Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems with internet connection, programs starting when disabled with autoruns.exe, system restore didn't work


  • This topic is locked This topic is locked
11 replies to this topic

#1 jmpk19

jmpk19

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 14 May 2012 - 11:19 PM

My brother in law has been having trouble with his laptop, and he asked if I could help. It is an hp dv6000 running vista. It does not have any current virus protection, although Norton and Microsoft Security Essentials is installed. He told me one of his friends recommended ComboFix, which he ran. He's 16, so there is no telling what kind of damage was done. It will not connect to the internet even though it says it is connected. When I open Google Chrome, and Internet Explorer the working offline tab is checked but will not turn off. I keep getting a warning message from the taskbar saying, "Startup programs blocked".
Every couple seconds a Dial-up Connection screen appears asking to connect to a broadband connection. It looks legit, but in the task bar it has what looks like a Java icon. This screen, a Norton updates error, and ARO 2011 appear everytime the computer wakes, or restarts.
When I took the computer I installed and ran Malwarebytes from a flash drive, which did remove a lot of infections. When I click on the icon to safely remove the flash drive I get another error message, "Windows cannot stop USB device because a program is still using it. Close programs and try again later." There were no programs running so I had to shutdown the computer, to remove the device.
I had to do this a couple more times, but the last time the computer restarted the same 3 screens appeared as well as the program Blinkx Beat. I do not know what this program is, and the task manager says the same thing.
I am not sure exactly what is going on with this, just looking at some of the startup items, as well as processes that are and are not running, I know something is not right. Here are the defogger, dds, and gmer logs. Please help me out.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18928
Run by chasefraud at 14:22:31 on 2012-05-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.315 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\dlcccoms.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ARO 2011\ARO.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [AROReminder] c:\program files\aro 2011\ARO.exe -rem
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\chasef~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{052378D2-7DA5-40DC-A143-CDB603673FD4} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{90B417F8-A0C1-4A5C-B6FF-A35FD7E1A224} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AEEE1912-F217-46CE-957F-983FF4D03A17} : DhcpNameServer = 10.0.0.1
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20091209.001\IDSvix86.sys [2009-12-11 286768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-3 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-3 22712]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-10-18 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S3 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2012-5-3 35712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-18 102448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-22 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-3 41272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2006-11-8 348160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-13 19:47:36 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef62b632-c01d-44d1-b680-4b32f2a57c31}\offreg.dll
2012-05-13 16:47:28 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{648eff6c-1739-4a8d-8b08-06e70e73456a}\mpengine.dll
2012-05-13 16:40:46 6734704 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-05-12 17:06:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-12 17:06:06 -------- d-----w- c:\users\chasefraud\appdata\local\temp
2012-05-12 16:44:44 -------- d-----w- C:\ComboFix
2012-05-11 23:52:09 98816 ----a-w- c:\windows\sed.exe
2012-05-11 23:52:09 518144 ----a-w- c:\windows\SWREG.exe
2012-05-11 23:52:09 256000 ----a-w- c:\windows\PEV.exe
2012-05-11 23:52:09 208896 ----a-w- c:\windows\MBR.exe
2012-05-11 23:45:45 -------- d-----w- C:\Combo28980C
2012-05-11 23:13:23 0 ---ha-w- c:\users\chasefraud\appdata\local\BIT9A10.tmp
2012-05-11 23:12:25 0 ---ha-w- c:\users\chasefraud\appdata\local\BITB9CE.tmp
2012-05-09 01:59:09 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2012-05-03 15:42:03 -------- d-----w- C:\Combo
2012-05-03 14:51:20 -------- d-----w- c:\users\chasefraud\appdata\roaming\Malwarebytes
2012-05-03 14:47:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-03 14:47:43 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 14:47:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 14:47:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-03 14:37:37 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2012-05-03 14:31:28 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2012-02-23 16:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:23:40.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 17 May 2012 - 08:39 AM

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets see if we can get the Internet service.

1. Click on Start button.
2. Type Cmd in the Start Search text box.
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4. Type netsh int ip reset in the Command Prompt shell, and then press the Enter key.
5. Restart the computer.

The command will remove all user configured settings on TCP/IP stack and return it to original default state by rewriting pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to achieve the same result as the removal and the reinstallation of the protocol.
===

If that fails, download this tool to a CD or flash drive using a good computer. Copy the file to the Desktop of the Infected computer and run it.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

Let me know if the service is restored.

#3 jmpk19

jmpk19
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 21 May 2012 - 11:24 AM

Thank you for your help. The computer has been powered off since my initial post. When I powered up it went to a boot screen that had some errors/warnings. One was about the date/time being incorrect, an error loading the mouse driver, and the last one was: WARNING: 0251 System CMOS checksum bad. The default configuration has been used. It gave me two options; to continue or proceed to setup. I just proceeded. Also on startup, the same windows appeared with the exception of a new one. I'm now getting a uTorrent New Version 3.1.3. screen asking to download and install the program. I'm not gonna mess with any of them unless instructed to do so.
I ran the Command Prompt, and restarted. After restart I tried to run Internet Explorer, but it would not load (just a blank screen). When I tried to run Google Chrome I got an error message that said "Web Page is not available. The server at www.google.com can't ce found because the DNS lookup failed. It listed the some possible causes for this as well as some suggestions to fix the problem.
I ran the Mini Toolbox as instructed, here's the log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by chasefraud (administrator) on 01-01-2006 at 00:53:56
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Disconnected)
Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : chasefraud-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-1A-73-4D-FA-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6c04:2b2c:42f6:2965%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.16(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 01, 2006 12:12:36 AM
Lease Expires . . . . . . . . . . : Sunday, January 01, 2006 1:42:35 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 151001715
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-6C-D6-D0-00-1B-24-34-BA-4E
DNS Servers . . . . . . . . . . . : 24.177.176.38
71.92.29.130
24.217.201.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2093:1a56:bb46:6cf5(Preferred)
Link-local IPv6 Address . . . . . : fe80::2093:1a56:bb46:6cf5%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{052378D2-7DA5-40DC-A143-CDB603673FD4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 24.177.176.38

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 24.177.176.38

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 24.177.176.38

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a 73 4d fa eb ...... Broadcom 802.11b/g WLAN
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{052378D2-7DA5-40DC-A143-CDB603673FD4}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.16 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.16 281
192.168.0.16 255.255.255.255 On-link 192.168.0.16 281
192.168.0.255 255.255.255.255 On-link 192.168.0.16 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.16 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.16 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:2093:1a56:bb46:6cf5/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::2093:1a56:bb46:6cf5/128
On-link
9 281 fe80::6c04:2b2c:42f6:2965/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/01/2006 00:49:29 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.6001.18928 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: eb4
Start Time: 01c60e9d4b9bcce2
Termination Time: 0

Error: (01/01/2006 00:41:52 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:23:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:19:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:18:49 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:12:50 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:09:15 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/13/2012 02:32:44 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/13/2012 02:16:55 PM) (Source: Application Error) (User: )
Description: Faulting application SynTPEnh.exe, version 11.0.7.0, time stamp 0x47ec49d3, faulting module SynTPEnh.exe, version 11.0.7.0, time stamp 0x47ec49d3, exception code 0xc0000409, fault offset 0x0002bc4c,
process id 0xd50, application start time 0xSynTPEnh.exe0.

Error: (05/13/2012 00:33:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (01/01/2006 00:13:08 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be changed by +201517187 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly.

Error: (01/01/2006 00:10:27 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (01/01/2006 00:03:01 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:37:14 AM on 5/14/2012 was unexpected.

Error: (05/14/2012 03:10:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/14/2012 03:10:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/14/2012 03:10:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/14/2012 03:10:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/14/2012 03:10:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/13/2012 01:57:47 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/13/2012 01:57:47 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.1068.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 957.87 MB
Available physical RAM: 209.77 MB
Total Pagefile: 2182.32 MB
Available Pagefile: 1168.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:105.18 GB) (Free:64.07 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:6.61 GB) (Free:0.63 GB) NTFS
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32

========================= Users: ========================================

User accounts for \\CHASEFRAUD-PC

Administrator caroline anne chasefraud
Guest johnny


**** End of log ****

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 21 May 2012 - 12:38 PM

One was about the date/time being incorrect, an error loading the mouse driver, and the last one was: WARNING: 0251 System CMOS checksum bad.

Indicates some Hardware problem.

Start here.

http://h30434.www3.hp.com/t5/Notebook-Operating-Systems-and/CMOS-Checksum-Error/td-p/608125

You can start a new topic at HP Support Forum if you need help on this issues.
You can register on the link above.

p.s.
The incorrect time and date is a sign that the battery must be changed. Do not wait to do that. Hope that will fix this.
===

Let me see the log for this scan.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#5 jmpk19

jmpk19
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 21 May 2012 - 03:31 PM

Here is the FSS log you requested:

Farbar Service Scanner Version: 17-05-2012
Ran by chasefraud (administrator) on 01-01-2006 at 05:15:47
Running from "F:\programs"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2006-01-10 01:33] - [2010-04-05 14:00] - 0910208 ____A (Microsoft Corporation) CC9993701AC57F995554C696DDA49C12

C:\Windows\system32\dnsrslvr.dll
[2010-07-08 09:56] - [2009-04-11 00:28] - 0086528 ____A (Microsoft Corporation) 30A08728740E71947AE1E073B5CE69B4

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 22 May 2012 - 07:40 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    tcpip.sys
    dnsrslvr.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs and let me know what problem persists.

#7 jmpk19

jmpk19
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 23 May 2012 - 10:34 AM

When I rebooted the computer this time it automatically logged on to one of the other user accounts. A Windows screen came up and said that windows installed automatic updates. Then when I flipped the switch and turned on the wireless adapter built into the computer another screen appeared and said that it couldn't connect to the internet because no wireless adapter can be found. Thought it was wierd cause isn't an internet connection required to download and install Windows updates?
I downloaded systemlook to my flashdrive and ran it on the laptop with no problems. I then downloaded Combofix to the flashdrive and ran it a total of three times. I'd agree to the terms, it would start to run, then shut down and give me a warning about the date/time settings, and that I should check those settings. I corrected the date/time and ran it for a third time. I got the same results as before except this time Combofix was erased from my flashdrive.
I re-downloaded from my clean desktop to the flashdrive, and re-ran it in the laptop. It got to stage 48, then the screen went black and a random program (Blinxbeat) started. The programs start screen stayed up for about 2 minutes. Then the screen went completely white for about 5 minutes. It stayed white but the taskbar appeared showing the combofix log, and blinxbeat.
Here are the logs from those programs:

SystemLook 30.07.11 by jpshortstuff
Log created at 05:54 on 02/01/2006 by chasefraud
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys --a---- 904576 bytes [08:45 15/04/2010] [14:07 18/02/2010] 48CBE6D53632D0067C2D6B20F90D84CA
C:\Windows\ERDNT\cache\tcpip.sys --a---- 910208 bytes [15:55 03/05/2012] [20:00 05/04/2010] CC9993701AC57F995554C696DDA49C12
C:\Windows\System32\drivers\tcpip.sys --a---- 914304 bytes [13:12 01/01/2006] [12:39 30/03/2012] EE7E10BED85C312C1D5D30C435BDDA9F
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys --a---- 891448 bytes [23:52 22/10/2009] [07:43 19/01/2008] FC6E2835D667774D409C7C7021EAF9C4
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys --a---- 891448 bytes [15:36 08/07/2010] [08:26 26/04/2008] 82E266BEE5F0167E41C6ECFDD2A79C02
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys --a---- 897608 bytes [12:29 19/10/2009] [12:29 19/10/2009] 8A7AD2A214233F684242F289ED83EBC3
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys --a---- 897624 bytes [00:22 11/02/2010] [20:52 08/12/2009] 1ACBB7A47E78F4CC82D2EFFB72901528
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys --a---- 898952 bytes [08:45 15/04/2010] [14:49 18/02/2010] 2EAE4500984C2F8DACFB977060300A15
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys --a---- 891448 bytes [15:36 08/07/2010] [08:08 26/04/2008] 01EC1E92595F839BEE70D439C46796E3
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys --a---- 900168 bytes [12:29 19/10/2009] [12:29 19/10/2009] 2608E71AAD54564647D4BB984E1925AA
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys --a---- 900696 bytes [00:22 11/02/2010] [20:37 08/12/2009] 5653230D480A9C54D169E1B080B72CF5
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys --a---- 902024 bytes [08:45 15/04/2010] [17:36 18/02/2010] 93A5655CD9CD2F080EF1CB71A3666215
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys --a---- 902024 bytes [07:33 10/01/2006] [17:03 05/04/2010] A6A02EF5B5E40FBD31A1ADC577DA54BB
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys --a---- 897000 bytes [15:57 08/07/2010] [06:33 11/04/2009] 0E6B0885C3D5E4643ED2D043DE3433D8
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys --a---- 904776 bytes [12:29 19/10/2009] [12:29 19/10/2009] 65877AA1B6A7CB797488E831698973E9
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys --a---- 904776 bytes [00:22 11/02/2010] [20:01 08/12/2009] DA467E7619AE5F4588E6262C13C8940A
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys --a---- 904576 bytes [08:45 15/04/2010] [14:07 18/02/2010] 48CBE6D53632D0067C2D6B20F90D84CA
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys --a---- 905600 bytes [13:12 01/01/2006] [12:39 30/03/2012] 27D470DABC77BC60D0A3B0E4DEB6CB91
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys --a---- 905784 bytes [12:29 19/10/2009] [12:29 19/10/2009] FF71856BD4CD6D4367F9FD84BE79A874
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys --a---- 907832 bytes [00:22 11/02/2010] [20:15 08/12/2009] 46E6685F3E92AEC743773ADD4CD54F57
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys --a---- 910216 bytes [08:45 15/04/2010] [14:22 18/02/2010] D9F5DD5BBC8348E8F8220CCBF14C022E
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys --a---- 910208 bytes [07:33 10/01/2006] [20:00 05/04/2010] CC9993701AC57F995554C696DDA49C12
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys --a---- 914304 bytes [13:12 01/01/2006] [12:39 30/03/2012] EE7E10BED85C312C1D5D30C435BDDA9F
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys --a---- 802816 bytes [08:58 02/11/2006] [08:58 02/11/2006] D944522B048A5FEB7700B5170D3D9423
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys --a---- 803328 bytes [11:21 19/10/2009] [11:21 19/10/2009] 5DF77458AA92FDB36FCE79C60F74AB5D
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys --a---- 813568 bytes [12:29 19/10/2009] [12:29 19/10/2009] 300208927321066EA53761FDC98747C6
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys --a---- 813568 bytes [00:22 11/02/2010] [17:58 08/12/2009] 8734BD051FFDCBF8425CF222141C3741
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys --a---- 815104 bytes [08:45 15/04/2010] [12:05 18/02/2010] 4A82FA8F0DF67AA354580C3FAAF8BDE3
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys --a---- 806400 bytes [11:21 19/10/2009] [11:21 19/10/2009] 52A8BD6294F7D1443C6184C67AE13AF4
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys --a---- 816640 bytes [12:29 19/10/2009] [12:29 19/10/2009] 2512B4D1353370D6688B1AF1F5AFA1CF
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys --a---- 816640 bytes [00:22 11/02/2010] [17:45 08/12/2009] CA3A5756672013A66BB9D547A5A62DCA
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys --a---- 818688 bytes [08:45 15/04/2010] [11:51 18/02/2010] 2C1F7005AA3B62721BFDB307BD5F5010

Searching for "dnsrslvr.dll"
C:\Windows\System32\dnsrslvr.dll --a---- 86528 bytes [13:16 01/01/2006] [15:44 02/03/2011] 57D762F6F5974AF0DA2BE88A3349BAAA
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16386_none_dfabbae1856e5297\dnsrslvr.dll --a---- 83968 bytes [08:46 02/11/2006] [09:46 02/11/2006] 7EF78529439683570884F9308A02EC11
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll --a---- 83968 bytes [10:53 19/10/2009] [10:53 19/10/2009] EECBA1DD142BF8693C476BE8F32FE253
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll --a---- 84480 bytes [10:53 19/10/2009] [10:53 19/10/2009] 05D7E62FD2EABAD579EB4D0C29245EEC
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll --a---- 86528 bytes [23:50 22/10/2009] [07:34 19/01/2008] F5A0F1DA1ED8B429597E71D27D976E31
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll --a---- 86528 bytes [13:16 01/01/2006] [14:49 02/03/2011] 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll --a---- 86528 bytes [13:16 01/01/2006] [14:25 02/03/2011] 1FF4F12AF03AA5DAFE05F6937E497193
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll --a---- 86528 bytes [15:56 08/07/2010] [06:28 11/04/2009] 30A08728740E71947AE1E073B5CE69B4
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll --a---- 86528 bytes [13:16 01/01/2006] [15:44 02/03/2011] 57D762F6F5974AF0DA2BE88A3349BAAA
C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll --a---- 86528 bytes [13:16 01/01/2006] [18:19 02/03/2011] 9BC2EB15BB0E08579536AC47D7C6F92A

-= EOF =-

ComboFix 12-05-23.01 - chasefraud 05/23/2012 9:11.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.301 [GMT -6:00]
Running from: f:\programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 15:23 . 2012-05-23 15:23 -------- d-----w- c:\users\johnny\AppData\Local\temp
2012-05-23 15:23 . 2012-05-23 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 15:23 . 2012-05-23 15:23 -------- d-----w- c:\users\caroline anne\AppData\Local\temp
2012-05-23 14:58 . 2012-05-15 07:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE115C4C-7A89-453D-B74D-F5CAC1D52D76}\mpengine.dll
2012-05-23 14:51 . 2012-05-15 07:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-05-23 14:50 . 2012-05-23 15:00 -------- d-----w- C:\6689374ac49ccd00249ca5b5ee3d6c
2012-05-13 16:47 . 2012-04-18 09:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{648EFF6C-1739-4A8D-8B08-06E70E73456A}\mpengine.dll
2012-05-12 17:06 . 2012-05-23 15:23 -------- d-----w- c:\users\chasefraud\AppData\Local\temp
2012-05-11 23:13 . 2012-05-11 23:13 0 ---ha-w- c:\users\chasefraud\AppData\Local\BIT9A10.tmp
2012-05-11 23:12 . 2012-05-11 23:12 0 ---ha-w- c:\users\chasefraud\AppData\Local\BITB9CE.tmp
2012-05-09 01:59 . 2012-05-09 01:59 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2012-05-03 15:42 . 2012-05-03 15:57 -------- d-----w- C:\Combo
2012-05-03 14:51 . 2012-05-03 14:51 -------- d-----w- c:\users\chasefraud\AppData\Roaming\Malwarebytes
2012-05-03 14:47 . 2012-05-03 14:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 14:47 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-03 14:47 . 2012-05-03 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-03 14:47 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 14:37 . 2012-05-03 14:37 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2012-04-29 14:38 . 2012-04-29 14:51 -------- d-----w- c:\users\caroline anne\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2006-01-01 11:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2006-01-01 11:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2006-01-01 11:28 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2006-01-01 13:12 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2006-01-01 13:12 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:28 . 2006-01-01 13:16 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-01 14:46 . 2006-01-01 13:17 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46 . 2006-01-01 13:17 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11 . 2006-01-02 09:34 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2006-01-02 09:34 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2006-01-02 09:34 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08 . 2006-01-01 13:17 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44 . 2006-01-01 13:17 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41 . 2006-01-01 13:17 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32 . 2006-01-02 09:34 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-23 16:18 . 2009-10-18 15:50 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2006-10-04 399736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2006-10-04 273544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\chasefraud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2006-12-04 c:\windows\Tasks\ARO 2011.job
- c:\program files\ARO 2011\ARO.exe [2006-10-04 17:13]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:04]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:04]
.
2012-05-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - chasefraud.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-08 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 09:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-23 09:28:27
ComboFix-quarantined-files.txt 2012-05-23 15:28
ComboFix2.txt 2012-05-12 17:06
ComboFix3.txt 2012-05-12 00:17
ComboFix4.txt 2012-05-03 15:57
.
Pre-Run: 67,031,662,592 bytes free
Post-Run: 66,628,435,968 bytes free
.
- - End Of File - - 0795BBBD7BDE14215B0AFC2F6C52B5B9

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 24 May 2012 - 08:10 AM

ComboFix was updated yesterday.

Please delete your current ComboFix.exe download the new version and run it.
Post the log.

Please confirm if you have or not Internet Connectity in normal mode on this computer.

In other words was are the remaining issues with this computer.
===


. Thought it was wierd cause isn't an internet connection required to download and install Windows updates?

Updates are downloaded and when executed at time the computer must be restarted. What has happed here I do not know.

One think I know is that once the downloaded file is downloaded and run the computer must not be powered down until the installation is completed.
===

If you did not installed Blinxbeat I suggest you remove it using the Add/Remove Programs list.

If not possibly the use this tool to remove all traces of it.

Download Revo Uninstaller

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 30 May 2012 - 08:48 AM

Are you still with me?

#10 jmpk19

jmpk19
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 30 May 2012 - 04:24 PM

Yeah, sorry about that. The hard drive on the desktop I am using went down, and I had to put a new one in. In terms of computers, it's a dinosaur! To answer your question, I still do not have internet connection. It has a port for a wireless card, but we never had to use it before all the issues. I am running a newly downloaded Combofix right now for the second time. I tried a few minutes ago and could not get it to run, but the computer froze up (except the mouse). This second time is successful so far. It is on Stage 10 now, and I will post the log as soon as it is done. Thanks again and sorry for the hold up.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 31 May 2012 - 08:02 AM

You need an internet connection to run ComboFix in normal mode Or Safe mode with internet connection.

You can download these tools to a CD or Flash drive using a good computer. Copy them to the desktop of the infected computer.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

If still no internet connection continue.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 06 June 2012 - 12:58 PM

Are you still with me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users