Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus/no internet


  • This topic is locked This topic is locked
96 replies to this topic

#1 toddrs93

toddrs93

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 May 2013 - 07:45 PM

Original problem was a search redirect virus that I just put up with for a while. 

Finally started going through things to try to get rid of it, malwarebytes, spybot, adaware and ESET.

The only program to come up with anything was ESET which I then deleted.

 

Then after rebooting I could not connect to the internet on the infected PC. Wireless work on the other computers fine.

 

LAN shows connected, and when you try to diagnose/repair, the response is FAILED TO QUERY TCP/IP SETTINGS OF THE CONNECTION

 

Have since ran all kinds of stuff, in normal and safemode, malwarebytes, spybot, TDDS, TFC, netsh, winsock, FIX IT, etc., then even did a reboot from a windows xp pro SP2 CD.

 

still nothing so ran combofix, and still nothing

 

 

DDS and combofix logs attached

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180
Run by Owner at 20:27:35 on 2013-05-19
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.272 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k eapsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DD2ACE79-B6BA-4C41-A8A9-3A9DFC9BF920} : DHCPNameServer = 192.168.1.1
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w8l2y2aw.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2012-4-10 16640]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2);c:\windows\system32\drivers\FastNIC.sys [2012-4-10 38528]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [2012-4-10 747392]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys --> c:\windows\system32\drivers\bwcdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-7-21 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-19 22:53:03 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-19 19:52:27 98816 ----a-w- c:\windows\sed.exe
2013-05-19 19:52:27 256000 ----a-w- c:\windows\PEV.exe
2013-05-19 19:52:27 208896 ----a-w- c:\windows\MBR.exe
2013-05-17 16:51:21 -------- d-----w- c:\windows\system32\CatRoot2
2013-05-17 16:25:06 446464 ----a-w- c:\windows\system32\nvudisp.exe
2013-05-17 16:24:51 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-05-17 12:42:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-05-15 15:32:57 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2013-05-15 15:31:59 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2013-05-15 15:30:51 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2013-05-15 15:28:25 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2013-05-15 15:28:25 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2013-05-15 15:26:17 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2013-05-15 15:26:17 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2013-05-15 15:14:29 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2013-05-15 15:14:29 24661 ----a-w- c:\windows\system32\spxcoins.dll
2013-05-15 15:14:29 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2013-05-15 15:14:29 13312 ----a-w- c:\windows\system32\irclass.dll
2013-05-15 15:13:59 13753 ----a-r- c:\windows\SET43.tmp
2013-05-15 15:13:56 1086058 ----a-r- c:\windows\SET37.tmp
2013-05-15 15:13:55 1042903 ----a-r- c:\windows\SET36.tmp
2013-05-15 13:40:53 33792 ----a-w- c:\program files\messenger\custsat.dll
2013-05-15 13:24:47 16535 ----a-r- c:\windows\SET17D.tmp
2013-05-15 13:24:46 1088840 ----a-r- c:\windows\SET177.tmp
2013-05-15 13:24:44 1296669 ----a-r- c:\windows\SET174.tmp
2013-05-15 13:15:53 -------- d-----w- c:\windows\setup.pss
2013-05-15 09:18:33 -------- d-----w- c:\windows\system32\oobe
2013-05-15 09:18:33 -------- d-----w- c:\windows\system32\inetsrv
2013-05-14 23:55:12 -------- d-----w- c:\documents and settings\all users.windows\application data\Sophos
2013-05-14 22:41:37 -------- d-----w- C:\number1
2013-05-14 20:38:47 -------- d-sha-r- C:\cmdcons
.
==================== Find3M  ====================
.
2013-05-17 16:47:03 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 23:37:07 248192 ----a-r- c:\windows\system32\cpnprt2.cid
2013-03-16 00:39:01 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-16 00:39:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 00:38:51 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-06 04:20:31 178120 ----a-w- c:\program files\5zres.dll
2012-12-06 03:48:09 178112 ----a-w- c:\program files\2pres.dll
2013-02-18 17:20:25 114688 --sha-r- c:\windows\system32\c_9363.dll
.
============= FINISH: 20:28:19.10 ===============

 

 

 

 

ComboFix 13-05-14.01 - Owner 05/19/2013  16:22:31.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.174 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-19 to 2013-05-19  )))))))))))))))))))))))))))))))
.
.
2013-05-17 16:51 . 2013-05-19 19:52 -------- d-----w- c:\windows\system32\CatRoot2
2013-05-17 16:25 . 2008-05-16 18:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2013-05-17 16:24 . 2008-05-16 15:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-05-17 12:42 . 2013-05-17 12:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-05-15 15:32 . 2004-08-04 04:56 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2013-05-15 15:31 . 2002-10-09 02:51 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2013-05-15 15:30 . 2002-10-09 02:50 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2013-05-15 15:28 . 2002-10-09 02:51 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2013-05-15 15:28 . 2002-10-09 02:51 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-05-15 15:26 . 2004-08-04 02:59 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2013-05-15 15:26 . 2004-08-04 02:59 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2013-05-15 15:14 . 2002-10-09 02:52 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2013-05-15 15:14 . 2002-10-09 02:52 24661 ----a-w- c:\windows\system32\spxcoins.dll
2013-05-15 15:14 . 2002-10-09 02:51 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2013-05-15 15:14 . 2002-10-09 02:51 13312 ----a-w- c:\windows\system32\irclass.dll
2013-05-15 15:13 . 2004-08-04 05:58 13753 ----a-r- c:\windows\SET43.tmp
2013-05-15 15:13 . 2004-08-04 05:57 1086058 ----a-r- c:\windows\SET37.tmp
2013-05-15 15:13 . 2004-08-04 06:03 1042903 ----a-r- c:\windows\SET36.tmp
2013-05-15 13:40 . 2008-04-14 04:41 33792 ----a-w- c:\program files\Messenger\custsat.dll
2013-05-15 13:24 . 2008-04-14 06:34 16535 ----a-r- c:\windows\SET17D.tmp
2013-05-15 13:24 . 2008-04-14 06:34 1088840 ----a-r- c:\windows\SET177.tmp
2013-05-15 13:24 . 2008-04-14 06:40 1296669 ----a-r- c:\windows\SET174.tmp
2013-05-15 09:18 . 2013-05-15 15:28 -------- d-----w- c:\windows\system32\oobe
2013-05-14 23:55 . 2013-05-14 23:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sophos
2013-05-14 22:41 . 2013-05-14 23:13 -------- d-----w- C:\number1
2013-05-14 21:09 . 2013-05-11 22:27 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 16:47 . 2004-08-04 03:14 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2013-04-04 18:50 . 2012-04-11 12:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 23:37 . 2012-11-08 00:57 248192 ----a-r- c:\windows\system32\cpnprt2.cid
2013-03-16 00:39 . 2012-04-11 14:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-16 00:39 . 2012-04-11 14:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 00:38 . 2013-03-14 17:37 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-06 04:20 . 2012-12-28 22:40 178120 ----a-w- c:\program files\5zres.dll
2012-12-06 03:48 . 2012-12-28 22:39 178112 ----a-w- c:\program files\2pres.dll
2013-02-18 17:20 114688 --sha-r- c:\windows\system32\c_9363.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-22 296056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [4/10/2012 8:58 PM 16640]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2);c:\windows\system32\drivers\FastNIC.sys [4/10/2012 8:57 PM 38528]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/19/2009 4:29 AM 9472]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [7/21/2012 10:13 PM 14424]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [4/10/2012 9:08 PM 747392]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70306909
*Deregistered* - 70306909
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:39]
.
2013-05-18 c:\windows\Tasks\ubreowrxp.job
- c:\windows\system32\c_9363.dll [2013-02-18 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\334uu6zd.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-19 16:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-19  16:27:12
ComboFix-quarantined-files.txt  2013-05-19 20:27
.
Pre-Run: 76,365,717,504 bytes free
Post-Run: 76,383,526,912 bytes free
.
- - End Of File - - F21B7F31421A741A4B0F9809105DD583

Attached Files


Edited by jntkwx, 25 May 2013 - 11:27 AM.
Including logs in post (easier to read)


BC AdBot (Login to Remove)

 


#2 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 09:25 PM

also just ran xp sp2 update kb884020

 

and a chipset driver update as the sm bus controller had a flag under device manager, strange thing here though is the update ran fine but afterwards the sm bus controller is gone from the device manager list, I can not find it now.

 



#3 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 10:15 PM

ran security check but the text file will not copy to a cd for some reson and now my flash drive isnt being recognized so I cant get it posted at the moment,

 

ran Farbar (FSS) but it just scans for a second then pops up "cannot find the FSS.text file"

 

ran minitoolbox but also cannot find result.txt file

 

ran aswMBR and malwarebytes antiroot kit

 

guess i have to fix whatever is not properly formatting this cd's or my flash drive so I can post these logs

 

 

 



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 24 May 2013 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/495152 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 24 May 2013 - 09:39 PM

current dds log

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180
Run by Owner at 22:29:18 on 2013-05-24
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.296 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DD2ACE79-B6BA-4C41-A8A9-3A9DFC9BF920} : DHCPNameServer = 192.168.1.1
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w8l2y2aw.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2012-4-10 16640]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2);c:\windows\system32\drivers\FastNIC.sys [2012-4-10 38528]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [2012-4-10 747392]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys --> c:\windows\system32\drivers\bwcdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-7-21 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-21 03:54:57 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2013-05-21 03:53:59 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2013-05-21 03:52:58 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2013-05-21 03:51:59 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-05-21 03:50:59 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-05-21 03:49:59 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2013-05-21 03:48:57 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2013-05-21 03:47:57 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2013-05-21 03:46:55 17279 -c--a-w- c:\windows\system32\dllcache\atv10nt5.dll
2013-05-21 03:45:59 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2013-05-21 03:45:59 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-05-21 03:45:59 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-05-21 03:45:58 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2013-05-21 03:45:57 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-05-21 03:45:57 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-05-21 03:45:56 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2013-05-21 03:45:56 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-05-21 03:45:56 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-05-21 03:45:36 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-05-21 03:45:31 2148352 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-05-21 03:43:54 -------- d-----w- c:\program files\Tweaking.com
2013-05-20 23:48:54 -------- d-----w- C:\HP
2013-05-19 22:53:03 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-19 19:52:27 98816 ----a-w- c:\windows\sed.exe
2013-05-19 19:52:27 256000 ----a-w- c:\windows\PEV.exe
2013-05-19 19:52:27 208896 ----a-w- c:\windows\MBR.exe
2013-05-17 16:51:21 -------- d-----w- c:\windows\system32\CatRoot2
2013-05-17 16:25:06 446464 ----a-w- c:\windows\system32\nvudisp.exe
2013-05-17 16:24:51 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-05-17 12:42:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-05-15 15:32:57 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2013-05-15 15:31:59 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2013-05-15 15:30:51 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2013-05-15 15:28:25 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2013-05-15 15:28:25 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2013-05-15 15:26:17 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2013-05-15 15:26:17 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2013-05-15 15:14:29 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2013-05-15 15:14:29 24661 ----a-w- c:\windows\system32\spxcoins.dll
2013-05-15 15:14:29 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2013-05-15 15:14:29 13312 ----a-w- c:\windows\system32\irclass.dll
2013-05-15 15:13:59 13753 ----a-r- c:\windows\SET43.tmp
2013-05-15 15:13:56 1086058 ----a-r- c:\windows\SET37.tmp
2013-05-15 15:13:55 1042903 ----a-r- c:\windows\SET36.tmp
2013-05-15 13:40:53 33792 ----a-w- c:\program files\messenger\custsat.dll
2013-05-15 13:24:47 16535 ----a-r- c:\windows\SET17D.tmp
2013-05-15 13:24:46 1088840 ----a-r- c:\windows\SET177.tmp
2013-05-15 13:24:44 1296669 ----a-r- c:\windows\SET174.tmp
2013-05-15 13:15:53 -------- d-----w- c:\windows\setup.pss
2013-05-15 09:18:33 -------- d-----w- c:\windows\system32\oobe
2013-05-15 09:18:33 -------- d-----w- c:\windows\system32\inetsrv
2013-05-14 23:55:12 -------- d-----w- c:\documents and settings\all users.windows\application data\Sophos
2013-05-14 22:41:37 -------- d-----w- C:\number1
2013-05-14 20:38:47 -------- d-sha-r- C:\cmdcons
.
==================== Find3M  ====================
.
2013-05-17 16:47:03 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 23:37:07 248192 ----a-r- c:\windows\system32\cpnprt2.cid
2013-03-16 00:39:01 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-16 00:39:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 00:38:51 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-06 04:20:31 178120 ----a-w- c:\program files\5zres.dll
2012-12-06 03:48:09 178112 ----a-w- c:\program files\2pres.dll
2013-02-18 17:20:25 114688 --sha-r- c:\windows\system32\c_9363.dll
.
============= FINISH: 22:30:13.37 ===============

Attached Files


Edited by jntkwx, 25 May 2013 - 11:28 AM.
Including logs in post (easier to read)


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:17 AM

Posted 25 May 2013 - 11:38 AM

Hi toddrs93,

:welcome: back to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.
  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.
  • In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

    Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

     

    :step1: Rerun FSS
    Please download Farbar Service Scanner, save it to a USB flashdrive, copy it to the desktop of the computer with the issue, and then run it.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    In your next reply, please include:
    • FSS log (or any errors you get if it doesn't run)
    • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 25 May 2013 - 12:28 PM

fss log
still no internet



Farbar Service Scanner Version: 25-05-2013
Ran by Owner (administrator) on 25-05-2013 at 13:24:51
Running from "F:\"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-03 23:14] - [2004-08-03 23:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-03 23:14] - [2004-08-13 18:50] - 0359040 ____A (Microsoft Corporation) 4092C56967175F009DC8458DC434358E

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-03 23:14] - [2013-05-17 12:47] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-04-11 02:11] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2012-04-11 02:21] - [2004-08-04 00:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2012-04-11 02:21] - [2004-08-03 23:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-04-11 02:11] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2012-04-11 02:22] - [2004-08-04 00:56] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2012-04-11 02:22] - [2004-08-04 00:56] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
bwcdrv(11) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(8) NwlnkNb(9) PSched(10) Tcpip(3)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Attached Files

  • Attached File  FSS.txt   4.29KB   3 downloads

Edited by jntkwx, 25 May 2013 - 12:36 PM.
Attaching log (easier to read)


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:17 AM

Posted 25 May 2013 - 12:43 PM

In the future, please just copy and paste logs into your reply instead of attaching them, they're easier to read that way. :)
  • Please download ServicesRepair and save it to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Edited by jntkwx, 25 May 2013 - 12:43 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 25 May 2013 - 02:41 PM

for some reason I cant get the paste option to come up in the reply box so thats why I keep doing attachments.

 

and the servicesrepair link is no good



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:17 AM

Posted 25 May 2013 - 03:03 PM

for some reason I cant get the paste option to come up in the reply box so thats why I keep doing attachments.

Okay, that's fine.

 

Sorry, try this link.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 25 May 2013 - 11:05 PM

Log Opened: 2013-05-25 @ 23:39:28
23:39:28 - -----------------
23:39:28 - | Begin Logging |
23:39:28 - -----------------
23:39:28 - Fix started on a WIN_XP X86 computer
23:39:28 - Prep in progress.  Please Wait.
23:39:34 - Prep complete
23:39:34 - Repairing Services Now.  Please wait...
23:39:35 - Services Repair Complete.
23:39:38 - Reboot Initiated



#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:17 AM

Posted 26 May 2013 - 07:53 AM

Any change with getting on the Internet?

 

If not, please run MiniToolBox (you may have to copy it to the desktop to get it to save a log).

 

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 26 May 2013 - 10:05 AM

no change

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Owner (administrator) on 26-05-2013 at 11:02:38
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

SMC EZ Card 10/100 (SMC1244TX V2) = Local Area Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [144384] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/21/2013 09:18:02 PM) (Source: Application Hang) (User: )
Description: Hanging application vlc.exe, version 1.1.9.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/21/2013 00:19:55 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF while recovering repository file.

Error: (05/21/2013 00:19:09 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF while recovering repository file.

Error: (05/17/2013 03:31:16 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 1.0.0.127.in-addr.arpa. PTR anonymous.local.

Error: (05/17/2013 03:31:16 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   19 1.0.0.127.in-addr.arpa. PTR anonymous-2.local.

Error: (05/15/2013 10:19:05 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (05/15/2013 10:15:39 AM) (Source: Application Error) (User: )
Description: Faulting application FreemakeUtilsService.exe, version 1.0.0.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Error in creating result PEAP-TLV in response to received PEAP-TLV (FreemakeUtilsService.exe!ld!)

Error: (05/15/2013 10:14:16 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (05/15/2013 10:14:16 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (05/15/2013 10:14:10 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (05/26/2013 11:01:06 AM) (Source: Service Control Manager) (User: )
Description: The EPSON V3 Service4(01) service failed to start due to the following error:
%%2

Error: (05/26/2013 11:01:06 AM) (Source: Service Control Manager) (User: )
Description: The BUFFALO Wireless Configuration service failed to start due to the following error:
%%2

Error: (05/26/2013 11:00:14 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Error: (05/26/2013 11:00:13 AM) (Source: DCOM) (User: ANONYMOUS)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T

Error: (05/26/2013 11:00:07 AM) (Source: 0) (User: )
Description: T


Microsoft Office Sessions:
=========================
Error: (05/21/2013 09:18:02 PM) (Source: Application Hang)(User: )
Description: vlc.exe1.1.9.0hungapp0.0.0.000000000

Error: (05/21/2013 00:19:55 AM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF

Error: (05/21/2013 00:19:09 AM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF

Error: (05/17/2013 03:31:16 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 1.0.0.127.in-addr.arpa. PTR anonymous.local.

Error: (05/17/2013 03:31:16 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   19 1.0.0.127.in-addr.arpa. PTR anonymous-2.local.

Error: (05/15/2013 10:19:05 AM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (05/15/2013 10:15:39 AM) (Source: Application Error)(User: )
Description: FreemakeUtilsService.exe1.0.0.0kernel32.dll5.1.2600.629300012fd3

Error: (05/15/2013 10:14:16 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (05/15/2013 10:14:16 AM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (05/15/2013 10:14:10 AM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005


**** End of log ****



#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:17 AM

Posted 26 May 2013 - 11:58 AM

Try downloading the latest driver, save it to your flashdrive, and then install it on the computer with the issue, and see if that fixes the Internet connection problem.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 toddrs93

toddrs93
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 26 May 2013 - 12:54 PM

I did do several driver updates including the chipset driver because there was some kind of BUS error at one point.

 

When I run the driver update now, it stops and says There is no LAN board found on your system.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users