Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No taskbar, no shortcuts, only background, no internet


  • This topic is locked This topic is locked
38 replies to this topic

#16 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 September 2009 - 08:32 PM

Here is the combo fix log:
ComboFix 09-09-18.02 - Brian 09/20/2009 21:05.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1524 [GMT -4:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-18 18:16 . 2009-09-19 20:34 -------- d-----w- C:\HJT
2009-09-15 00:45 . 2009-06-25 08:44 59392 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-15 00:45 . 2009-06-25 08:44 133632 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-15 00:45 . 2009-06-25 08:44 298496 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-15 00:45 . 2009-06-22 11:34 92544 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-13 07:10 . 2009-06-12 11:50 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-09-13 07:10 . 2009-06-10 06:32 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-09-13 07:10 . 2009-06-10 14:21 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-09-13 07:10 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-09-13 07:10 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-13 07:06 . 2009-09-13 07:06 -------- d-----w- c:\program files\MSXML 6.0
2009-09-12 18:00 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-12 18:00 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-12 18:00 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-12 18:00 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-12 17:59 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-12 16:04 . 2004-08-04 07:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-09-12 16:04 . 2004-08-04 07:56 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-09-12 16:04 . 2004-08-04 07:56 27136 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-09-12 16:04 . 2004-08-04 07:56 27136 ----a-w- c:\windows\system32\irmon.dll
2009-09-12 16:04 . 2004-08-04 07:56 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-09-12 16:04 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\irftp.exe
2009-09-12 16:03 . 2009-07-13 14:08 286720 -c----w- c:\windows\system32\dllcache\wmpdxm.dll
2009-09-12 16:03 . 2009-07-13 14:08 5537792 -c----w- c:\windows\system32\dllcache\wmp.dll
2009-09-12 16:03 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-12 16:03 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-12 13:45 . 2009-09-12 13:53 -------- d-----w- c:\windows\system32\wbem\Repository.001
2009-09-12 13:43 . 2009-09-12 16:24 -------- d-----w- c:\windows\ServicePackFiles
2009-09-12 13:30 . 2004-08-04 02:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-09-12 13:30 . 2004-08-04 02:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-09-12 13:30 . 2004-08-04 02:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-09-12 13:30 . 2004-08-04 02:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-09-12 13:30 . 2004-08-04 02:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-09-12 13:30 . 2004-08-04 02:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-09-12 13:28 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-09-12 01:37 . 2009-09-12 01:37 -------- d-----w- c:\documents and settings\TEMP.BRIANLAPTOP.003\Application Data\Intel
2009-09-12 01:37 . 2009-09-12 01:37 -------- d-----w- c:\documents and settings\TEMP.BRIANLAPTOP.002\Application Data\Intel
2009-09-12 01:37 . 2009-09-12 01:37 -------- d-----w- c:\documents and settings\TEMP.BRIANLAPTOP.001\Application Data\Intel
2009-09-12 01:37 . 2009-09-12 01:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-09-12 01:37 . 2009-09-12 01:37 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-12 01:36 . 2007-02-12 15:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-09-12 01:36 . 2007-02-12 15:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-09-12 01:36 . 2007-02-08 17:51 2209408 ----a-w- c:\windows\system32\drivers\w29n51.sys
2009-09-12 01:35 . 2009-09-12 01:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-09-12 01:35 . 2009-09-12 01:35 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-09-12 01:35 . 2009-09-12 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-09-12 01:35 . 2009-09-12 01:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-09-12 01:34 . 2009-09-12 01:34 -------- d-----w- c:\documents and settings\Brian\Application Data\Intel
2009-09-12 00:58 . 2009-09-12 00:58 -------- d-----w- c:\windows\system32\bits
2009-09-12 00:55 . 2008-12-16 12:47 351232 ----a-w- c:\windows\system32\winhttp.dll
2009-09-12 00:55 . 2004-08-04 07:56 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-09-07 17:49 . 2009-09-07 17:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-07 01:10 . 2008-10-16 18:13 1809944 -c--a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-09-07 01:10 . 2008-10-16 18:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-07 01:10 . 2008-10-16 18:09 92696 -c--a-w- c:\windows\system32\dllcache\cdm.dll
2009-09-07 01:10 . 2008-10-16 18:09 92696 ----a-w- c:\windows\system32\cdm.dll
2009-09-07 01:10 . 2008-10-16 18:09 51224 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-09-07 01:10 . 2008-10-16 18:09 51224 ------w- c:\windows\system32\wuauclt.exe
2009-09-07 01:09 . 2009-09-07 01:09 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-09-06 23:35 . 2004-08-04 05:31 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-06 23:34 . 2004-08-04 10:00 306176 ----a-w- c:\windows\system32\slbcsp.dll
2009-09-06 21:01 . 2005-01-23 14:30 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-09-06 20:51 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2009-09-06 20:50 . 2003-07-16 20:22 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-09-06 20:49 . 2001-08-18 02:36 2134528 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-09-06 20:49 . 2001-08-18 02:36 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-09-06 20:39 . 2003-03-21 19:56 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-09-06 20:33 . 2003-07-16 20:48 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2009-09-06 20:33 . 2003-07-16 20:30 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2009-09-06 20:33 . 2003-07-16 20:30 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-09-06 19:12 . 2009-09-06 19:12 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-09-06 19:10 . 2003-07-16 20:30 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-09-06 19:10 . 2003-07-16 20:52 520192 -c--a-w- c:\windows\system32\dllcache\wmpvis.dll
2009-09-06 19:10 . 2003-07-16 20:52 319542 -c--a-w- c:\windows\system32\dllcache\wmmres.dll
2009-09-06 19:10 . 2003-07-16 20:52 163897 -c--a-w- c:\windows\system32\dllcache\wmmutil.dll
2009-09-06 19:10 . 2003-07-16 20:52 110648 -c--a-w- c:\windows\system32\dllcache\wmmfilt.dll
2009-09-06 19:08 . 2003-07-16 20:25 82432 -c--a-w- c:\windows\system32\dllcache\comrepl.dll
2009-09-06 19:08 . 2003-07-16 20:25 82432 ----a-w- c:\windows\system32\comrepl.dll
2009-09-06 19:04 . 2001-08-17 18:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-09-06 19:03 . 2009-09-06 19:03 -------- d-----w- c:\documents and settings\Default User\Application Data\Malwarebytes
2009-09-04 23:08 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-04 23:08 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-04 23:08 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-04 23:08 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-04 18:57 . 2009-09-04 18:57 -------- d-----w- c:\windows\msapps
2009-09-02 00:23 . 2009-09-02 00:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-01 11:26 . 2009-09-06 21:02 -------- d-----w- C:\CimboFix
2009-09-01 11:20 . 2009-09-01 11:20 -------- d-----w- C:\rsit
2009-09-01 01:06 . 2009-09-01 01:06 -------- d-----w- c:\program files\Sophos
2009-08-31 11:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 11:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 03:02 . 2009-08-30 21:12 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-30 03:02 . 2009-08-30 21:11 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 22:22 . 2009-08-30 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\2222

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 20:17 . 2005-10-13 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-09-13 07:16 . 2009-08-19 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 21:02 . 2005-05-01 02:11 56560 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 20:32 . 2004-08-10 18:02 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-31 11:36 . 2008-12-07 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 21:54 . 2009-01-07 02:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-18 15:55 . 2005-07-13 00:33 -------- d-----w- c:\documents and settings\Brian\Application Data\Azureus
2009-08-18 12:53 . 2005-05-07 19:46 -------- d-----w- c:\program files\DC++
2009-08-05 11:29 . 2009-06-05 01:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2009-09-06 23:35 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2009-09-06 23:34 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2003-07-16 20:28 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:55 . 2009-09-06 23:35 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2005-04-18 04:39 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 16:18 . 2006-06-23 15:33 659456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:44 . 2009-09-06 23:35 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2009-09-06 23:35 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2009-09-06 23:34 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2009-09-06 23:34 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2009-09-06 23:34 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2009-09-06 23:34 168448 ----a-w- c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winampagent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912]
"updatemanager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"pcmservice"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"nerofiltercheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"digstream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624]
"digservices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"adobe reader speed launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/4/2009 9:08 PM 108289]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [6/19/2007 2:21 AM 18560]
S3 memsweep2;MEMSWEEP2;\??\c:\windows\system32\1B.tmp --> c:\windows\system32\1B.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\ip3s6ic5.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 21:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset004\Services\memsweep2]
"ImagePath"="\??\c:\windows\system32\1B.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2304)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-21 21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-21 01:23
ComboFix2.txt 2009-09-20 16:43
ComboFix3.txt 2009-09-12 00:49

Pre-Run: 11,364,679,680 bytes free
Post-Run: 11,340,582,912 bytes free

265 --- E O F --- 2009-09-15 01:43

No issues under network adapters:
Here is the info:
1394 Net Adapter
This device is working properly.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Bluetooth Device (Personal Area Network)
This device is working properly.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Bluetooth Device (RFCOMM Protocol TDI)
This device is working properly.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Broadcom 440X 10/100 Integrated Controller
This device is working properly.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Intel Pro Wireless 2915ABG Network Connection
This device is working properly.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Thanks,
Brian

BC AdBot (Login to Remove)

 


#17 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 21 September 2009 - 01:17 AM

Thanks or the feedback Brian.

Since you can get wireless connection elsewhere as you mentioned we have to see if the problem can be solved in your home environment. So please start with answering the question number 3 from the previous post. Also please do the following while the Wireless device is still:

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com) >log.txt&log.txt&del log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

#18 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 21 September 2009 - 06:51 AM

Hi,

My wireless is secure and it does show up on my wireless connections. One of the things that it may be is that I cannot remember my network key. When I click on my network, the screen for the password shows up and filled in, but it just shows as ........ I cannot remember what it actually is and am wondering if something changed there. Once I click connect, it just says waiting for network and then a minute later, it does nothing. I have an older linksys befw11s4 model v.3.

Here is the log info:


Windows IP Configuration



Host Name . . . . . . . . . . . . : BrianLaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.md.comcast.net.

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-11-43-76-7D-74

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.73.246

68.87.71.230

Lease Obtained. . . . . . . . . . : Monday, September 21, 2009 7:44:10 AM

Lease Expires . . . . . . . . . . : Tuesday, September 22, 2009 7:44:10 AM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 2915ABG Network Connection

Physical Address. . . . . . . . . : 00-12-F0-3A-EE-6C



Ethernet adapter Bluetooth Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Physical Address. . . . . . . . . : 00-10-C6-76-47-2F

Server: cns.manassaspr.va.dc02.comcast.net
Address: 68.87.73.246

Name: google.com
Addresses: 74.125.127.100, 74.125.45.100, 74.125.67.100



Pinging google.com [74.125.45.100] with 32 bytes of data:



Reply from 74.125.45.100: bytes=32 time=36ms TTL=51

Reply from 74.125.45.100: bytes=32 time=38ms TTL=51



Ping statistics for 74.125.45.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 38ms, Average = 37ms

#19 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 21 September 2009 - 08:23 AM

One of the things that it may be is that I cannot remember my network key. When I click on my network, the screen for the password shows up and filled in, but it just shows as ........ I cannot remember what it actually is and am wondering if something changed there. Once I click connect, it just says waiting for network and then a minute later, it does nothing. I have an older linksys befw11s4 model v.3.

We checked other things and I think this is the problem.
  • First you have to go to the home network router. To do that copy and paste in the Internet Explorer address bar:

    http://192.168.1.1

    Press Enter. You get a page. if you have not changed the default user name and password the user name should be: admin and the password should be left blank, then press Enter.
    You should be able to change the password and set a new one under security. Don't forget to apply the change you make.
    Then go back to the laptop.

    Note: In case you have changed the default password for your home network router and you don't know the password you have to reset the router. To do that look on the back of the router and you will see a small hole, push a pin into the hole for about 10 sec so that the router will be reset back to factory settings and you can get to the home page with the default user name and password as mentioned above.

  • Go to start => Control Panel => Network Connections => Right click Wireless Network Connection and select Properties. Under Wireless tab select your own wireless connection. Then go to properties and fill in the type of the security and the password. Save the settings. If the setting is set to automatic when you reboot, you get automatically connected to the wireless.


#20 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 21 September 2009 - 07:46 PM

Hello,

My issue might be the age of my router. When I go to security like you said, I don't have an option to change a password. See attached.

Any other thoughts?

Brian

Attached Files



#21 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 22 September 2009 - 05:19 AM

Nice job providing the Screenshot. Now I have doubt if your router is a Wireless router. There is no Wireless settings mentioned there. See also under Advanced tap if there is any mention of Wireless settings.

#22 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 06:47 AM

I have attached some more pictures for you to view. It is a wireless router as for years it connected to it. There is a wireless tab which you can see in the first picture. I then attached a picture of what my wireless card finds and my router is the one in the middle. When I click it, you see the key comes up (I cannot remember what that is) and then when I click connect, it just does that-waiting for network and then that screen goes away and it isn't connecting. As I said, I have connected to two other networks since I reinstalled the OS, just not mine.

Aside from that, do you still see anything infected on my computer? I am still hesitant to use it for anything yet.

I am attaching each picture separately.

Attached Files



#23 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 06:50 AM

part 3

Attached Files



#24 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 06:51 AM

well,

I cannot upload the other pictures. I keep getting too large errors.

#25 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 22 September 2009 - 07:58 AM

As I said, I have connected to two other networks since I reinstalled the OS, just not mine.

Yes you have already mentioned it, but I don't understand why you mention it now? this has nothing to do with your wireless connection, on the contrary the trouble is not your wireless network card or any malware but the the wireless network card can't to you wireless connection and we are trying to fix it.

Aside from that, do you still see anything infected on my computer? I am still hesitant to use it for anything yet.

I don't see any malware on the logs.

You can upload the screenshots to http://imageshack.us/ or http://www.mediafire.com and give me the link to them You don't need to open them with Word.

The under the wireless there was not any type of password setting. Perhaps you have to look for it under other tabs on the router page.

On the last picture you provided the password pop-up didn't allowed me to see the available connections properly. If you could move the close or move the popup and make make another screenshot it might help. Also tell me what is the name of your connection if you have changed the default name (which is the name of the router). To make the job easier for your network card you should put your wireless network at number one on the list when the Windows boot. If you post a screenshot I'll tell you how to do it. You can even remove other wireless networks from the list.

#26 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 11:58 AM

Hi,

Thanks again. The only place I see where I can do something with passwords is under a password tab. But that tab changes the router password (i.e. admin to something else). Besides that, I can modify the WEP key. I don't think I ever changed either one of those. The name of my connection is lmcbp1 and I was able to move it up to the preferred order. Strange thing was that I removed a lot of other connections a while ago, and when I went in today, they were all there.

Since it is an issue with my router, would it be worth considering restoring default settings and re-securing the router again? Would that be any easier? If so, do you recommend any guides on securing it? It was about 5 years ago when I did this and I followed a guide.

Thanks,
Brian

#27 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 22 September 2009 - 01:43 PM

Since it is an issue with my router, would it be worth considering restoring default settings and re-securing the router again? Would that be any easier? If so, do you recommend any guides on securing it? It was about 5 years ago when I did this and I followed a guide.

I have thought of this also. But still you get unsecured connection (you will be able to connect then) and you have to secure it.
There should be somewhere a guide on the net. See if you can find any.

Besides that, I can modify the WEP key.

This is what we were looking for.
There are two types of encryption: WEP or WPA either one of them should work but WPA is better.

The WEP key sets the password for the router. See if there is an option to WPA (pre-shared key) or WPA (TKIP) instaed of WEP.

If there is an option to select WPA (pre-shared key) or WPA (TKIP) select it and set a new password.

For WPA if there is an option select WPA option to select ACSII select it. See how many characters you need (for a 64-Bit) you need 5 characters. Once you set the password make sure to save the settings and reset the router This is what we were looking for.

Go to start => Control Panel => Network Connections => Right click Wireless Network Connection and select Properties. Under Wireless Networks tab select your own wireless connection. Then go to properties and fill in the type of the security and the password. Make sure you select the option to set to automatic connection. when you reboot, you get automatically connected to the wireless.

#28 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 03:14 PM

Hi,

It seems that linksys did not upgrade the WPA option until version 4 of the router I have. I have version 3 so it only looks like I have WEP option. I should probably just upgrade to a new router anyway as it seems like my ipod touch doesn't want to connect to it either.

Having said that, the passphrase that is my wep key, should that be the same password on my laptop? I have tried putting in the generated numbers, but it doesn't seem to work either.

Brian

#29 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:14 PM

Posted 22 September 2009 - 04:01 PM

Having said that, the passphrase that is my wep key, should that be the same password on my laptop?

Yes that is what it is all about otherwise everybody in your neighborhood could connect to you network.

#30 bri2k

bri2k
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 September 2009 - 07:11 PM

Yeah, I tried that and still nothing. I even let my intel proset wireless manage the connections and it didn't connect either once I put in the password.

I should probably upgrade to a wireless g router and be done with this b router.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users