Jump to content
newguy

Google Redirect - McAfee/MBAM won't scan

Recommended Posts

Yes, a green LED is always on, and an amber LED flashes whenever I ping or try to connect.

Share this post


Link to post
Share on other sites

That's good.

Are you both using the same ISP provider?

I know we've tried a few of the same things but haven't since you updated the driver.

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Right click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

Note the spaces, they need to be there.

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset

netsh int ip reset

Type Exit

Restart the computer.

Any errors

Share this post


Link to post
Share on other sites

I'm not sure what you mean that we are both using the same ISP. As I stated in post #11, her ISP was verizon and mine is Comcast. Right now both systems are connected to the same router.

Share this post


Link to post
Share on other sites

I'm not sure what you mean that we are both using the same ISP. As I stated in post #11, her ISP was verizon and mine is Comcast. Right now both systems are connected to the same router.

I'm just wondering if her settings for her ISP is blocking access through your ISP.

When you set your pc up with Comcast do you need to install any software or settings?

Share this post


Link to post
Share on other sites

No, as I said, I've connected other systems in the same way before and had no problem. Could it be that her system is still looking for the Verizon service somehow? That seems unlikely considering all the work we've done.

You probably know this but the system seems to be having trouble resolving domain names. When I ping "google.com" I get an error, but when I ping their IP address (72.14.204.99, which I got from pinging it with my system), it goes through. I don't know enough about it to know what is involved with DSN errors.

Do you think there is still a virus that could be blocking our efforts or has this become a different issue?

Also, when I ran ComboFix the other times it said that it could not do a full scan because the system did not have the Windows Recovery Console installed. I have since been able to install the Recovery Console. Should I let ComboFix try again?

Not trying to tell you how to do your job, your the expert and I appreciate all you've done so far. Just trying to throw some ideas out there.

OK, I checked the properties of the TCP/IP under Network connections and it was already set to Obtain DNS server address automatically.

I was able to follow all of your other steps down to "netsh int ip reset" and then I got a syntax error for the command.

Share this post


Link to post
Share on other sites
Not trying to tell you how to do your job, your the expert and I appreciate all you've done so far. Just trying to throw some ideas out there.
Don't worry about that. Any suggestions / thoughts you have, just post it ;)

I don't think there's any infection left but the infection caused the issues we're having.

If you look at other's that are asking for help you'll see alot of the same issues.

S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe

That was in one of the combofix scans.

I don't know if this will do anything but it's worth a try

Click Start > Run and Copy/Paste these commands hitting enter after each one:

sc stop ServicepointService Hit enter.

Share this post


Link to post
Share on other sites

Restarted after ipconfig and winsock resets. Stopped ServicePoint service. Still no change.

I decided to go ahead and uninstall Verizon Servicepoint on the off chance that it was causing problems. Didn't help.

One thing that I find strange is that the I keep getting a balloon message from the Security Center icon in the tray. It says that McAfee firewall is turned off. After uninstalling McAfee I would think that the message from the Security Center would not mention McAfee. Does this mean there is some remnant of it left somewhere?

Share this post


Link to post
Share on other sites

Here are the results from ComboFix:

ComboFix 11-10-19.06 - User 10/22/2011 12:49:46.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.718 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\drvrtmp

.

.

((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))

.

.

2011-10-20 18:23 . 2011-10-20 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 18:23 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- C:\tcpip.sys

2011-10-18 22:35 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2011-10-18 22:35 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2011-10-18 22:33 . 2001-07-21 18:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-18 22:32 . 2001-08-17 17:51 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys

2011-10-18 22:31 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys

2011-10-18 22:30 . 2001-08-17 17:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-18 22:29 . 2008-04-13 23:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-18 22:28 . 2001-08-17 18:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys

2011-10-18 22:28 . 2001-08-17 18:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys

2011-10-18 22:28 . 2001-08-17 18:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys

2011-10-18 22:28 . 2001-08-17 17:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys

2011-10-18 22:28 . 2001-08-17 16:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys

2011-10-18 22:28 . 2001-08-17 16:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-10-18 22:28 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2011-10-18 22:28 . 2008-04-13 17:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2011-10-18 22:28 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2011-10-18 22:28 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll

2011-10-18 22:28 . 2001-08-18 02:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2011-10-18 22:28 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-18 22:28 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-18 22:26 . 2001-08-17 16:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys

2011-10-18 22:26 . 2001-08-17 17:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2011-10-18 22:26 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2011-10-18 22:26 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2011-10-18 22:26 . 2001-08-18 02:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2011-10-18 22:26 . 2001-08-17 17:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2011-10-18 22:26 . 2001-08-17 16:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2011-10-18 22:26 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2011-10-18 22:26 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-18 22:26 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-18 22:26 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-18 22:25 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-18 22:25 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-18 22:25 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-18 22:25 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-18 22:25 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-18 22:25 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-18 22:23 . 2001-08-17 16:11 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys

2011-10-18 22:22 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys

2011-10-18 22:21 . 2001-08-17 16:11 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys

2011-10-18 22:21 . 2004-08-04 02:29 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys

2011-10-18 22:21 . 2008-04-13 23:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2011-10-18 22:21 . 2001-08-17 16:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys

2011-10-18 22:21 . 2001-08-17 18:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll

2011-10-18 22:21 . 2001-08-17 17:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-18 22:19 . 2001-08-18 02:36 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll

2011-10-18 22:18 . 2001-08-17 16:14 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys

2011-10-18 22:17 . 2001-08-18 02:36 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe

2011-10-18 22:16 . 2001-08-17 16:12 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys

2011-10-18 22:15 . 2001-08-17 16:12 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14 . 2004-08-04 10:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2011-10-18 22:12 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-18 22:11 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-22 16:48 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-09-25 23:47 . 2011-09-26 00:00 -------- d-----w- C:\70503CBE

2011-09-25 18:02 . 2011-10-20 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 18:02 . 2011-10-20 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\User.D6WZS771\Application Data\Malwarebytes

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-19_23.50.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-22 16:16 . 2011-10-22 16:16 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat

- 2004-08-10 17:58 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll

+ 2004-08-10 17:58 . 2008-04-13 23:12 74240 c:\windows\system32\usbui.dll

+ 2011-10-21 01:32 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\pci.sys

+ 2011-10-21 01:38 . 2003-07-28 16:55 24064 c:\windows\system32\ReinstallBackups\0007\DriverFiles\IntelNic.dll

+ 2011-10-21 01:38 . 2004-02-19 04:40 12288 c:\windows\system32\ReinstallBackups\0007\DriverFiles\e100bmsg.dll

+ 2011-10-21 01:33 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbui.dll

- 2005-04-09 04:09 . 2004-08-04 05:56 74240 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbui.dll

+ 2011-10-21 01:33 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbuhci.sys

+ 2011-10-21 01:33 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbhub.sys

+ 2011-10-21 01:33 . 2008-04-13 23:12 74240 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbui.dll

+ 2011-10-21 01:33 . 2008-04-13 17:45 20608 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbuhci.sys

+ 2011-10-21 01:33 . 2008-04-13 17:45 59520 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbhub.sys

+ 2011-10-21 01:33 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbui.dll

+ 2011-10-21 01:33 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbuhci.sys

+ 2011-10-21 01:33 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbhub.sys

+ 2011-10-21 01:33 . 2008-04-13 18:36 37248 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\isapnp.sys

- 2004-08-10 17:51 . 2011-04-23 21:15 73962 c:\windows\system32\perfc009.dat

+ 2004-08-10 17:51 . 2011-10-21 01:39 73962 c:\windows\system32\perfc009.dat

+ 2005-04-09 04:02 . 2003-07-28 10:55 24064 c:\windows\system32\IntelNic.dll

- 2005-04-09 04:02 . 2003-07-28 16:55 24064 c:\windows\system32\IntelNic.dll

+ 2005-04-09 04:02 . 2004-02-18 21:40 12288 c:\windows\system32\e100bmsg.dll

- 2005-04-09 04:02 . 2004-02-19 04:40 12288 c:\windows\system32\e100bmsg.dll

- 2004-08-04 04:08 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys

+ 2004-08-04 04:08 . 2008-04-13 17:45 20608 c:\windows\system32\drivers\usbuhci.sys

- 2004-08-04 04:08 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys

+ 2004-08-04 04:08 . 2008-04-13 17:45 59520 c:\windows\system32\drivers\usbhub.sys

- 2004-08-04 04:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys

+ 2004-08-04 04:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys

+ 2001-08-17 18:58 . 2008-04-13 17:36 37248 c:\windows\system32\drivers\isapnp.sys

- 2001-08-17 18:58 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys

- 2004-08-10 17:58 . 2008-04-14 00:12 74240 c:\windows\system32\dllcache\usbui.dll

+ 2004-08-10 17:58 . 2008-04-13 23:12 74240 c:\windows\system32\dllcache\usbui.dll

- 2004-08-04 04:08 . 2008-04-13 18:45 20608 c:\windows\system32\dllcache\usbuhci.sys

+ 2004-08-04 04:08 . 2008-04-13 17:45 20608 c:\windows\system32\dllcache\usbuhci.sys

- 2004-08-04 04:08 . 2008-04-13 18:45 59520 c:\windows\system32\dllcache\usbhub.sys

+ 2004-08-04 04:08 . 2008-04-13 17:45 59520 c:\windows\system32\dllcache\usbhub.sys

- 2004-08-04 04:07 . 2008-04-13 18:36 68224 c:\windows\system32\dllcache\pci.sys

+ 2004-08-04 04:07 . 2008-04-13 17:36 68224 c:\windows\system32\dllcache\pci.sys

- 2001-08-17 18:58 . 2008-04-13 18:36 37248 c:\windows\system32\dllcache\isapnp.sys

+ 2001-08-17 18:58 . 2008-04-13 17:36 37248 c:\windows\system32\dllcache\isapnp.sys

+ 2011-10-21 01:38 . 2003-11-22 02:26 118784 c:\windows\system32\ReinstallBackups\0007\DriverFiles\Prounstl.exe

+ 2011-10-21 01:38 . 2004-02-11 02:49 154112 c:\windows\system32\ReinstallBackups\0007\DriverFiles\e100b325.sys

+ 2011-10-21 01:33 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbport.sys

+ 2011-10-21 01:33 . 2008-04-13 17:45 143872 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbport.sys

+ 2011-10-21 01:33 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbport.sys

+ 2005-04-09 04:02 . 2003-11-21 19:26 118784 c:\windows\system32\Prounstl.exe

- 2005-04-09 04:02 . 2003-11-22 02:26 118784 c:\windows\system32\Prounstl.exe

+ 2004-08-10 17:51 . 2011-10-21 01:39 448188 c:\windows\system32\perfh009.dat

- 2004-08-10 17:51 . 2011-04-23 21:15 448188 c:\windows\system32\perfh009.dat

+ 2004-08-04 04:08 . 2008-04-13 17:45 143872 c:\windows\system32\drivers\usbport.sys

- 2004-08-04 04:08 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys

- 2004-08-10 17:59 . 2004-02-11 02:49 154112 c:\windows\system32\drivers\e100b325.sys

+ 2004-08-10 17:59 . 2004-02-10 19:49 154112 c:\windows\system32\drivers\e100b325.sys

+ 2004-08-04 04:08 . 2008-04-13 17:45 143872 c:\windows\system32\dllcache\usbport.sys

- 2004-08-04 04:08 . 2008-04-13 18:45 143872 c:\windows\system32\dllcache\usbport.sys

+ 2004-08-10 17:51 . 2004-08-04 12:00 359040 c:\windows\system32\dllcache\tcpip.sys

- 2004-08-10 17:51 . 2004-08-04 10:00 359040 c:\windows\system32\dllcache\tcpip.sys

+ 2004-08-10 17:59 . 2004-02-10 19:49 154112 c:\windows\system32\dllcache\e100b325.sys

- 2004-08-10 17:59 . 2004-02-11 02:49 154112 c:\windows\system32\dllcache\e100b325.sys

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 2:23 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 2:23 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-22 13:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3960)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-10-22 13:07:19

ComboFix-quarantined-files.txt 2011-10-22 17:07

ComboFix2.txt 2011-10-19 23:55

.

Pre-Run: 17,064,214,528 bytes free

Post-Run: 17,049,665,536 bytes free

.

- - End Of File - - C9D424C9A71E89CE30D2A758969D657B

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Are you using IE or FireFox to connect?

Share this post


Link to post
Share on other sites

Can you open the hosts file with notepad and post what's there?

(NOTE: This file has no extension).

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

Share this post


Link to post
Share on other sites

Here is the contents of the HOSTS file:

127.0.0.1 localhost

Here is the new ComboFix log:

ComboFix 11-10-19.06 - User 10/22/2011 13:41:30.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User.D6WZS771\Desktop\CFScript.txt

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))

.

.

2011-10-20 18:23 . 2011-10-20 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 18:23 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- C:\tcpip.sys

2011-10-18 22:15 . 2001-08-17 16:12 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14 . 2004-08-04 10:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2011-10-18 22:12 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-22 17:40 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-09-25 23:47 . 2011-09-26 00:00 -------- d-----w- C:\70503CBE

2011-09-25 18:02 . 2011-10-20 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-25 18:02 . 2011-10-20 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\User.D6WZS771\Application Data\Malwarebytes

2011-09-25 17:43 . 2011-09-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-22_17.02.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-22 17:51 . 2011-10-22 17:51 16384 c:\windows\temp\Perflib_Perfdata_140.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 2:23 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 2:23 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-22 14:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3536)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-22 14:45:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-22 18:45

ComboFix2.txt 2011-10-22 17:07

ComboFix3.txt 2011-10-19 23:55

.

Pre-Run: 17,061,167,104 bytes free

Post-Run: 17,045,663,744 bytes free

.

- - End Of File - - 12863F0ED9D31CB1511826DBEEFDFA22

Share this post


Link to post
Share on other sites

Going back to post 51 on page 3.

Run ipconfig /all on the working pc.

Now going back to the non-working pc, using post 54 pg.3

Enter the same DNS Server numbers.

Reboot and see if it works

Share this post


Link to post
Share on other sites

Changed DNS server address to match working system. Still no change.

In the properties of the network connection there is a list under the heading "This connection uses the following items:" On the working system there are 7 items listed there, but on the system that can't connect there are only 4. Not sure if this has anything to do with the situation but thought I would let you know.

Share this post


Link to post
Share on other sites

If this is a built-in network adaptor, go into the BIOS setup using F2 at startup and see if the card is set to active.

If it's a add-on card, I'd try replacing the card.

Share this post


Link to post
Share on other sites

The NIC is built in and it is turned on in the BIOS. Seems strange that it would fail at the same time the virus showed up...

Share this post


Link to post
Share on other sites

The NIC is built in and it is turned on in the BIOS. Seems strange that it would fail at the same time the virus showed up...

I agree with that.

You could disble it in the BIOS, start Windows > go into Device Manger > Uninstall it > reboot normal and check Device Manager.

Reboot into setup BIOS > re-inable the card > reboot and see what happens.

Share this post


Link to post
Share on other sites

No luck with disabling it in the BIOS.

I was able to remove some more of McAfee using their "MCPR.exe" tool. Windows no longer says McAfee firewall is disabled, but I still cannot connect.

Share this post


Link to post
Share on other sites

The only other idea I'd have would be to go to Dell's website for the model you have and try a BIOS Flash update.

Share this post


Link to post
Share on other sites

Well, I have determined that it's not a hardware issue. I had an old hard drive lying around so I decided to do a test. I reformatted it, swapped it for the drive in the infected system and did a clean install of Windows. I used the NIC drivers I downloaded from Dell back in post #92 and I can now connect with no problem. I was able to go to the Dell site and download display drivers, etc.

I'm sure when I put the old drive back into the system I'm going to be right back where I started.

Any ideas on what we could have missed?

Share this post


Link to post
Share on other sites

Save the NIC drivers to a thumb / flash drive.

Can you add the non-working drive as a second drive?

I would also save the tcpip.sys file from the working drive.

C:\WINDOWS\system32\drivers\tcpip.sys

Let me know if you can add the non-working drive as secondary drive.

Share this post


Link to post
Share on other sites

What I'd like to try is deleting tcpip.sys and the NIC driver from the non-working hard drive. Which I'll assume the drive letter is D:

Delete D:\WINDOWS\system32\drivers\tcpip.sys

Then copy C:\WINDOWS\system32\drivers\tcpip.sys to D:\WINDOWS\system32\drivers\

Do the same for the NIC driver.

Once finished, put the non-working hard drive back in as the main drive.

Share this post


Link to post
Share on other sites

Unfortunately that didn't work either.

I deleted all the NIC driver files and copied the new ones to their proper locations from the working drive along with the tcpip.sys file.

The system still will not connect when booted from the old drive.

Share this post


Link to post
Share on other sites

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

On the desktop, doubleclick fixme.reg and allow it to run. Let it merge

After the reboot, we will reinstall TCP/IP

  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box

After that, Reboot your computer and see if you have regained your connection.

If not lets try this:

This file will fit on your thumb drive.

http://www.snapfiles.com/get/winsockxpfix.html

Get a copy of winsockxpfix.exe, save it to the thumb drive and copy it to the infected computer.

You just run it by double clicking on the downloaded file after you copy it to the non-working computer.

Things should work OK after it reboots your system.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.