Not acquiring network address

Inactive
By CadDog
May 3, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You didn't paste my script.
  2. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    Oops....
    Sorry... Trying again...

    Here is the new report:
    =================

    OTL logfile created on: 5/5/2012 3:54:18 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = F:\! 01 A Problem\5 steps
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.97% Memory free
    4.32 Gb Paging File | 3.99 Gb Available in Paging File | 92.36% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 43.14 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
    Drive F: | 7.63 Gb Total Space | 5.06 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

    Computer Name: DJSYSTEM02 | User Name: CadDog | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: AGP440.SYS >
    [2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 23:07:41 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ASYNCMAC.SYS >
    [2004/08/03 23:05:03 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
    [2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ERDNT\cache\asyncmac.sys
    [2008/04/13 11:57:27 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
    [2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys

    < MD5 for: BEEP.SYS >
    [2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
    [2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
    [2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

    < MD5 for: COMRES.DLL >
    [2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ERDNT\cache\comres.dll
    [2008/04/13 17:11:51 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ServicePackFiles\i386\comres.dll
    [2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\system32\comres.dll
    [2004/08/04 00:56:41 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINDOWS\$NtServicePackUninstall$\comres.dll

    < MD5 for: MSGSVC.DLL >
    [2004/08/04 00:56:43 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=95FD808E4AC22ABA025A7B3EAC0375D2 -- C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll
    [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ERDNT\cache\msgsvc.dll
    [2008/04/13 17:11:59 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
    [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\system32\msgsvc.dll

    < MD5 for: TASKMGR.EXE >
    [2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
    [2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\system32\taskmgr.exe
    [2004/08/04 00:56:57 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=FC160ACE21C81837692B339D230DD4BE -- C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe

    < MD5 for: VSSVC.EXE >
    [2004/08/04 00:56:57 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=3EE00364AE0FD8D604F46CBAF512838A -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
    [2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
    [2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\system32\vssvc.exe

    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    All those files indicated by Combofix as infected appear to be legit but they may be infected anyway.

    Re-run Combofix one more time.
  4. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    OK...
    Here it goes again...

    @#@$@#$ Mcfee is still around...

    OK --- OK --- OK
    Rootkit ditected
    OK. ---
    Need to reboot because of Rootkit activities.
    OK---
    ComboFix Running Now....

    This may be a few hours again...
    I will post as soon as I get the final report...

    Thanks for all your help so far... :)
  5. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You're welcome :)
  6. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    OK this time the blue screen notes this:

    *** STOP 0x000000c2 (0x000000007,0x00000cd4,0x04050202,0ce1af4120)

    Power OFF and Power back ON after a minute...

    Avast came back on after the reboot and stopped ComboFix...

    Should I re-start ComboFix...?
  7. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Run Combofix from safe mode.
  8. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    I disable Avast totally for now...

    and I will go to safe mode...
  9. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    OK here is what happen when I used Safe Mode...

    Again the laptop needed to reboot because of the rootkit and
    when it came back in when right to normal mode...

    ComboFix continued to work it magic and finally I have report to post:

    Here it is
    =========

    ComboFix 12-05-05.06 - CadDog 05/05/2012 18:51:20.5.2 - x86
    Running from: f:\! 01 a problem\5 steps\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-05 01:32 . 2012-03-06 23:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-05 01:32 . 2012-03-06 23:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-05-05 01:32 . 2012-03-06 23:0235672----a-w-c:\windows\system32\drivers\aswRdr.sys
    2012-05-05 01:32 . 2012-03-06 23:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-05-05 01:32 . 2012-03-06 23:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-05-05 01:32 . 2012-03-06 23:0195704----a-w-c:\windows\system32\drivers\aswmon2.sys
    2012-05-05 01:32 . 2012-03-06 23:0189048----a-w-c:\windows\system32\drivers\aswmon.sys
    2012-05-05 01:32 . 2012-03-06 22:5824920----a-w-c:\windows\system32\drivers\aavmker4.sys
    2012-05-05 01:32 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
    2012-05-05 01:32 . 2012-03-06 23:15201352----a-w-c:\windows\system32\aswBoot.exe
    2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\program files\AVAST Software
    2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\documents and settings\All Users\Application Data\AVAST Software
    2012-05-04 00:00 . 2012-05-05 17:20--------d-----w-c:\windows\system32\NtmsData
    2012-05-03 23:48 . 2012-05-06 01:50--------d-----w-c:\windows\system32\CatRoot2
    2012-05-02 01:15 . 2012-05-02 01:15--------d-----w-c:\program files\My Company Name
    2012-05-02 00:49 . 2012-05-02 00:49--------d-----w-c:\documents and settings\CadDog\Local Settings\Application Data\Toshiba
    2012-05-02 00:47 . 2012-05-02 00:47--------d-----w-c:\documents and settings\CadDog\Application Data\TOSHIBA
    2012-05-02 00:46 . 2007-04-23 23:39113920----a-w-c:\windows\system32\drivers\tosrfbd.sys
    2012-05-02 00:46 . 2007-04-11 03:2941856----a-w-c:\windows\system32\drivers\tosrfusb.sys
    2012-05-02 00:46 . 2006-10-05 23:0773600----a-w-c:\windows\system32\drivers\Tosrfhid.sys
    2012-05-02 00:46 . 2006-11-21 00:5536480----a-w-c:\windows\system32\drivers\tosrfbnp.sys
    2012-05-02 00:46 . 2005-01-06 20:4218612----a-w-c:\windows\system32\drivers\tosrfnds.sys
    2012-05-02 00:46 . 2006-10-11 02:3341600----a-w-c:\windows\system32\drivers\tosporte.sys
    2012-05-02 00:46 . 2005-08-01 23:4564896----a-w-c:\windows\system32\drivers\tosrfcom.sys
    2012-05-02 00:46 . 2012-05-02 00:46--------d-----w-c:\program files\Toshiba
    2012-05-02 00:44 . 2007-01-16 17:2231744----a-w-c:\windows\system32\drivers\csrbcxp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 01:55 . 2011-04-15 03:164766----a-w-c:\windows\system32\PerfStringBackup.TMP
    2012-04-04 22:56 . 2011-09-06 02:1022344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-04 20:03 . 2002-09-03 16:27138496----a-w-c:\windows\system32\drivers\afd.sys
    2012-04-01 17:57 . 2012-04-01 17:57418464----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-04-01 17:57 . 2011-05-16 00:3270304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-25 22:55 . 2012-02-25 22:5573728----a-w-c:\windows\system32\javacpl.cpl
    2012-02-25 22:55 . 2010-04-29 01:27472808----a-w-c:\windows\system32\deployJava1.dll
    2011-02-19 22:13 . 2011-02-19 22:138768200----a-w-c:\program files\Common Files\lpuninstall.exe
    2012-03-27 05:46 . 2011-04-17 15:4097208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-03_00.07.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 07:02 . 2009-07-12 07:0251008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0259728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0242832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0243344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0261264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0262800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0261760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0261776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0253568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0263296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0236688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 07:02 . 2009-07-12 07:0235648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2012-05-06 01:50 . 2012-05-06 01:5016384 c:\windows\Temp\Perflib_Perfdata_758.dat
    + 2007-04-12 00:29 . 2008-04-14 00:1218944 c:\windows\system32\dllcache\qmgrprxy.dll
    + 2010-08-01 17:14 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx4.dll
    + 2007-04-12 00:29 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx3.dll
    + 2007-04-12 00:29 . 2008-04-14 00:118192 c:\windows\system32\dllcache\bitsprx2.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 07:05 . 2009-07-12 07:05225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2007-04-09 22:19 . 2012-05-03 23:59224024 c:\windows\system32\FNTCACHE.DAT
    - 2007-04-09 22:19 . 2012-03-23 20:18224024 c:\windows\system32\FNTCACHE.DAT
    + 2012-05-05 01:32 . 2012-05-05 01:32219648 c:\windows\Installer\477eb1.msi
    + 2009-07-12 07:02 . 2009-07-12 07:023780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 07:02 . 2009-07-12 07:023765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-17 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-14 135168]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-14 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-14 163840]
    "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
    backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^NeoPlanet.lnk]
    path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\NeoPlanet.lnk
    backup=c:\windows\pss\NeoPlanet.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^Seagate 2GE6D6WE Product Registration.lnk]
    path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\Seagate 2GE6D6WE Product Registration.lnk
    backup=c:\windows\pss\Seagate 2GE6D6WE Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-10-27 09:001015808----a-w-c:\progra~1\Ares\Ares.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 23:08421160----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2012-04-04 22:56462408----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
    2009-12-18 18:24197928----a-w-c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Themes"=2 (0x2)
    "wuauserv"=2 (0x2)
    "SamSs"=2 (0x2)
    "wscsvc"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "FreeAgentGoNext Service"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "QuestBrowser Service"=2 (0x2)
    "AresChatServer"=3 (0x3)
    "McShield"=2 (0x2)
    "McNaiAnn"=2 (0x2)
    "mfevtp"=2 (0x2)
    "McAfee SiteAdvisor Service"=2 (0x2)
    "mcmscsvc"=2 (0x2)
    "McODS"=3 (0x3)
    "McProxy"=2 (0x2)
    "McMPFSvc"=2 (0x2)
    "McNASvc"=2 (0x2)
    "mfefire"=2 (0x2)
    "McAWFwk"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/4/2012 6:32 PM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2012 6:32 PM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2012 6:32 PM 20696]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/26/2010 5:51 PM 654408]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 7:10 PM 22344]
    S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:57 AM 253600]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    deventagent
    cusrvc
    BrPar
    amdk8
    btwhid
    dphost
    qbposdbextservices
    avupdsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:57]
    .
    2012-05-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-17 02:26]
    .
    2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{94AE8699-29C6-4632-8C9D-74C2EAB4B4EE}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.msn.com
    IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7dpr75s8.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-05 18:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-448539723-1958367476-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1104)
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2012-05-05 18:59:15
    ComboFix-quarantined-files.txt 2012-05-06 01:59
    ComboFix2.txt 2012-05-05 22:18
    ComboFix3.txt 2012-05-03 01:23
    ComboFix4.txt 2012-05-03 00:11
    .
    Pre-Run: 46,308,421,632 bytes free
    Post-Run: 46,243,753,984 bytes free
    .
    - - End Of File - - 53FD38939B6D0CA423C87E79ABA9882D

    I hope this tells you all you need to know...

    ;)
  10. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Combofix log looks good.

    Still no connection?

    If so, post new FSS log.
  11. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    Here you go:

    FSS report:
    =======
    Farbar Service Scanner Version: 30-04-2012 01
    Ran by CadDog (administrator) on 05-05-2012 at 20:19:22
    Running from "F:\! 01 A Problem"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(7) RFCOMM(8) Tcpip(4) Tcpip6(10)
    0x0D00000005000000010000000200000003000000040000000D000000090000000600000007000000080000000A0000000B0000000C000000
    IpSec Tag value is correct.

    **** End of log ****
     
  12. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Retry steps from my reply #14.
  13. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    Just finish all the steps in #14 with no luck... :(

    Still no network address...:mad:

    My eyes are killing me so I hope we can continue tomorrow...
  14. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    At this point your computer seems to be clean.

    I suggest you create new topic in Windows forum to deal with internet connection.
    The access to this forum is very limited, just you and me.
    In Windows forum you'll get more attention.
    Once you have your internet connection back you can come back here and we'll finish up.
  15. CadDog

    CadDog Newcomer, in training Topic Starter Posts: 51

    I will go to the windows forum tomorrow...
    I really didn't know what all was going on with this laptop and thought that it may have been a virus so that is why I started here...
    Thanks for all your help and I hope to be able to work with you again...
  16. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    You're definitely infected but that shouldn't be an issue right now.
    It's all clear.
    However like with any infections some Windows files could have got corrupted.
    Or...it may be some hardware issue as well.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.