Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet...had PC security


  • This topic is locked This topic is locked
5 replies to this topic

#1 kleach

kleach

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 26 July 2010 - 02:50 PM

I have a viata home notebook
It had Norton 360, avira and also that PC security malware on it.
I removed the PC security.. and Norton 360 (but not cleanly.. I have to manually remove the files and services and reg entries)

Admin was blocked from task manager.. I removed the registry entry.
I ran Malwarebytes and cleaned everything up.
There does NOT seem to be any root kits.
Also there was some magnetic screen saver and that incredimail email app.. all removed
I ran registry mechanic and clean all
I ran a scan disk and it was clean
Everything seem much better...

However it seems something will NOT let me get to the internet.
I can get a DHCP connection but shows as "local only" even if I give it a static IP and DNS.
This is true for wired and wireless.

See below for hijack this output.. it complains about the hosts file being locked.. but there is nothing other than local host there...
I also attached the OTL data.

Thanks for any help..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:15 PM, on 7/26/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 68.105.29.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 68.105.29.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 68.105.29.11
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 5553 bytes

Attached Files


Edited by kleach, 26 July 2010 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 kleach

kleach
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 26 July 2010 - 03:23 PM

The issue was NORTON!!!
I downloaded the Norton removal tool from Norton.. and it repaired the device dependency..
Here is the link

ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe


Problem solved..

Out of curiosity what is your official recommended anti-virus and anti-malware programs..
I have Avira reinstalled... and like it due to the low overhead..
Currently no anti-malware..

It seems many apps are very expensive CPU wise..

Thanks




#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 27 July 2010 - 02:36 AM

Hello, since a log was posted, I am moving this to the appropriate forum.

Please let me know if you need any more help with this issue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:12 AM

Posted 27 July 2010 - 05:48 PM

Hello,

Does this involve the same computer as this topic: http://www.bleepingcomputer.com/forums/t/335094/trrootkit-gen2-in-winsxs/ ?

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 kleach

kleach
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 13 August 2010 - 01:39 PM

Not related.. this issue is closed...

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 13 August 2010 - 01:45 PM

Closed as requested.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users