Jump to content
newguy

Google Redirect - McAfee/MBAM won't scan

Recommended Posts

Please download, copy to the infected pc, unzip, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive. C:\NetworkDetails.txt

GetNetworkInfo2.zip

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to the infected Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    afd.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff

Log created at 20:10 on 11/10/2011 by User

Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"

C:\i386\afd.sys --a---- 138496 bytes [02:00 19/04/2005] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a---- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a---- 138368 bytes [21:13 14/11/2009] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys --a---- 138496 bytes [21:13 14/11/2009] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [21:13 14/11/2009] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [23:24 15/11/2009] [09:51 14/08/2008] 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [21:07 23/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [23:40 15/11/2009] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys -----c- 138496 bytes [21:39 14/11/2009] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [23:41 15/11/2009] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys -----c- 138368 bytes [21:40 14/11/2009] [10:44 20/06/2008] 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [23:11 15/11/2009] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\system32\dllcache\afd.sys ------- 138496 bytes [11:40 20/06/2008] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37

-= EOF =-

Share this post


Link to post
Share on other sites

Go to Start->Run, copy / paste

copy C:\WINDOWS\ServicePackFiles\i386\afd.sys c:\windows\system32\drivers\afd.sys

Enter

Reboot and let me know if the internet is working now.

Share this post


Link to post
Share on other sites

Click Start > Control Panel > Administrative Tool> open Services.

Make sure DHCP Client and TCP/IP are started

Share this post


Link to post
Share on other sites

Ran QueryServices.bat again. File attached.

DHCP Client and TCP/IP NetBIOS Helper are both stopped.

When I attempt to start them they both return the same error: "Error 1068: The dependency service or group failed to start."

NetworkDetails2.txt

Share this post


Link to post
Share on other sites

Do this again please.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    afd.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Here is the new SystemLook log:

SystemLook 30.07.11 by jpshortstuff

Log created at 18:37 on 12/10/2011 by User

Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"

C:\i386\afd.sys --a---- 138496 bytes [02:00 19/04/2005] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a---- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a---- 138368 bytes [21:13 14/11/2009] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys --a---- 138496 bytes [21:13 14/11/2009] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [21:13 14/11/2009] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [23:24 15/11/2009] [09:51 14/08/2008] 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [21:07 23/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [23:40 15/11/2009] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys -----c- 138496 bytes [21:39 14/11/2009] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [23:41 15/11/2009] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys -----c- 138368 bytes [21:40 14/11/2009] [10:44 20/06/2008] 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [23:11 15/11/2009] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\system32\dllcache\afd.sys ------- 138496 bytes [11:40 20/06/2008] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37

-= EOF =-

Share this post


Link to post
Share on other sites

It didn't copy where it should have.

Can you go to: C:\WINDOWS\ServicePackFiles\i386\afd.sys and copy afd.sys

to: c:\windows\system32\drivers\

Share this post


Link to post
Share on other sites

OK, that seems to have gotten me connected. (Status is "connected" and "activity" section shows packets sent/received)

I tried to open Internet Explorer but it will not connect. I made sure both firewalls were off and tried again with no luck. I didn't want to do any more until directed to do so.

Share this post


Link to post
Share on other sites

Great, we're getting somewhere.

Please run a new combofix scan and post the results.

Share this post


Link to post
Share on other sites

Ok, ran ComboFix again but got a message that said it was expired.

Downloaded Combofix again via previous link and ran it.

ComboFix could not find the internet connection but continued to run.

Here is the log:

ComboFix 11-10-13.05 - User 10/13/2011 20:05:50.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.659 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))

.

.

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-14 00:05 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-09-26 00:37 . 2011-09-26 00:37 -------- d-----w- c:\program files\Safer Networking

2011-09-25 23:47 . 2011-09-26 00:00 -------- d-----w- C:\70503CBE

2011-09-25 19:10 . 2011-09-25 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 19:10 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 18:02 . 2011-10-04 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-25 18:02 . 2011-09-25 18:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 17:45 . 2011-09-25 19:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\User.D6WZS771\Application Data\Malwarebytes

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-11-12 19:17 . 2010-12-18 17:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-04_06.31.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-13 23:37 . 2011-10-13 23:37 16384 c:\windows\Temp\Perflib_Perfdata_248.dat

- 2005-07-01 01:09 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe

+ 2005-07-01 01:09 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe

- 2005-04-09 04:17 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll

+ 2005-04-09 04:17 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll

+ 2009-01-07 23:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll

- 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll

+ 2009-01-07 23:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll

- 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll

- 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe

+ 2009-03-08 09:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe

+ 2009-01-07 23:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll

- 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll

- 2005-04-16 18:34 . 2011-09-25 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-04-16 18:34 . 2011-10-12 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-04-16 18:34 . 2011-09-25 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2005-04-16 18:34 . 2011-10-12 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-10-05 01:22 . 2011-10-12 22:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-01-07 23:21 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll

+ 2009-01-07 23:21 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll

- 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll

+ 2009-01-07 23:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll

+ 2004-08-10 17:51 . 2008-04-13 19:20 361344 c:\windows\system32\drivers\tcpip.sys

+ 2004-08-10 17:51 . 2008-04-13 19:20 361344 c:\windows\system32\dllcache\tcpip.sys

+ 2009-01-07 22:20 . 2009-01-07 22:20 1497088 c:\windows\system32\dllcache\shdocvw.dll

+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

2010-09-13 21:40 1195920 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2010-03-16 20:28 4281584 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/18/2010 1:21 PM 84072]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/25/2011 3:10 PM 366152]

R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/18/2010 1:21 PM 263168]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/18/2010 1:21 PM 263168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/18/2010 1:22 PM 180224]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [7/20/2010 1:29 AM 200704]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [7/20/2010 1:29 AM 180224]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/18/2010 1:21 PM 55840]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 3:10 PM 22216]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/18/2010 1:21 PM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/18/2010 1:21 PM 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [9/24/2010 9:16 PM 80896]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/18/2010 1:21 PM 134144]

S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [9/20/2010 6:53 PM 684032]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/18/2010 1:21 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/18/2010 1:21 PM 84264]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-13 20:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3276)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-10-13 20:22:39

ComboFix-quarantined-files.txt 2011-10-14 00:22

.

Pre-Run: 17,897,832,448 bytes free

Post-Run: 17,883,709,440 bytes free

.

- - End Of File - - ADB4F00D2A6BFDD2968535D7812F1A84

Share this post


Link to post
Share on other sites

Delete this file: C:\NetworkDetails.txt

Lets do this again.

Run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive. C:\NetworkDetails.txt

Share this post


Link to post
Share on other sites

Here is the file.

Query Services version 2

...

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : DHCP Client

DEPENDENCIES : Tcpip

: Afd

: NetBT

SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dhcp

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1524

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: TCPIP

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 3

DISPLAY_NAME : TCP/IP Protocol Driver

DEPENDENCIES : IPSec

SERVICE_START_NAME :

SERVICE_NAME: TCPIP

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: Afd

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : AFD

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: Afd

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBT

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : system32\DRIVERS\netbt.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 5

DISPLAY_NAME : NetBios over Tcpip

DEPENDENCIES : Tcpip

SERVICE_START_NAME :

SERVICE_NAME: NetBT

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBIOS

TYPE : 2 FILE_SYSTEM_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : system32\DRIVERS\netbios.sys

LOAD_ORDER_GROUP : NetBIOSGroup

TAG : 1

DISPLAY_NAME : NetBIOS Interface

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: NetBIOS

TYPE : 2 FILE_SYSTEM_DRIVER

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: Lmhosts

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : TCP/IP NetBIOS Helper

DEPENDENCIES : NetBT

: Afd

SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1708

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: Dnscache

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService

LOAD_ORDER_GROUP : TDI

TAG : 0

DISPLAY_NAME : DNS Client

DEPENDENCIES : Tcpip

SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1584

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : IPSEC Services

DEPENDENCIES : RPCSS

: Tcpip

: IPSec

SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1148

FLAGS : RUNS_IN_SYSTEM_PROCESS

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: Nla

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 3 DEMAND_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Network Location Awareness (NLA)

DEPENDENCIES : Tcpip

: Afd

SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1524

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: lanmanserver

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Server

DEPENDENCIES :

SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1524

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: IPSEC

TYPE : 1 KERNEL_DRIVER

START_TYPE : 1 SYSTEM_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys

LOAD_ORDER_GROUP : PNP_TDI

TAG : 4

DISPLAY_NAME : IPSEC driver

DEPENDENCIES :

SERVICE_START_NAME :

SERVICE_NAME: IPSEC

TYPE : 1 KERNEL_DRIVER

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: RPCSS

TYPE : 10 WIN32_OWN_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss

LOAD_ORDER_GROUP : COM Infrastructure

TAG : 0

DISPLAY_NAME : Remote Procedure Call (RPC)

DEPENDENCIES :

SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: RPCSS

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 1400

FLAGS :

NetworkDetails2.txt

Share this post


Link to post
Share on other sites

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Type Exit

Restart the computer and let me know if that fixed it.

Share this post


Link to post
Share on other sites

Still no luck. Connection status says "connected" and that packets are being sent/received but neither IE8 nor Firefox can connect.

Share this post


Link to post
Share on other sites

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter

Ping google.com

Do you get a reply or timeout?

Do you have a firewall running?

Share this post


Link to post
Share on other sites

Click Start, Run, copy /paste in NOTEPAD c:\Windows\system32\drivers\etc\HOSTS

Select all and copy and paste to a message here.

Share this post


Link to post
Share on other sites

Pinging google.com resulted in the following message:

"Ping request could not find host google.com. Please check the name and try again."

Both the windows and verizon security center firewalls are turned off.

Here is the contents of the HOST file:

127.0.0.1 localhost

Share this post


Link to post
Share on other sites
I was wondering if I should uninstall the "Verizon Internet Security Suite" which includes a firewall and McAfee. Not sure if this would help with the connection issue, or at least make it easier to remedy.
Lets try that.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.