Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo


  • This topic is locked This topic is locked
41 replies to this topic

#1 killer_kyle

killer_kyle

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 11 July 2006 - 03:58 PM

Hello

I am brand new to Bleeping Computer. I recently got SurfSideKick3 on my comp, but I searched through here and found a solution. TY! =p

Now I have a new problem, OuterInfo, its giving me pop up ads. I am not really good at all this tech stuff, but I know some basics and learn quick.

I have HJT, and will post my log.

Need to get rid of this OuterInfo, thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 1:53:13 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\nsxgurrA.exe
C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\PROGRA~1\COMMON~1\YSTEM~1\smss.exe
C:\Documents and Settings\Compaq_Owner\My Documents\??pPatch\msconfig.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\nsxgurr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Setup\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [\\HALLWAY\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "\\HALLWAY\EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrdd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [nsxgurrA] C:\WINDOWS\nsxgurrA.exe
O4 - HKLM\..\Run: [ohvb2579] RUNDLL32.EXE w1142b7c.dll,n 001b2578000000031142b7c
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\COMMON~1\YSTEM~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Pyirknxb] C:\Documents and Settings\Compaq_Owner\My Documents\??pPatch\msconfig.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nsxgurr.exe

Posted Image


BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 12 July 2006 - 09:08 AM

Welcome aboard :thumbsup:

Download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 12 July 2006 - 10:21 PM

Thank you for the reply.

Now im really upset, I logged in today and evrything was messed up.

I now have tons of bad stuff on my computer. I am using my my friends comp atm, couldnt browse internet on mine =(.

Should I try to install what you linked above? Or may reformating just be easier, evrything important I already have backed up.

I dont really know how to reformat my hard drive tho =( Also, I know I downloaded a bad file to get surfsidekick and other stuff, then i got rid of evrything, except outerinfo. My friend told me about Limewire, so i got that, right after all my bad stuff was gone, was limewire the culprit of all this new stuff?


EDIT: Second thought, I'm going to run my anti_virus stuff first, see if thing clear up a little, then try and get Combofix. Will repost soon.

Edited by killer_kyle, 12 July 2006 - 10:24 PM.

Posted Image


#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 13 July 2006 - 05:22 AM

Yes, I'll be around when you post back with the Combofix log. The tool itself will clear up the infections considerably and it also has a lot of useful info for me to look at -- like if there's bad files which don't show up on HijackThis etc. :thumbsup:
Hi there, stranger!

#5 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 13 July 2006 - 03:03 PM

OK

Now Im really getting frustrated!

My Comp is in running condition, few bad stuff left.

But, now I have "Limited or No Connectivity" to my LAN.

So I can't get ComboFix because I have no internet access.

any suggestions?

Posted Image


#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 14 July 2006 - 06:02 AM

Click Start -> Run and type in: cmd

A dos window will launch -- inside that box, write in: netsh winsock reset catalog

Hit enter and reboot. Still have a problem with the connection? :thumbsup:
Hi there, stranger!

#7 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 14 July 2006 - 11:40 AM

OMG! I LOVE YOU! :thumbsup:

I now can see my shared files on the other computer!!!

So now I know I'm connected, but can't get on the internet using IE or FF.

My comp and this one are both attached to a router, this one can see shared files and access internet, mine can see sahred files but no internet access. :flowers:

Posted Image


#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 14 July 2006 - 01:21 PM

If you can access the internet with the other computer, then what about saving combofix to a floppy disk or something else?

Then running it on the infected machine... And save the results, then post them using the other computer, OR checking if the internet connection would work after running Combofix. :thumbsup:
Hi there, stranger!

#9 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 14 July 2006 - 07:48 PM

OK

Got ComboFix. Ran it. Got the log.

I don't understand why I can't get on the internet though, do you have another magic fix for that too? :thumbsup:

Here is my ComboFix log:

Start Time= Fri 07/14/2006 15:19:19.23
Running from: C:\Documents and Settings\Compaq_Owner\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{50A341C6-E2FA-403D-9C6A-1DBE3D9B71F8}]
@=""

[HKEY_CLASSES_ROOT\clsid\{50A341C6-E2FA-403D-9C6A-1DBE3D9B71F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{50A341C6-E2FA-403D-9C6A-1DBE3D9B71F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{50A341C6-E2FA-403D-9C6A-1DBE3D9B71F8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\n2n60c5sef.dll
C:\WINDOWS\SYSTEM32\q486lels1hq6.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4DM34LYV\dfndrd_5[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4DWZWR4F\drsmartload45a[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8NRRAOH5\drsmartload[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\C5AVWPAV\drsmartload849a[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\M94FMH2X\nwnmd_5[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MPTUNQT8\nwnme_5[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\OD0R0V0J\drsmartload46a[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\OD0R0V0J\kybrde_5[2].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S1AJ8TEB\Mendoza1[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UT07UX2L\dfndre_5[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\YHNK1CJ6\kybrdd_5[1].exe
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\atmtd.dll.tmp
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-14 13:43:38 ( .D... ) "C:\Program Files\TryMedia"
2006-07-14 13:41:10 ( .D... ) "C:\Program Files\AWS"
2006-07-14 13:41:06 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-07-14 13:40:26 ( .D... ) "C:\Program Files\3DO"
2006-07-13 22:16:52 ( .D... ) "C:\Program Files\Serif"
2006-07-12 19:49:14 32768 ( A.... ) "C:\WINDOWS\snblbhcf.exe"
2006-07-12 19:45:30 1392640 ( A.... ) "C:\WINDOWS\cfg32a.exe"
2006-07-12 19:44:10 ( .D... ) "C:\Program Files\Windows Defender"
2006-07-12 19:43:50 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-07-12 19:43:04 61440 ( A.... ) "C:\WINDOWS\system32\aaa00000.dll"
2006-07-12 19:43:04 1063 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-12 19:43:04 1063 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-12 19:42:48 29696 ( A.... ) "C:\WINDOWS\system32\w0d7ca8d.dll"
2006-07-09 22:53:22 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft"
2006-07-09 22:53:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-09 22:46:16 32768 ( A.... ) "C:\WINDOWS\iyzvftjn.exe"
2006-07-09 22:03:42 141 ( A.... ) "C:\WINDOWS\rtynr.dll"
2006-07-09 21:54:46 2 ( A.... ) "C:\WINDOWS\system32\winttr.exe"
2006-07-09 21:54:44 81920 ( A.... ) "C:\WINDOWS\system32\rundll32.dll"
2006-07-09 21:54:40 69632 ( A.... ) "C:\WINDOWS\system32\bobmgafd.dll"
2006-07-09 21:54:40 33012 ( A.... ) "C:\WINDOWS\system32\tpuninstall.exe"
2006-07-09 21:54:32 69632 ( A.... ) "C:\WINDOWS\system32\bjakenak.dll"
2006-07-09 21:53:54 ( .D... ) "C:\Program Files\Common Files\?ystem"
2006-07-09 21:50:56 1063 ( A.... ) "C:\WINDOWS\system32\ohvb2579.sys"
2006-07-09 21:50:56 1063 ( A.... ) "C:\WINDOWS\system32\ohvb2579.sys"
2006-07-09 21:50:54 61440 ( A.... ) "C:\WINDOWS\system32\ohvb2579.dll"
2006-07-09 21:50:54 32976 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-07-09 21:50:50 184829 ( A.... ) "C:\WINDOWS\srvligwnvo.exe"
2006-07-09 21:50:46 235134 ( A.... ) "C:\WINDOWS\srvbliysbl.exe"
2006-07-09 21:50:34 29696 ( A.... ) "C:\WINDOWS\system32\w1142b7c5.dll"
2006-07-09 21:50:14 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-09 21:48:34 ( .D... ) "C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}"
2006-07-09 21:48:18 ( .DSH. ) "C:\Program Files\outlook"
2006-07-09 21:45:00 28 ( A.... ) "C:\WINDOWS\system32\vfw_32.reg"
2006-07-08 14:36:28 ( .D... ) "C:\Program Files\Xingtone"
2006-07-06 09:02:28 ( .D... ) "C:\Program Files\SCAR 2.03"
2006-06-29 07:07:36 61440 ( A.... ) "C:\WINDOWS\system32\BattyRun.dll"
2006-06-20 17:55:26 389120 ( A.... ) "C:\WINDOWS\system32\nodeipproc.dll"
2006-06-19 13:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe"
2006-05-23 17:25:52 402736 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-13 22:08 22,528 C:\WINDOWS\system32\lpdsvc.dll
2006-07-12 20:22 527,814,656 C:\hiberfil.sys
2006-07-12 19:49 32,768 C:\WINDOWS\snblbhcf.exe
2006-07-12 19:43 61,440 C:\WINDOWS\system32\aaa00000.dll
2006-07-12 19:43 38,412 C:\WINDOWS\ssqbn.exe
2006-07-12 19:43 1,392,640 C:\WINDOWS\cfg32a.exe
2006-07-12 19:43 1,063 C:\WINDOWS\system32\aaa00000.sys
2006-07-12 19:42 29,696 C:\WINDOWS\system32\w0d7ca8d.dll
2006-07-09 22:46 32,768 C:\WINDOWS\iyzvftjn.exe
2006-07-09 22:03 141 C:\WINDOWS\rtynr.dll
2006-07-09 21:54 81,920 C:\WINDOWS\system32\rundll32.dll
2006-07-09 21:54 69,632 C:\WINDOWS\system32\bobmgafd.dll
2006-07-09 21:54 69,632 C:\WINDOWS\system32\bjakenak.dll
2006-07-09 21:54 33,012 C:\WINDOWS\system32\tpuninstall.exe
2006-07-09 21:54 2 C:\WINDOWS\system32\winttr.exe
2006-07-09 21:50 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-09 21:50 61,440 C:\WINDOWS\system32\ohvb2579.dll
2006-07-09 21:50 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-07-09 21:50 29,696 C:\WINDOWS\system32\w1142b7c5.dll
2006-07-09 21:50 235,134 C:\WINDOWS\srvbliysbl.exe
2006-07-09 21:50 184,829 C:\WINDOWS\srvligwnvo.exe
2006-07-09 21:50 1,063 C:\WINDOWS\system32\ohvb2579.sys
2006-07-09 21:49 1,336,240 C:\WINDOWS\nsxgurr.exe
2006-07-08 14:37 28 C:\WINDOWS\system32\vfw_32.reg
2006-06-29 07:07 61,440 C:\WINDOWS\system32\BattyRun.dll
2006-06-20 17:55 389,120 C:\WINDOWS\system32\nodeipproc.dll
2006-06-19 13:39 139,264 C:\WINDOWS\876056.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"AGRSMMSG"="AGRSMMSG.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"\\\\HALLWAY\\EPSON Stylus CX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P36 \"\\\\HALLWAY\\EPSON Stylus CX4800 Series\" /O6 \"USB001\" /M \"Stylus CX4800\""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"ohvb2579"="RUNDLL32.EXE w1142b7c.dll,n 001b2578000000031142b7c"
"winlog"="winlog.exe"
"w0d8260b.dll"="RUNDLL32.EXE w0d8260b.dll,I2 001b257800d8260b"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Tray Temperature"="C:\\PROGRA~1\\AWS\\MiniBug.exe 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"sys_up1"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"Srro"="\"C:\\PROGRA~1\\COMMON~1\\YSTEM~1\\smss.exe\" -vt yazr"
"Pyirknxb"="C:\\Documents and Settings\\Compaq_Owner\\My Documents\\??pPatch\\msconfig.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"winlog"="winlog.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000137"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\pohocy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Internet Explorer\\mefezove.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 07/14/2006 16:51:07.26
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

Posted Image


#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 15 July 2006 - 03:43 AM

Click Start -> Run and type in: cmd

On the dosbox, type: ipconfig /release (notice the space)

Hit enter, then type: ipconfig /renew (notice the space again)

Then hit enter and close the box.

Reboot. Do you still have the internet connection problem?
Hi there, stranger!

#11 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 15 July 2006 - 11:20 AM

Yeah

Have done that a few times now, no luck.

I don't understand why it won't work, since I can sahre files and stuff.

BTW anything wrong with my ComboFix log? I got rid of a lot of stuff with AV stuff, but then again it might ahve stopped since my Computer isn't online....

Posted Image


#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 15 July 2006 - 11:37 AM

Well, we could compare your tcp/ip settings on both of the computers..

Go to Start -> Run, and paste in: cmd /c ipconfig /all>"%userprofile%\desktop\tcp.txt" & "%userprofile%\desktop\tcp.txt"

Hit ok. Then do the same thing with the other PC. This should create an .txtlog, post them here.

As to your Combofix log, it shows a lot of suspicious stuff, but lets try to clear your internet connection, that will make the job easier. Let me know if you prefer to do the cleaning first by transfering files between the two machines. :thumbsup:
Hi there, stranger!

#13 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 15 July 2006 - 12:48 PM

Ok

Got the log for each Comp.

FYI - HALLWAY has working interent
KYLESCOMP does not



Windows IP Configuration



Host Name . . . . . . . . . . . . : hallway

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.wa.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-99-32-16

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.69.146

68.87.85.98

Lease Obtained. . . . . . . . . . : Saturday, July 15, 2006 9:12:28 AM

-----------------------------------------------------------------------------------------------------------------------------

Windows IP Configuration


Host Name . . . . . . . . . . . . : Kylescomp

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.


Ethernet adapter Local Area Connection:


Connection-specific DNS Suffix . : hsd1.wa.comcast.net.

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-11-2F-93-57-BD

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.69.146

68.87.85.98

Lease Obtained. . . . . . . . . . : Saturday, July 15, 2006 9:11:16 AM
Lease Expires . . . . . . . . . . : Sunday, July 16, 2006 9:11:16 AM

Posted Image


#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:46 PM

Posted 15 July 2006 - 02:32 PM

Alrighty.. :thumbsup:

Enter your Control Panel and double-click on Network Connections
Then right-click on your Default Connection. Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-click on the Internet Protocol (TCP/IP) item

Change the settings to these... (Basically just the default gateway part)

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.69.146


----

Reboot. Still internet connections? Try surfing again and let me know if it works so we can continue :flowers:
Hi there, stranger!

#15 killer_kyle

killer_kyle
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The gym
  • Local time:02:46 AM

Posted 15 July 2006 - 07:15 PM

OMG! You are like teh smartest person in the world!

:flowers: :huh: :huh: :huh: :huh: :thumbsup: :huh:

Wooohoooo! Back online! Finally!

Now that we are online ready to move on! Yay!

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users