Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Connect to the internet using HTTP,HTTPS,FTP


  • This topic is locked This topic is locked
7 replies to this topic

#1 txaccthlp

txaccthlp

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 14 April 2009 - 09:26 PM

I have gone thru all of the internet firewalls, ISP provided could not figure it out, All software come up negative. I have been told that there is malware that hijacked the settings and thismight be the reason why I can not connect. I have no idea what to look for in this situation.

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Administrator at 19:44:28.14 on Tue 04/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.739 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C843OPSP\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [S3TRAY2] S3tray2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SymLnch] c:\docume~1\owner\locals~1\temp\LnchStub.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\qsb.exe" /autorun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [Symantec NetDriver Warning] c:\recycler\s-1-5-21-3422684401-1981938729-2348912306-1003\dc26\SNDWarn.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
uExplorerRun: [inthe] "c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\sv2ntspn\inthe.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-8 130424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-8 108552]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-8 1095560]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-8 325640]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-8 27656]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 213640]
S2 0233421238628559mcinstcleanup;McAfee Application Installer Cleanup (0233421238628559); [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-8 298264]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-8 203280]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-8 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-8 144704]
S2 mrtRate;mrtRate; [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-8 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-8 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-8 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-8 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-8 40552]

=============== Created Last 30 ================

2009-04-09 18:38 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-09 18:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-09 18:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 18:38 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-09 18:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 20:10 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-08 20:10 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-08 20:10 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-08 20:10 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-08 20:10 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-08 20:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-08 20:10 <DIR> -cd----- c:\docume~1\admini~1\applic~1\PC Tools
2009-04-08 20:10 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-08 18:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-08 18:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-08 18:12 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-08 18:12 <DIR> -cd----- c:\docume~1\admini~1\applic~1\AVGTOOLBAR
2009-04-08 18:12 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-08 18:12 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-08 16:32 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Citrix
2009-04-08 16:30 61,224 ac------ c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2009-04-08 16:29 <DIR> -cd----- c:\documents and settings\administrator\.java
2009-04-08 16:21 <DIR> -cd----- c:\docume~1\admini~1\applic~1\McAfee
2009-04-08 15:58 8,031 a------- c:\windows\system32\Config.MPF
2009-04-08 15:50 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-08 15:50 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-08 15:50 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-08 15:50 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-08 15:49 <DIR> --d----- c:\program files\common files\McAfee
2009-04-08 15:49 <DIR> --d----- c:\program files\McAfee.com
2009-04-08 15:49 <DIR> --d----- c:\program files\McAfee
2009-04-08 15:41 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-05 09:23 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-04-05 09:21 <DIR> -cd----- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-04-05 09:18 <DIR> -cd----- c:\docume~1\admini~1\applic~1\GlarySoft
2009-04-05 09:17 <DIR> --d----- c:\program files\Registry Repair
2009-04-03 22:18 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Symantec
2009-04-03 22:18 <DIR> -cd----- c:\documents and settings\administrator\WINDOWS
2009-04-03 22:18 <DIR> -cd----- c:\documents and settings\Administrator
2009-04-02 17:33 12,800 a------- c:\windows\system\WING32.DLL
2009-04-02 17:33 92,208 a------- c:\windows\system\WING.DLL

==================== Find3M ====================

2009-04-05 06:59 5,058 a------- c:\windows\help\hhcolreg.dat
2009-03-05 14:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-05 14:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-05 14:00 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-05 14:00 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-13 23:07 81,151 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-13 23:01 420,432 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\pchplugin.zip
2009-02-13 23:01 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PCHI18N.dll
2009-02-13 23:01 106,496 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PluginCtrl.dll
2009-02-13 23:01 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\WinVerifyTrust.dll
2009-02-13 23:01 159,744 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PCHButton.exe
2009-02-13 23:01 122,880 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\SearchCtrl.dll
2009-02-13 23:01 126,976 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\ContentUpdater.exe
2009-02-13 23:01 1,306,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\motdeusr.zip
2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys
2005-04-09 11:50 32,294 a------- c:\program files\01018447.cab
2005-04-09 11:46 32,294 a------- c:\program files\Microsoft Project management.cab

============= FINISH: 19:45:42.34 ===============

Attached Files

  • Attached File  DDS.doc   43KB   0 downloads
  • Attached File  DDS.txt   14.27KB   0 downloads


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 PM

Posted 15 April 2009 - 12:25 AM

Hello txaccthlp,

Posted Image

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to txaccthlp.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 txaccthlp

txaccthlp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 April 2009 - 08:16 PM

I ran the programs as directed. I am still having the same problem.


ComboFix 09-04-18.01 - Administrator 04/17/2009 18:33.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.805 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\err.log
c:\program files\Internet Explorer\msimg32.dll
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\recycler\desktopA.sys
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\icon.ico
c:\windows\system32\1.txt
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\mdm.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 21:02 . 2009-04-17 21:03 -------- dc----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-10 00:52 . 2009-04-10 00:52 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-10 00:38 . 2009-04-10 00:38 -------- dc----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-10 00:38 . 2009-04-10 00:38 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 02:10 . 2009-04-17 21:45 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 00:12 . 2009-04-09 00:12 -------- dc----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-09 00:12 . 2009-04-17 22:15 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-04-08 22:32 . 2009-04-08 22:32 -------- dc----w c:\documents and settings\All Users\Application Data\Citrix
2009-04-08 22:30 . 2009-04-08 22:30 -------- dc----w c:\documents and settings\Administrator\Local Settings\Application Data\Citrix
2009-04-08 22:30 . 2009-04-08 22:30 61224 -c--a-w c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
2009-04-08 22:29 . 2009-04-08 22:29 -------- dc----w c:\documents and settings\Administrator\.java
2009-04-08 22:21 . 2009-04-08 22:21 -------- dc----w c:\documents and settings\Administrator\Application Data\McAfee
2009-04-08 21:50 . 2009-01-17 02:04 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-08 21:50 . 2009-01-17 02:04 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-08 21:50 . 2009-01-17 02:04 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-08 21:41 . 2009-01-17 02:03 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-05 15:23 . 2009-04-05 15:23 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-05 15:21 . 2009-04-05 15:24 -------- dc----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-04-05 15:18 . 2009-04-05 15:18 -------- dc----w c:\documents and settings\Administrator\Application Data\GlarySoft
2009-04-05 13:20 . 2009-04-05 13:20 -------- dc----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-04 05:00 . 2009-04-04 05:00 73232 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 23:33 . 1994-09-21 00:00 12800 ----a-w c:\windows\system\WING32.DLL
2009-04-02 23:33 . 1994-09-21 00:00 92208 ----a-w c:\windows\system\WING.DLL
2009-04-02 22:59 . 2009-04-02 22:59 -------- d-----w c:\documents and settings\Owner\Application Data\RegTool
2009-04-02 01:15 . 2009-04-02 01:16 -------- d-----w c:\documents and settings\Owner\Application Data\MSN6
2009-04-02 01:15 . 2009-04-02 01:15 -------- dc----w c:\documents and settings\All Users\Application Data\MSN6
2009-04-01 23:52 . 2009-04-01 23:52 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-01 23:34 . 2009-04-01 23:34 -------- dc----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-01 23:10 . 2009-04-17 23:05 -------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-28 14:19 . 2009-03-28 14:19 0 ----a-w c:\windows\nsreg.dat
2009-03-28 14:19 . 2009-03-28 14:19 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-03-28 14:14 . 2009-03-28 14:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 22:41 . 2003-04-10 10:59 -------- d-----w c:\program files\Quicken
2009-04-17 21:47 . 2009-04-05 15:17 -------- d-----w c:\program files\Registry Repair
2009-04-08 23:53 . 2005-11-10 04:05 -------- d-----w c:\program files\Trend Micro
2009-04-08 21:05 . 2003-04-10 10:50 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-05 12:59 . 2004-02-23 02:21 5058 ----a-w c:\windows\Help\hhcolreg.dat
2009-04-05 12:56 . 2003-04-10 09:49 -------- d-----w c:\program files\microsoft frontpage
2009-04-01 23:47 . 2006-10-07 17:58 -------- d-----w c:\program files\MSN Messenger
2009-04-01 22:54 . 2008-12-31 15:56 -------- d-----w c:\program files\Symantec
2009-03-28 14:14 . 2004-02-22 23:56 -------- d-----w c:\program files\Google
2009-03-05 20:00 . 2008-12-31 15:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-05 20:00 . 2008-12-31 15:56 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-05 20:00 . 2008-12-31 15:56 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-05 20:00 . 2008-12-31 15:56 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-05 03:07 . 2004-10-16 19:39 73232 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 03:06 . 2007-12-30 01:53 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-03-05 03:03 . 2007-12-30 01:50 -------- dc----w c:\documents and settings\All Users\Application Data\Intuit
2009-03-05 03:02 . 2003-04-10 10:59 -------- d-----w c:\program files\Common Files\Intuit
2009-03-05 02:58 . 2008-03-07 21:09 -------- d-----w c:\program files\TurboTax
2009-02-19 18:03 . 2009-02-19 18:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 18:03 . 2009-02-19 18:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 17:31 . 2009-02-19 17:31 9844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 17:31 . 2009-02-19 17:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 17:31 . 2009-02-19 17:31 1611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-19 17:31 . 2009-02-19 17:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 17:31 . 2009-02-19 17:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 17:31 . 2009-02-19 17:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 17:31 . 2009-02-19 17:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 17:31 . 2009-02-19 17:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 17:31 . 2009-02-19 17:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 17:31 . 2009-02-19 17:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-14 05:07 . 2003-04-10 09:48 81151 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-02-14 05:01 . 2009-02-14 05:01 420432 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\pchplugin.zip
2009-02-14 05:01 . 2009-02-14 05:01 49152 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\PCHI18N.dll
2009-02-14 05:01 . 2009-02-14 05:01 106496 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\PluginCtrl.dll
2009-02-14 05:01 . 2009-02-14 05:01 77824 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\WinVerifyTrust.dll
2009-02-14 05:01 . 2009-02-14 05:01 159744 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
2009-02-14 05:01 . 2009-02-14 05:01 122880 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\SearchCtrl.dll
2009-02-14 05:01 . 2009-02-14 05:01 126976 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\ContentUpdater.exe
2009-02-14 05:01 . 2009-02-14 05:01 1306152 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS3EN\plugin\bin\motdeusr.zip
2009-02-14 04:47 . 2003-04-10 09:37 250048 --sha-r C:\ntldr
2009-02-09 11:13 . 2003-04-26 01:12 1846784 ----a-w c:\windows\system32\win32k.sys
2005-11-03 03:19 . 2005-11-03 03:19 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2005-04-09 17:50 . 2005-04-09 17:49 32294 ----a-w c:\program files\01018447.cab
2005-04-09 17:46 . 2005-04-09 17:46 32294 ----a-w c:\program files\Microsoft Project management.cab
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-03-03 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\qsb.exe" [2009-03-28 68592]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-03-03 323584]
"S3TRAY2"="S3tray2.exe" - c:\windows\system32\S3tray2.exe [2003-02-25 69632]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"inthe"="c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SV2NTSPN\inthe.exe" [2009-04-05 61952]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Camio Viewer.lnk - c:\program files\Sierra Imaging\Image Expert\IXApplet.exe [2006-9-21 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2004-2-22 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-5-27 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"0233421238628559mcinstcleanup"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86; [x]
R1 AvgTdiX;AVG Free8 Network Redirector; [x]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 mrtRate;mrtRate; [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
R4 0233421238628559mcinstcleanup;McAfee Application Installer Cleanup (0233421238628559); [x]
R4 avg8wd;AVG Free8 WatchDog; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SymLnch - c:\docume~1\Owner\LOCALS~1\Temp\LnchStub.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKU-Default-Run-Symantec NetDriver Warning - c:\recycler\S-1-5-21-3422684401-1981938729-2348912306-1003\Dc26\SNDWarn.exe
Notify-avgrsstarter - avgrsstx.dll


.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 18:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-04-18 18:39
ComboFix-quarantined-files.txt 2009-04-18 00:38

Pre-Run: 21,306,531,840 bytes free
Post-Run: 21,344,530,432 bytes free

205 --- E O F --- 2009-03-27 02:12

Attached Files



#4 txaccthlp

txaccthlp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 April 2009 - 08:24 PM

Here is the DDS file after the steps have been performed. Again, I still can not connect tot he internet.

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Administrator at 19:11:04.51 on Fri 04/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.748 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J3GT3AIZ\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [S3TRAY2] S3tray2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\qsb.exe" /autorun
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
uExplorerRun: [inthe] "c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\sv2ntspn\inthe.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 213640]
S2 0233421238628559mcinstcleanup;McAfee Application Installer Cleanup (0233421238628559); [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 mrtRate;mrtRate; [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-8 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-8 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-8 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-8 40552]

=============== Created Last 30 ================

2009-04-17 18:32 161,792 a------- c:\windows\SWREG.exe
2009-04-17 18:32 98,816 a------- c:\windows\sed.exe
2009-04-17 18:32 <DIR> -cd----- C:\ComboFix
2009-04-17 18:10 <DIR> --d----- c:\windows\pss
2009-04-09 18:38 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-09 18:38 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-08 18:12 <DIR> -cd----- c:\docume~1\admini~1\applic~1\AVGTOOLBAR
2009-04-08 18:12 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-08 16:32 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Citrix
2009-04-08 16:30 61,224 ac------ c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2009-04-08 16:29 <DIR> -cd----- c:\documents and settings\administrator\.java
2009-04-08 16:21 <DIR> -cd----- c:\docume~1\admini~1\applic~1\McAfee
2009-04-08 15:50 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-08 15:50 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-08 15:50 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-08 15:41 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-05 09:23 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-04-05 09:21 <DIR> -cd----- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-04-05 09:18 <DIR> -cd----- c:\docume~1\admini~1\applic~1\GlarySoft
2009-04-05 09:17 <DIR> --d----- c:\program files\Registry Repair
2009-04-03 22:18 <DIR> -cd----- c:\docume~1\admini~1\applic~1\Symantec
2009-04-03 22:18 <DIR> -cd----- c:\documents and settings\administrator\WINDOWS
2009-04-03 22:18 <DIR> -cd----- c:\documents and settings\Administrator
2009-04-02 17:33 12,800 a------- c:\windows\system\WING32.DLL
2009-04-02 17:33 92,208 a------- c:\windows\system\WING.DLL

==================== Find3M ====================

2009-04-05 06:59 5,058 a------- c:\windows\help\hhcolreg.dat
2009-03-05 14:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-05 14:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-05 14:00 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-05 14:00 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-13 23:07 81,151 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-13 23:01 420,432 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\pchplugin.zip
2009-02-13 23:01 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PCHI18N.dll
2009-02-13 23:01 106,496 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PluginCtrl.dll
2009-02-13 23:01 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\WinVerifyTrust.dll
2009-02-13 23:01 159,744 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\PCHButton.exe
2009-02-13 23:01 122,880 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\SearchCtrl.dll
2009-02-13 23:01 126,976 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\ContentUpdater.exe
2009-02-13 23:01 1,306,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnars3en\plugin\bin\motdeusr.zip
2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys
2005-04-09 11:50 32,294 a------- c:\program files\01018447.cab
2005-04-09 11:46 32,294 a------- c:\program files\Microsoft Project management.cab

============= FINISH: 19:11:51.01 ===============

Attached Files



#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 PM

Posted 18 April 2009 - 05:42 AM

Hello,

Click Start>Run> Type in (or copy and paste) ipconfig /flushdns and hit enter. If you see anything it'll be a quick flash of a window.

Click on Start, Control Panel, select the Network and Internet Connections category or double click on Network Connections, depending on which View you are using. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item. Write down the settings in case you should need to change them back. Select the radio dial that says Obtain DNS servers automatically.
Press OK twice to get out of the properties screen and reboot if it asks. If it does not prompt you to reboot go ahead and reboot manually.

Go to Start > Run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
hit enter.

REBOOT!!

Let me know if you have internet back. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 txaccthlp

txaccthlp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 18 April 2009 - 07:50 PM

Well we are still not connected. Did all that you have suggested. I have the following return error:

Last diagnostic run time: 04/18/09 18:02:45
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
info Redirecting user to support call

DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers

DNS failure


Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 207.46.193.254 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK

IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 192.168.1.101

Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR


WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Realtek RTL8139 Family PCI Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

Attached Files



#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 PM

Posted 20 April 2009 - 05:26 AM

A test, please.......uninstall McAfee completely, most importantly the Firewall, and see if you can get online. McAfee is known to cause this sometimes.

Let me know. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 PM

Posted 08 May 2009 - 01:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users