TechSpot

Trojan Horse on Windows XP

By staciealyse
Nov 22, 2009
  1. Hello,
    Recently I ran a norton scan and it detected a trojan horse but could not fix it. I decided to take matters into my own hands, with know formal knowledge of what to do or how to do it. I browsed a couple websites, made a post on facebook, and tried to solve my own problem.
    Steps:
    I shut down my computer and restarted it in safemode with networking
    I downloaded the microsoft program for finding and fixing viruses (dont remember what its called)
    Ran that program, said everything was clean
    Downloaded and installed SuperAntiSpyware on the advice of a friend and that program did find security threats, but i dont know if they were the virus or just cookies or something that the other scanners had missed.
    After "super" did its thing, i restarted my computer in normal mode and was able to use the internet and all my programs normally again. (I was not able to use the internet or microsoft office when norton first found the virus)

    I thought I had been succesful so I have been using my computer again as normal... but now I was looking at the bottom of the page on FireFox and it said something about transferring data and i got scared. I keep checking my task manager but i dont know what im looking for so it doesnt do any good and i just sit here and freak about whether or not i have taken care of the problem. I need help. Please. I will be online and ready to answer any questions you might have, thanks.
    1 more thing, my OS is Windows XP
     
  2. staciealyse

    staciealyse TS Rookie Topic Starter

    HJT Results

    I read some other posts and downloaded the hikack this tool. Here is my log. I think i'm screwed huh?
     

    Attached Files:

  3. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Hi staciealyse,

    According to the Hijacjthis log, you have one file that is supposed to be running in system32 but is not, and could be malware.
    C:\Program Files\Common Files\alg.exe
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    AnonymousSurfer, please stop advising these members. the Hijackthis log does not screen for viruses, nor can it be used to tell someone they are virus free.

    staciealyse, please follow the steps here: http://www.techspot.com/vb/topic58138.html

    When you have finished, attach the logs from Malwarebytes and Superantispyware.

    Rescan with HijackThis and paste that in your reply> I will then review all of the logs and help you with the malware.
     
  5. staciealyse

    staciealyse TS Rookie Topic Starter

    Another question, I am currently running the superantispyware program, but this is the first antispyware i downloaded after I realized I had become infected, and it found threats the first time i ran it, but then my computer shut down and every scan i performed subsequently came up clean. Is it possible the virus affected it in some way so that the version I have is no longer able to detect it? Should I uninstall and re-download?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes. Uninstall and remove the log it created. Run programs in this order: Malwarebytes, then Superantispyware, then follow with new HijackThis scan.

    Attach logs from first 2 programs.

    PASTE the log from HijackThis.
     
  7. staciealyse

    staciealyse TS Rookie Topic Starter

    I am a frustrated mess! I cant remove or add the programs that I need to because either it will not let me delete the program (i.e. superantispyware, malwarebytes, etc) or i will delete/uninstall and then re-download but the program is still not functioning correctly or finding files that i know are corrupt or infected. Windows Add or Remove programs keeps telling me its not installed right or that i'm running in safe mode (I dont think I can be because i chose the option that said "start all programs and devices run computer in normal mode) to bypass that error and it still says the same thing. What do i do now...?
     
  8. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Are the programs (SUPERAntiSpyware, Malwarebyte's, etc.) working? If the logs are saving, pleas post them.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, then give us the logs you have.

    And consider running a full system scan with the Symantec antivirus, save the log and attach with the other logs..
     
  10. staciealyse

    staciealyse TS Rookie Topic Starter

    I uninstalled my norton anti virus because someone responded that i would have to uninstall it to proceed. Here are the logs that I made before my computer stopped letting me install/uninstall programs. I have all these files popping up on my computer that i have never seen before...
    Located in
    Application Data:
    Blitware (description) Driver Robot
    ICA Client (has many files of configuration settings)
    there is also a microsoft file with tons of sub files
    there is something called NT User that pops up everywhere
    and i keep seeing something that says desktop described as configuration settings in pretty much every file.
    I tried to uninstall and reinstall superantispyware but it wont let me and now I cant find the logs from the majority of other programs I ran. The ones I attached I found in a documents folder that i had used before i read that you guys didnt want us (infected users) to change the file paths. Something else i dont recognize is called UpNp and so much more. It also says im logged on in safe mode when im logged in as the administrator and the more i explore the more things I find that I dont recognize. I feel completely paranoid! This is my first experience with a virus and let me just say it is VERY unnerving.
     
  11. staciealyse

    staciealyse TS Rookie Topic Starter

    Hijack This

    I just tried to copy and paste a couple hijack this logs from different dates but it said i used too many characters so i am attaching them here
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:19 AM, on 11/22/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
    C:\Program Files\Common Files\alg.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\Bin\exeForService.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
    O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-868811260-2976433552-2182561353-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Stacie Gubler')
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} (ArcDnld Control) - https://www.sub-hub.com/Secures/SHDnld.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
     
  12. staciealyse

    staciealyse TS Rookie Topic Starter

    Config Free

    ConfigFree Diagnostic LOG

    * Machine information
    * IP information
    * Route information
    * Protocol information
    * Network Device information
    * Wireless Comunication Switch and Wireless HotKey status
    * Diagnostics results
    * ConfigFree Version
    * Network Diagnostics



    Machine information

    Vendor:
    Machine Name:
    BIOS Name:
    BIOS Version:
    Version:
    CPU Maker:
    CPU Name:
    CPU Clock:
    CPU Base Clock:
    OS:
    OS Build:
    OS SP:
    Ram:


    TOP

    IP information

    ipconfig /all


    Windows IP Configuration



    Host Name . . . . . . . . . . . . : toshiba-user

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Broadcast

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : lan



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : lan

    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

    Physical Address. . . . . . . . . : 00-18-DE-52-92-31

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.0.109

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    IP Address. . . . . . . . . . . . : fe80::218:deff:fe52:9231%4

    Default Gateway . . . . . . . . . : 192.168.0.1

    fe80::224:1ff:fe40:106c%4

    DHCP Server . . . . . . . . . . . : 192.168.0.1

    DNS Servers . . . . . . . . . . . : 192.168.0.1

    fec0:0:0:ffff::1%1

    fec0:0:0:ffff::2%1

    fec0:0:0:ffff::3%1

    Lease Obtained. . . . . . . . . . : Wednesday, December 02, 2009 2:49:54 PM

    Lease Expires . . . . . . . . . . : Wednesday, December 09, 2009 2:49:54 PM



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

    Physical Address. . . . . . . . . : 00-16-36-5C-CA-77



    Tunnel adapter Teredo Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

    Default Gateway . . . . . . . . . :

    NetBIOS over Tcpip. . . . . . . . : Disabled


    TOP

    Route information

    route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 18 de 52 92 31 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    0x3 ...00 16 36 5c ca 77 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
    63.135.85.142 255.255.255.255 192.168.0.1 192.168.0.109 25
    63.217.8.109 255.255.255.255 192.168.0.1 192.168.0.109 25
    69.63.178.140 255.255.255.255 192.168.0.1 192.168.0.109 25
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.0.0 255.255.255.0 192.168.0.109 192.168.0.109 25
    192.168.0.109 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.0.255 255.255.255.255 192.168.0.109 192.168.0.109 25
    209.131.36.158 255.255.255.255 192.168.0.1 192.168.0.109 25
    224.0.0.0 240.0.0.0 192.168.0.109 192.168.0.109 25
    255.255.255.255 255.255.255.255 192.168.0.109 3 1
    255.255.255.255 255.255.255.255 192.168.0.109 192.168.0.109 1
    Default Gateway: 192.168.0.1
    ===========================================================================
    Persistent Routes:
    None

    TOP

    Protocol information

    Protocol Bind Information


    Microsoft TCP/IP version 6

    AEGIS Protocol (IEEE 802.1x) v3.4.9.0
    WLAN Transport

    WLAN Transport

    TOSHIBA Network Device Usermode I/O Protocol

    Point to Point Protocol Over Ethernet

    Point to Point Tunneling Protocol

    Layer 2 Tunneling Protocol

    Remote Access NDIS WAN Driver

    NDIS Usermode I/O Protocol

    Message-oriented TCP/IP Protocol (SMB session)

    WINS Client(TCP/IP) Protocol
    Microsoft TCP/IP version 6
    Internet Protocol (TCP/IP)

    Internet Protocol (TCP/IP)

    TOP

    Network Device information

    Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID : PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&20975680&0&00E1
    Status : Enable
    Driver Vender : Intel
    Driver Version : 10.1.0.13
    Driver Date : 12-4-2005

    Intel(R) PRO/100 VE Network Connection
    Device ID : PCI\VEN_8086&DEV_1092&SUBSYS_FF311179&REV_02\4&6B16D5B&0&40F0
    Status : Enable
    Driver Vender : Intel
    Driver Version : 8.0.21.101
    Driver Date : 10-10-2005


    TOP

    Wireless Comunication Switch and Wireless HotKey status

    Wireless Communication Switch : On
    Wireless Hotkey (Fn + F8)
    Wireless LAN : On


    TOP

    Diagnostics results

    Ping Option : On
    Ping Check : Yes
    Ping Retry : 3 (times)
    Ping Time Out : 300 (ms)

    << Network Adapter >>
    Network Adapter Description : Intel(R) PRO/Wireless 3945ABG Network Connection
    Status: Enable
    Mac Address : 00-18-de-52-92-31
    IP Address : 192.168.0.109
    < Ping Status List >
    Default gateway :
    192.168.0.1 [OK]
    DNS server :
    192.168.0.1 [OK]
    WINS server :
    Settings : None
    Proxy server :
    Settings : Not use

    << Network Adapter >>
    Network Adapter Description : Intel(R) PRO/100 VE Network Connection
    Status: Enable
    Lan Cable Status: Disconnected


    TOP

    ConfigFree Version

    ConfigFree(TM) 5.90.05
    Database 3.00.02


    TOP

    Network Diagnostics

    No Problem found
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you use the Norton Removal Tool? If you did not, it is still on the system. Whoever told you that you needed to move it was wrong.

    See if you can enable Norton again.

    Let me know. a-square isn't doing you any good because the AV part does not update automatically. Those logs are a week old and no good now.

    It would be helpful if you pulled yourself together and listened to what I tell you. I'd rather you have Norton if updating.

    Stay away from this site: Trymedia Systems You are the second person I've seen today who has gotten malware infections from it

    Please run Malwarebytes, Superantispyware and HijackThis again, in that order. Superantispyware is already loading. I need the log. Each program tells you what and where the log will be.

    Forget about uninstalling and reinstalling those programs- just give me something current to work with.

    Blitware (description) Driver Robot is a drive update utility- we'll remove it later.
    ICA Client is the Citrix Independent Computing Architecture.
    Application data, Microsoft Files and nT User are all part of the operating system.

    There is not enough information about any of the above yet to check anything.
     
  14. staciealyse

    staciealyse TS Rookie Topic Starter

    Logs

    I did use the norton removal tool. I tried to reinstall with their help but was unable to. This is the most recent log i have from 11/29, I will run malwarebytes again (if i can) and post another log asap.
     
  15. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    We still need the SUPERAntiSpyware and Malwarebyte's logs.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The most important thing for you to do is get an antivirus program on the system that is updating.Mbam is clean- that's good. Did you update it first? I would still like to have SAS and a new HijackThis log.

    When you get Avira on and updating, Run a full system scan and attach the log. I need to see if anything got on with the AV changeover.
     
  17. staciealyse

    staciealyse TS Rookie Topic Starter

    I've never had to use this program called "config free" but now I cannot open my network connections or set up a new connection or anything, It says i'm not an administrator of the "workplace" group. I ran a diagnostics log yesterday so i thought i would post the results and see if this gave you any new information. I also cant seem to connect to the secure wireless network we have at work (I'm not a member of the network most of the office computers share because I am the only one working on a personal computer) and instead am always connected to an unsecure connection named "dlink"
    Machine information

    Vendor:
    Machine Name:
    BIOS Name:
    BIOS Version:
    Version:
    CPU Maker:
    CPU Name:
    CPU Clock:
    CPU Base Clock:
    OS:
    OS Build:
    OS SP:
    Ram:


    TOP

    IP information

    ipconfig /all


    Windows IP Configuration



    Host Name . . . . . . . . . . . . : toshiba-user

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Broadcast

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : lan



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

    Physical Address. . . . . . . . . : 00-16-36-5C-CA-77



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : lan

    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

    Physical Address. . . . . . . . . : 00-18-DE-52-92-31

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.0.109

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    IP Address. . . . . . . . . . . . : fe80::218:deff:fe52:9231%9

    Default Gateway . . . . . . . . . : 192.168.0.1

    fe80::224:1ff:fe40:106c%9

    DHCP Server . . . . . . . . . . . : 192.168.0.1

    DNS Servers . . . . . . . . . . . : 192.168.0.1

    fec0:0:0:ffff::1%1

    fec0:0:0:ffff::2%1

    fec0:0:0:ffff::3%1

    Lease Obtained. . . . . . . . . . : Thursday, December 03, 2009 8:11:46 AM

    Lease Expires . . . . . . . . . . : Thursday, December 10, 2009 8:11:46 AM



    Tunnel adapter Teredo Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

    Default Gateway . . . . . . . . . :

    NetBIOS over Tcpip. . . . . . . . : Disabled


    TOP

    Route information

    route print
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x20003 ...00 16 36 5c ca 77 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    0x40002 ...00 18 de 52 92 31 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
    63.135.88.150 255.255.255.255 192.168.0.1 192.168.0.109 25
    69.147.84.231 255.255.255.255 192.168.0.1 192.168.0.109 25
    76.13.210.53 255.255.255.255 192.168.0.1 192.168.0.109 25
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.0.0 255.255.255.0 192.168.0.109 192.168.0.109 25
    192.168.0.109 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.0.255 255.255.255.255 192.168.0.109 192.168.0.109 25
    209.191.86.104 255.255.255.255 192.168.0.1 192.168.0.109 25
    224.0.0.0 240.0.0.0 192.168.0.109 192.168.0.109 25
    255.255.255.255 255.255.255.255 192.168.0.109 20003 1
    255.255.255.255 255.255.255.255 192.168.0.109 192.168.0.109 1
    Default Gateway: 192.168.0.1
    ===========================================================================
    Persistent Routes:
    None

    TOP

    Protocol information

    Protocol Bind Information


    Microsoft TCP/IP version 6

    AEGIS Protocol (IEEE 802.1x) v3.4.9.0
    WLAN Transport

    WLAN Transport

    TOSHIBA Network Device Usermode I/O Protocol

    Point to Point Protocol Over Ethernet

    Point to Point Tunneling Protocol

    Layer 2 Tunneling Protocol

    Remote Access NDIS WAN Driver

    NDIS Usermode I/O Protocol

    Message-oriented TCP/IP Protocol (SMB session)

    WINS Client(TCP/IP) Protocol
    Microsoft TCP/IP version 6
    Internet Protocol (TCP/IP)

    Internet Protocol (TCP/IP)

    TOP

    Network Device information

    Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID : PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&20975680&0&00E1
    Status : Enable
    Driver Vender : Intel
    Driver Version : 10.1.0.13
    Driver Date : 12-4-2005

    Intel(R) PRO/100 VE Network Connection
    Device ID : PCI\VEN_8086&DEV_1092&SUBSYS_FF311179&REV_02\4&6B16D5B&0&40F0
    Status : Enable
    Driver Vender : Intel
    Driver Version : 8.0.21.101
    Driver Date : 10-10-2005


    TOP

    Wireless Comunication Switch and Wireless HotKey status

    Wireless Communication Switch : On
    Wireless Hotkey (Fn + F8)
    Wireless LAN : On


    TOP

    Diagnostics results

    Ping Option : On
    Ping Check : Yes
    Ping Retry : 3 (times)
    Ping Time Out : 300 (ms)

    << Network Adapter >>
    Network Adapter Description : Intel(R) PRO/Wireless 3945ABG Network Connection
    Status: Enable
    Mac Address : 00-18-de-52-92-31
    IP Address : 192.168.0.109
    < Ping Status List >
    Default gateway :
    192.168.0.1 [OK]
    DNS server :
    192.168.0.1 [OK]
    WINS server :
    Settings : None
    Proxy server :
    Settings : Not use

    << Network Adapter >>
    Network Adapter Description : Intel(R) PRO/100 VE Network Connection
    Status: Enable
    Lan Cable Status: Disconnected


    TOP

    ConfigFree Version

    ConfigFree(TM) 5.90.05
    Database 3.00.02


    TOP

    Network Diagnostics

    No Problem found
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This type of problem belongs in the hardware forum, not in virus and malware. I am reasonably sure that the problem have been caused by yourself trying to do what you admittedly know nothing about.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...