|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-17-2008, 03:21 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Can't get on the Internet with this Laptop
Hi to All,
I am working on an older model Toshiba Satelite Laptop (Model No. PS183A - 2Q54PP) running XP Pro and I am not able to access the Internet via the Lan Connection. I have a fixed IP address and everything seems to be functioning normally. If I do an "Ipconfig" in the CMD window everything looks OK. I may have a virus stopping access. Can somebody please have a look at the below HijackThis File and see if anything looks amis. Thanks for your time Regards Luka123 Logfile of HijackThis v1.99.1 Scan saved at 8:23:29 p.m., on 17/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10 O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdonw.exe] C:\WINDOWS\system32\kdonw.exe O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O10 - Unknown file in Winsock LSP: c:\program files\broderbund\broderbund email watchdog\ndpwsspr.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD17183-5F70-44E9-83F2-94EF1641541C}: NameServer = 203.96.152.4,203.96.152.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.35 85.255.112.20 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.35 85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.35 85.255.112.20 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-23-2008, 08:31 AM
|
#2 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi to all
THIS PROBLEM HAS BEEN RESOLVED AT ANOTHER FORUM : For those who are interested, the laptop had the ZLOB virus which destroyed TCIP and the Winsocks. I managed to remove the virus then followed the below steps to restore Internet connectivity. Regards Luka123 you may need the xp cd to achieve this... JUST IN CASE YOU MIGHT NEED IT. ***before editing the registry back it up*** 1)remove winsock keys from registry. -to do so go to START,RUN,TYPE: REGEDIT then click ok. delete the following registry keys: WINSOCK & WINSOCK2 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2 ****RESTART YOUR COMPUTER. then you will need to reinstall TCP/IP 1)click START then RUN type CMD and then press ENTER. 2)type the following command and press ENTER. netsh int ip reset log.txt *a new command prompt will appear* 3) EXIT out of the command prompt. 4) click START then CONTROL PANEL. 5) double click the NETWORK CONNECTIONS icon. **if you don't see network connections switch to classic view in the control panel window.** 6) right-click LOCAL AREA CONNECTION then click PROPERTIES. 7) on the GENERAL tab click CLIENT FOR MICROSOFT NETWORKS then click UNINSTALL. 8) when prompted to RESTART computer click YES. 9) click START then CONTROL PANEL and then double click NETWORK CONNECTIONS. 10) click YES if you are prompted. 11) on the GENERAL tab click INSTALL. 12) on the SELECT A NETWORK COMPONENT TYPE window, select CLIENT, and then click ADD. 13) in the SELECT NETWORK COMPONENT TYPE window, select CLIENT FOR MICROSOFT NETWORKS and then click OK. **CLIENT FOR MICROSOFT NETWORKS will be added to the list and you will be taken back to the general tab.** 14)on the GENERAL tab click INSTALL. 15) on the SELECT A NETWORK COMPONENT TYPE window, select PROTOCOL, and then click ADD. 16) click HAVE DISK, then type, " C:\windows\inf" (no quotes) then click OK. 17) in the next window select INTERNET PROTOCOL TCP/IP then click ok. **YOU WILL BE TAKEN BACK TO THE GENERAL TAB,MAKE SURE ALL THE TICK BOXES ARE CHECKED.** 18) CLICK CLOSE AND RESTART YOUR COMPUTER. |
|
|
|
|
08-23-2008, 08:47 AM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Hi Luka123,
That's all well and good to fix your connection, but the root of the problem is still there. Please run a new scan with HijackThis.exe so I can see if the malware entries in your first log, are still there. |
|
|
|
|
08-23-2008, 05:12 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi Ried,
Good Point.. I have posted the latest Hikack This Log below Thanks in Advance Regards Luka123 Logfile of HijackThis v1.99.1 Scan saved at 11:01:32, on 24/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10 O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdonw.exe] C:\WINDOWS\system32\kdonw.exe O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe O4 - Global Startup: Network Device Switch.lnk = ? O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4B0DFF5D-1F28-429E-93B9-7EA7EDAB0B5E}: NameServer = 203.96.152.4,203.96.152.12 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe |
|
|
|
|
08-23-2008, 07:26 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Thanks Luka123,
 The nasty is still onboard. Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts.
|
|
|
|
|
08-23-2008, 08:25 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi Ried,
please find the below requested ComboFix TXT file. Regards Luka123 ComboFix 08-08-23.01 - client 2008-08-24 14:02:10.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.68 [GMT 12:00] Running from: C:\Documents and Settings\client\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-23 17:46 . 2008-08-23 17:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-23 17:40 . 2008-08-23 17:40 <DIR> d-------- C:\Program Files\ESET 2008-08-23 17:38 . 2008-05-02 02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-23 16:01 . 2008-08-23 16:01 <DIR> d-------- C:\Program Files\Netcom3 Cleaner 2008-08-23 16:01 . 2008-08-23 16:01 0 --a------ C:\proc.id 2008-08-23 16:01 . 2008-08-23 16:01 0 --a------ C:\asdasd.asdasd 2008-08-23 14:46 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-23 14:12 . 2008-08-23 14:12 <DIR> d-------- C:\Documents and Settings\client\Application Data\Malwarebytes 2008-08-23 14:12 . 2008-08-23 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-23 13:02 . 2002-03-21 13:14 21,376 -ra------ C:\WINDOWS\system32\drivers\dm9usb.sys 2008-08-21 14:51 . 2008-08-21 14:51 <DIR> d-------- C:\Documents and Settings\client\Application Data\toshiba 2008-08-21 12:26 . 2008-08-21 12:26 <DIR> d-------- C:\Download 2008-08-21 11:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-21 11:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-21 11:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-21 11:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-21 11:45 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-21 11:45 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-21 11:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-21 11:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-21 11:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-21 01:44 . 2008-08-21 01:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-21 00:38 . 2008-08-21 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-08-21 00:16 . 2008-08-21 00:16 <DIR> d-------- C:\Intel12.4 2008-08-20 19:48 . 2008-08-20 19:48 <DIR> d-------- C:\Program Files\DriverGuide DriverScan 2008-08-20 17:29 . 2008-08-20 17:29 <DIR> d-------- C:\fixwareout 2008-08-20 02:12 . 2008-08-21 11:55 2,996 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-19 18:37 . 2008-08-19 18:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-17 20:20 . 2008-08-17 20:20 <DIR> d-------- C:\HijackThis 2008-08-17 15:17 . 2008-08-17 15:17 <DIR> d-------- C:\Documents and Settings\client\Application Data\ESET 2008-08-17 15:14 . 2008-08-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-17 14:49 . 2008-08-17 14:49 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-17 14:22 . 2008-08-17 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-08-15 00:19 . 2008-08-15 00:19 <DIR> d-------- C:\Documents and Settings\client\Application Data\Talkback 2008-08-15 00:14 . 2008-08-15 00:14 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-15 00:13 . 2008-08-15 00:13 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-08-14 12:33 . 2008-08-14 12:33 <DIR> d-------- C:\Program Files\Google 2008-08-12 19:46 . 2008-08-12 19:46 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-11 19:58 . 2008-08-11 19:58 419 --a------ C:\WINDOWS\BRWMARK.INI 2008-08-11 19:58 . 2008-08-11 19:58 27 --a------ C:\WINDOWS\BRPP2KA.INI 2008-08-11 19:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-11 19:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-11 19:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-11 19:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-08-11 18:56 . 2008-08-11 18:56 213 --a------ C:\WINDOWS\Brpfx04a.ini 2008-08-11 18:56 . 2008-08-11 18:56 94 --a------ C:\WINDOWS\brpcfx.ini 2008-08-11 18:56 . 2008-08-11 18:56 50 --a------ C:\WINDOWS\system32\bridf07a.dat 2008-08-11 18:54 . 2008-08-11 18:54 <DIR> d-------- C:\Program Files\Brother 2008-08-11 18:53 . 2008-08-11 18:53 <DIR> d-------- C:\Documents and Settings\client\Application Data\InstallShield 2008-08-11 18:52 . 2008-08-11 18:52 <DIR> d-------- C:\Program Files\Nuance 2008-08-11 18:51 . 2008-08-11 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-08-11 18:51 . 2006-10-24 15:34 31,567 --a------ C:\WINDOWS\maxlink.ini 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Program Files\ScanSoft 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-08-11 18:47 . 2008-08-11 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother 2008-08-10 19:50 . 2008-08-10 19:50 <DIR> d-------- C:\Documents and Settings\client\Application Data\Motive 2008-08-10 15:38 . 2008-08-10 15:38 <DIR> d-------- C:\WINDOWS\Motive 2008-08-10 15:35 . 2008-08-10 15:35 <DIR> d-------- C:\Program Files\Xtra Help Assistant 2008-08-10 15:35 . 2008-08-10 15:35 <DIR> d-------- C:\Program Files\Motive 2008-08-10 15:30 . 2008-06-24 04:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-10 15:30 . 2007-04-17 21:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-10 15:30 . 2007-03-08 17:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-10 15:30 . 2008-06-24 04:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-10 15:30 . 2008-06-24 04:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-10 15:30 . 2008-06-24 04:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-10 15:30 . 2008-06-24 04:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-10 15:30 . 2008-06-24 04:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-10 15:30 . 2008-06-23 21:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-27 15:31 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-07-26 18:30 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-26 18:10 . 2008-07-26 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-14 12:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 22:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2001-09-06 18:56 98304] "tcnzTrayApp"="C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" [2007-04-11 17:30 935424] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632] "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 14:51 663552] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-15 00:11 185896] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168] "TFncKy"="TFncKy.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Network Device Switch.lnk - C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe [2008-08-21 11:35:46 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailDefense] --a------ 2001-12-12 14:48 94208 C:\Program Files\Broderbund\Broderbund Email Watchdog\BBEmailW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-14 05:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndpwatch] --a------ 2001-12-12 14:46 61440 C:\Program Files\Broderbund\Broderbund Email Watchdog\ndpwatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= S3 aaudstum;aaudstum;C:\DOCUME~1\client\LOCALS~1\Temp\aaudstum.sys [] S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 13:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f7d7891-169e-11db-ae5b-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-SpyClean - C:\Program Files\Netcom3 Cleaner\SpyClean.exe HKLM-Run-C:\WINDOWS\system32\kdonw.exe - C:\WINDOWS\system32\kdonw.exe MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\client\Application Data\Mozilla\Firefox\Profiles\6vrfwzha.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 14:13:35 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:\\WINDOWS\\system32\\kdonw.exe"="C:\\WINDOWS\\system32\\kdonw.exe" . Completion time: 2008-08-24 14:19:18 ComboFix-quarantined-files.txt 2008-08-24 02:18:54 Pre-Run: 1,531,944,960 bytes free Post-Run: 1,546,043,392 bytes free 174 --- E O F --- 2008-08-23 06:55:03 |
|
|
|
|
08-23-2008, 09:08 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Hi Luka123,
This entry is the one that had me concerned: O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdonw.exe] C:\WINDOWS\system32\kdonw.exe In reviewing your ComboFix.txt, all is well.  One more thing I'd like you to do. While it may not be needed at this time, infections these days tend to patch a lot of critical system files which often result in multiple problems, one of which can be an unbootable machine. Having Window's Recovery Console installed on your machine in advance can save a lot of heartache in the future. The Windows Recovery Console will allow you to boot up into a special recovery/repair mode that would allow us to more easily help you should your computer have a problem. (You can read more about the Recovery Console here) It's a simple procedure, and will only take a moment of your time. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System  Download the file & save it as it's originally named, next to ComboFix.exe.  Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
|
|
|
|
|
08-23-2008, 11:01 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi Riad,
sorry about the delay, I was called out on a job..  Ok, I have posted the new Combofix log below for you to have a look at. I also noticed: O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdonw.exe] C:\WINDOWS\system32\kdonw.exe What is this? Regards Luka123 ComboFix 08-08-23.01 - client 2008-08-24 15:37:36.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.56 [GMT 12:00] Running from: C:\Documents and Settings\client\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-23 17:46 . 2008-08-23 17:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-23 17:40 . 2008-08-23 17:40 <DIR> d-------- C:\Program Files\ESET 2008-08-23 17:38 . 2008-05-02 02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-23 16:01 . 2008-08-23 16:01 <DIR> d-------- C:\Program Files\Netcom3 Cleaner 2008-08-23 16:01 . 2008-08-23 16:01 0 --a------ C:\proc.id 2008-08-23 16:01 . 2008-08-23 16:01 0 --a------ C:\asdasd.asdasd 2008-08-23 14:46 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-23 14:12 . 2008-08-23 14:12 <DIR> d-------- C:\Documents and Settings\client\Application Data\Malwarebytes 2008-08-23 14:12 . 2008-08-23 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-23 13:02 . 2002-03-21 13:14 21,376 -ra------ C:\WINDOWS\system32\drivers\dm9usb.sys 2008-08-21 14:51 . 2008-08-21 14:51 <DIR> d-------- C:\Documents and Settings\client\Application Data\toshiba 2008-08-21 12:26 . 2008-08-21 12:26 <DIR> d-------- C:\Download 2008-08-21 11:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-21 11:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-21 11:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-21 11:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-21 11:45 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-21 11:45 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-21 11:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-21 11:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-21 11:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-21 01:44 . 2008-08-21 01:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-21 00:38 . 2008-08-21 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-08-21 00:16 . 2008-08-21 00:16 <DIR> d-------- C:\Intel12.4 2008-08-20 19:48 . 2008-08-20 19:48 <DIR> d-------- C:\Program Files\DriverGuide DriverScan 2008-08-20 17:29 . 2008-08-20 17:29 <DIR> d-------- C:\fixwareout 2008-08-20 02:12 . 2008-08-21 11:55 2,996 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-19 18:37 . 2008-08-19 18:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-17 20:20 . 2008-08-17 20:20 <DIR> d-------- C:\HijackThis 2008-08-17 15:17 . 2008-08-17 15:17 <DIR> d-------- C:\Documents and Settings\client\Application Data\ESET 2008-08-17 15:14 . 2008-08-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-17 14:49 . 2008-08-17 14:49 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-17 14:22 . 2008-08-17 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-08-15 00:19 . 2008-08-15 00:19 <DIR> d-------- C:\Documents and Settings\client\Application Data\Talkback 2008-08-15 00:14 . 2008-08-15 00:14 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-15 00:13 . 2008-08-15 00:13 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-08-14 12:33 . 2008-08-14 12:33 <DIR> d-------- C:\Program Files\Google 2008-08-12 19:46 . 2008-08-12 19:46 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-11 19:58 . 2008-08-11 19:58 419 --a------ C:\WINDOWS\BRWMARK.INI 2008-08-11 19:58 . 2008-08-11 19:58 27 --a------ C:\WINDOWS\BRPP2KA.INI 2008-08-11 19:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-11 19:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-11 19:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-11 19:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-08-11 18:56 . 2008-08-11 18:56 213 --a------ C:\WINDOWS\Brpfx04a.ini 2008-08-11 18:56 . 2008-08-11 18:56 94 --a------ C:\WINDOWS\brpcfx.ini 2008-08-11 18:56 . 2008-08-11 18:56 50 --a------ C:\WINDOWS\system32\bridf07a.dat 2008-08-11 18:54 . 2008-08-11 18:54 <DIR> d-------- C:\Program Files\Brother 2008-08-11 18:53 . 2008-08-11 18:53 <DIR> d-------- C:\Documents and Settings\client\Application Data\InstallShield 2008-08-11 18:52 . 2008-08-11 18:52 <DIR> d-------- C:\Program Files\Nuance 2008-08-11 18:51 . 2008-08-11 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-08-11 18:51 . 2006-10-24 15:34 31,567 --a------ C:\WINDOWS\maxlink.ini 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Program Files\ScanSoft 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-08-11 18:49 . 2008-08-11 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-08-11 18:47 . 2008-08-11 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother 2008-08-10 19:50 . 2008-08-10 19:50 <DIR> d-------- C:\Documents and Settings\client\Application Data\Motive 2008-08-10 15:38 . 2008-08-10 15:38 <DIR> d-------- C:\WINDOWS\Motive 2008-08-10 15:35 . 2008-08-10 15:35 <DIR> d-------- C:\Program Files\Xtra Help Assistant 2008-08-10 15:35 . 2008-08-10 15:35 <DIR> d-------- C:\Program Files\Motive 2008-08-10 15:30 . 2008-06-24 04:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-10 15:30 . 2007-04-17 21:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-10 15:30 . 2007-03-08 17:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-10 15:30 . 2008-06-24 04:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-10 15:30 . 2008-06-24 04:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-10 15:30 . 2008-06-24 04:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-10 15:30 . 2008-06-24 04:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-10 15:30 . 2008-06-24 04:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-10 15:30 . 2008-06-23 21:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-27 15:31 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-07-26 18:30 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-26 18:10 . 2008-07-26 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-14 12:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 22:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2001-09-06 18:56 98304] "tcnzTrayApp"="C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" [2007-04-11 17:30 935424] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632] "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 14:51 663552] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-15 00:11 185896] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168] "TFncKy"="TFncKy.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Network Device Switch.lnk - C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe [2008-08-21 11:35:46 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailDefense] --a------ 2001-12-12 14:48 94208 C:\Program Files\Broderbund\Broderbund Email Watchdog\BBEmailW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-14 05:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndpwatch] --a------ 2001-12-12 14:46 61440 C:\Program Files\Broderbund\Broderbund Email Watchdog\ndpwatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R3 tridxp;tridxp;C:\WINDOWS\system32\DRIVERS\tridxpm.sys [2001-09-26 20:42] S3 aaudstum;aaudstum;C:\DOCUME~1\client\LOCALS~1\Temp\aaudstum.sys [] S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 13:14] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\client\Application Data\Mozilla\Firefox\Profiles\6vrfwzha.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:48:39 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . Completion time: 2008-08-24 15:54:21 ComboFix-quarantined-files.txt 2008-08-24 03:53:56 ComboFix2.txt 2008-08-24 02:19:26 Pre-Run: 1,451,130,880 bytes free Post-Run: 1,439,113,216 bytes free 162 --- E O F --- 2008-08-23 06:55:03 |
|
|
|
|
08-23-2008, 11:51 PM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Hi Luka123,
That entry is a Wareout variant. When you ran Fixwareout it took care of the infection, but left that orphaned registry entry. Please delete the following Folders: C:\Program Files\Netcom3 Cleaner C:\Program Files\Enigma Software Group C:\fixwareout You should also delete the tools used to clean the system as they are constantly updated and your versions will be outdated by next week.  ---------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? Think Prevention **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. **Kindly respond one more time and let me know if we may consider this thread resolved. |
|
|
|
|
08-24-2008, 05:20 PM
|
#12 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi Ried,
Sorry I haven't been back to you as I noticed the Laptop was "Seriously" fragmented.... I left the defrag process running overnight, and it is STILL running after 10 hours and up to 45% completed for whatever reason ?... As soon as it has finished doing its thing I will instigate your reccomendations... This Laptop is "kinda old" and only has a 20Gb HD.  Regards Luka123 |
|
|
|
|
08-24-2008, 07:23 PM
|
#13 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Ok Luka124.
I'll leave this open and remain subscribed. Let me know how you made out with that defrag. |
|
|
|
|
08-29-2008, 07:45 AM
|
#14 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 59
OS: XP
|
Re: Can't get on the Internet with this Laptop
Hi Ried,
thanks for your patience.... Well..... I finally have the Laptop working normally. The defrag process took a L..O..N..G time. FYI while implementing this process, I noticed there were a lot of "Low Performing System Files". I assume a lot were "half destroyed" by the virus. C Drive only has 10Gb and I had to uninstall quite a few programs to complete the defrag process. After that was finished I installed the programs you recommended. All was running "sweet" so I installed "Service Pack 3 for XP" and this improved the overall performance of the Laptop...I guess it replaced a "bucket load" of system files that were "on the blink" so to speak. Anyway, "all's well that ends well"  Thanks a million for your patience and "expert advice".  Much Appreciated Regards Luka123 |
|
|
|
|
08-29-2008, 06:07 PM
|
#15 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,965
OS: WinXP and Vista
|
Re: Can't get on the Internet with this Laptop
Glad to hear about the system improvement. Nice work, Luka123.
 You're quite welcome. Take care. 
|
|
|
|
| Thread Tools | |
|
|
