00:33:02 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Adobe 2008-04-14 00:29:28 0 d-------- C:\Documents and Settings\Administrator1\Application Data\TELUS 2008-04-14 00:29:26 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Real 2008-04-14 00:28:50 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Identities 2008-04-14 00:28:40 0 d--h----- C:\Documents and Settings\Administrator1\Templates 2008-04-14 00:28:40 0 dr------- C:\Documents and Settings\Administrator1\Start Menu 2008-04-14 00:28:40 0 dr-h----- C:\Documents and Settings\Administrator1\SendTo 2008-04-14 00:28:40 0 dr-h----- C:\Documents and Settings\Administrator1\Recent 2008-04-14 00:28:40 0 d--h----- C:\Documents and Settings\Administrator1\PrintHood 2008-04-14 00:28:40 1835008 --ah----- C:\Documents and Settings\Administrator1\NTUSER.DAT 2008-04-14 00:28:40 0 d--h----- C:\Documents and Settings\Administrator1\NetHood 2008-04-14 00:28:40 0 dr------- C:\Documents and Settings\Administrator1\My Documents 2008-04-14 00:28:40 0 d--h----- C:\Documents and Settings\Administrator1\Local Settings 2008-04-14 00:28:40 0 dr------- C:\Documents and Settings\Administrator1\Favorites 2008-04-14 00:28:40 0 d-------- C:\Documents and Settings\Administrator1\Desktop 2008-04-14 00:28:40 0 d--hs---- C:\Documents and Settings\Administrator1\Cookies 2008-04-14 00:28:40 0 dr-h----- C:\Documents and Settings\Administrator1\Application Data 2008-04-14 00:28:40 0 d-------- C:\Documents and Settings\Administrator1\Application Data\Symantec 2008-04-14 00:28:40 0 d---s---- C:\Documents and Settings\Administrator1\Application Data\Microsoft 2008-04-14 00:20:00 0 d-------- C:\Documents and Settings\temp\Application Data\Macromedia 2008-04-14 00:19:59 0 d-------- C:\Documents and Settings\temp\Application Data\Adobe 2008-04-13 15:53:52 0 d-------- C:\Documents and Settings\temp\Application Data\TELUS 2008-04-13 15:53:50 0 d-------- C:\Documents and Settings\temp\Application Data\Real 2008-04-13 15:52:46 0 dr------- C:\Documents and Settings\temp\My Documents 2008-04-13 15:52:45 0 dr------- C:\Documents and Settings\temp\Favorites 2008-04-13 15:52:45 0 d-------- C:\Documents and Settings\temp\Desktop 2008-04-13 15:52:45 0 d--hs---- C:\Documents and Settings\temp\Cookies 2008-04-13 15:52:40 0 d-------- C:\Documents and Settings\temp\Start Menu -- Find3M Report --------------------------------------------------------------- 2008-04-21 20:26:28 0 d-------- C:\Program Files\Common Files\Command Software 2008-04-14 23:57:18 1636 --a------ C:\WINNT\system32\d3d9caps.dat 2008-03-23 15:34:25 0 d-------- C:\Program Files\TELUS 2008-03-23 15:33:39 0 d-------- C:\Program Files\Common Files\Motive 2008-03-23 15:33:32 0 d-a------ C:\Program Files\Common Files -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [08/04/2004 06:00 AM C:\WINNT\system32\mobsync.exe] "EssSpkPhone"="essspk.exe" [06/20/2002 08:12 PM C:\WINNT\essspk.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/27/2006 07:20 PM] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 07:42 PM] "D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [12/15/2005 12:21 PM] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [11/30/2005 10:35 AM] "TELUS Security service"="C:\Program Files\TELUS\TELUS Security service\Freedom.exe" [05/19/2005 03:56 PM] "TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [03/20/2007 05:48 PM] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 04:02 PM] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 04:06 PM] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM] "TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [02/25/2008 09:22 AM] "TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [02/26/2008 08:47 AM] "Cmaudio"="cmicnfg.cpl" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/11/2007 05:07 PM] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/04/2004 06:00 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 07:05 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 7:53:26 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/11/2005 9:19:24 PM] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/11/2007 5:07:46 PM] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [10/30/2002 12:58:36 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2008-05-01 00:18:27 ------------ |
|
     
|
|
05-10-2008, 06:42 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,091
OS: WinXP and Vista
|
Re: Limited or No Connectivity
Hello wkupferschmidt,
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. |
|
|
|
|
05-13-2008, 10:39 PM
|
#5 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 7
OS: windows xp
|
Re: Limited or No Connectivity
Ried,
Just one quick question before I go ahead with the above mentioned procedures. As per my original post, I can only access the internet connection properly through my 'Administrator 1' account which I have set up as a profile since I had the problem of limited or no connectivity arise. My 'Administrator' account where I have all my other programs and settings I am not able to access the internet, it is that profile that has something wrong with it that it gives me the "Limited or no Connectivity" error. If I run the above mentioned software in the 'Administrator 1' user profile is that okay, or do I have to try and run it under the user profile that is giving me problems? Please let me know before I proceed. Thanks, Wayne K |
|
|
|
|
05-14-2008, 06:51 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,091
OS: WinXP and Vista
|
Re: Limited or No Connectivity
Hi Wayne,
I'd prefer you run the tool under the acct that is giving you the trouble. Download it with the acct that works, then move the tool to the troubled acct via Windows Explorer. Or, simpler yet, download the tool to a flash drive, then move it to the desktop of the trouble acct. |
|
|
|
|
05-14-2008, 11:21 PM
|
#7 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 7
OS: windows xp
|
Re: Limited or No Connectivity
Ried,
The following are the logs you requested. Regards, Wayne Kupferschmidt Combofix.txt ------------ ComboFix 08-05-12.1 - Administrator 2008-05-14 23:47:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -6:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MyWay C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL C:\Program Files\MyWay\myBar\History\search C:\Program Files\MyWay\myBar\Settings\prevcfg.htm C:\WINNT\smdat32a.sys C:\WINNT\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))) . 2008-05-14 23:44 . 2008-05-14 23:44 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-13 19:08 . 2008-05-13 19:08 <DIR> d-------- C:\WINNT\LastGood 2008-05-01 00:10 . 2008-05-01 00:10 <DIR> d-------- C:\Deckard 2008-05-01 00:06 . 2008-04-30 23:57 686,630 --a------ C:\dss.exe 2008-04-30 22:56 . 2008-04-30 23:09 <DIR> d-------- C:\Program Files\ZonedOut 2008-04-30 22:35 . 2008-04-30 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-30 22:18 . 2008-04-30 22:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-04-30 22:18 . 2005-08-25 18:19 115,920 --a------ C:\WINNT\system32\MSINET.OCX 2008-04-30 19:59 . 2008-04-30 20:00 <DIR> d-------- C:\Program Files\Panda Security 2008-04-23 20:06 . 2008-04-23 20:17 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-04-22 23:40 . 2008-04-22 23:40 <DIR> d-------- C:\Documents and Settings\Administrator1\Application Data\Apple Computer 2008-04-21 20:26 . 2008-04-21 20:26 <DIR> d-------- C:\Program Files\Radialpoint . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 02:26 --------- d-----w C:\Program Files\Common Files\Command Software 2008-04-14 06:29 --------- d-----w C:\Documents and Settings\Administrator1\Application Data\TELUS 2008-04-13 21:53 --------- d-----w C:\Documents and Settings\temp\Application Data\TELUS 2008-04-03 11:03 1,333,152 ----a-w C:\WINNT\system32\drivers\athw.sys 2008-03-27 08:12 151,583 ----a-w C:\WINNT\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINNT\system32\dllcache\msjint40.dll 2008-03-23 21:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Motive 2008-03-23 21:34 --------- d-----w C:\Program Files\TELUS 2008-03-23 21:33 --------- d-----w C:\Program Files\Common Files\Motive 2008-03-20 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PurePlay 2008-03-19 09:47 1,845,248 ----a-w C:\WINNT\system32\win32k.sys 2008-03-19 09:47 1,845,248 ----a-w C:\WINNT\system32\dllcache\win32k.sys 2008-03-02 00:36 3,591,680 ------w C:\WINNT\system32\dllcache\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINNT\system32\dllcache\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINNT\system32\dllcache\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINNT\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINNT\system32\gdi32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINNT\system32\dllcache\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINNT\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ----a-w C:\WINNT\system32\dllcache\dnsrslvr.dll 2008-02-20 05:32 148,992 ----a-w C:\WINNT\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINNT\system32\dllcache\ieakui.dll 2002-10-29 01:12 271 --sh--w C:\Program Files\desktop.ini 2002-10-29 01:12 21,952 ---ha-w C:\Program Files\folder.htt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-11 17:07 67128] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 06:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [2004-08-04 06:00 143360 C:\WINNT\system32\mobsync.exe] "EssSpkPhone"="essspk.exe" [2002-06-20 20:12 163840 C:\WINNT\essspk.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-27 19:20 180269] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 19:42 49152] "D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 12:21 2490368] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 10:35 49152] "TELUS Security service"="C:\Program Files\TELUS\TELUS Security service\Freedom.exe" [2005-05-19 15:56 180278] "TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [2007-03-20 17:48 2061816] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2008-02-25 09:22 1468256] "TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2008-02-26 08:47 1467232] "Cmaudio"="cmicnfg.cpl" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 06:00 214528] "tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 06:00 44544] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 19:53:26 282624] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 21:19:24 73728] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-11 17:07:46 67128] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2002-10-30 00:58:36 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [2000-05-27 03:37] R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-02-29 16:16] R2 PPCLASS;PPCLASS;C:\WINNT\system32\drivers\PPCLASS.sys [1997-04-09 15:08] R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\AN983.sys [2004-08-03 22:31] R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-16 19:34] S2 PPSCAN;PPSCAN;C:\WINNT\system32\drivers\PPSCAN.sys [1999-02-10 20:38] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINNT\system32\DRIVERS\A3AB.sys [2007-05-23 04:15] S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\lne100v5.sys [2001-04-01 21:01] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINNT\system32\drivers\LVPrcMon.sys [2005-12-09 12:07] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-16 19:34] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [] S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINNT\system32\drivers\sis7012.sys [2002-04-23 14:02] S3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 13:05] S4 l8042prt;Logitech Keyboard and PS/2 Mouse Port Driver;C:\WINNT\system32\DRIVERS\l8042prt.sys [1998-08-19 12:07] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-14 01:43:04 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-14 23:49:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk] "ImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk] "ImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINNT\system32\winlogon.exe -> C:\WINNT\system32\tsd32.dll . Completion time: 2008-05-14 23:51:44 ComboFix-quarantined-files.txt 2008-05-15 05:51:33 Pre-Run: 74,444,812,288 bytes free Post-Run: 74,488,287,232 bytes free 148 --- E O F --- 2008-05-14 09:01:16 ******************************************************** hijackthis.log ------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12 36 AM, on 5/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\TELUS\eProtect Advisor\TEPA.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\mspmspsv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe" O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kupferschmidt.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192067944164 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192074972297 O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SBHookSvc - Unknown owner - C:\PROGRA~1\TELUSE~1\SMARTB~1\SBHookSvc.exe (file missing) -- End of file - 10936 bytes |
|
|
|
|
05-15-2008, 01:48 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,091
OS: WinXP and Vista
|
Re: Limited or No Connectivity
What is the situation now? Has there been any improvement in this acct since running ComboFix? Can you access the internet now?
|
|
|
|
