Inactive Not acquiring network address
- Thread starter CadDog
- Start date
Oops....
Sorry... Trying again...
Here is the new report:
=================
OTL logfile created on: 5/5/2012 3:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = F:\! 01 A Problem\5 steps
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.97% Memory free
4.32 Gb Paging File | 3.99 Gb Available in Paging File | 92.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 43.14 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
Drive F: | 7.63 Gb Total Space | 5.06 Gb Free Space | 66.31% Space Free | Partition Type: FAT32
Computer Name: DJSYSTEM02 | User Name: CadDog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: AGP440.SYS >
[2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ASYNCMAC.SYS >
[2004/08/03 23:05:03 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ERDNT\cache\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
< MD5 for: BEEP.SYS >
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: COMRES.DLL >
[2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ERDNT\cache\comres.dll
[2008/04/13 17:11:51 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ServicePackFiles\i386\comres.dll
[2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\system32\comres.dll
[2004/08/04 00:56:41 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINDOWS\$NtServicePackUninstall$\comres.dll
< MD5 for: MSGSVC.DLL >
[2004/08/04 00:56:43 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=95FD808E4AC22ABA025A7B3EAC0375D2 -- C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ERDNT\cache\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\system32\msgsvc.dll
< MD5 for: TASKMGR.EXE >
[2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
[2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\system32\taskmgr.exe
[2004/08/04 00:56:57 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=FC160ACE21C81837692B339D230DD4BE -- C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
< MD5 for: VSSVC.EXE >
[2004/08/04 00:56:57 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=3EE00364AE0FD8D604F46CBAF512838A -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
[2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
[2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\system32\vssvc.exe
< End of report >
Sorry... Trying again...
Here is the new report:
=================
OTL logfile created on: 5/5/2012 3:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = F:\! 01 A Problem\5 steps
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.97% Memory free
4.32 Gb Paging File | 3.99 Gb Available in Paging File | 92.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 43.14 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
Drive F: | 7.63 Gb Total Space | 5.06 Gb Free Space | 66.31% Space Free | Partition Type: FAT32
Computer Name: DJSYSTEM02 | User Name: CadDog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: AGP440.SYS >
[2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/04/11 18:24:54 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/08/01 10:30:19 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ASYNCMAC.SYS >
[2004/08/03 23:05:03 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ERDNT\cache\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[2008/04/13 11:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
< MD5 for: BEEP.SYS >
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2002/09/03 09:27:56 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: COMRES.DLL >
[2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ERDNT\cache\comres.dll
[2008/04/13 17:11:51 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ServicePackFiles\i386\comres.dll
[2008/04/13 17:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\system32\comres.dll
[2004/08/04 00:56:41 | 000,792,064 | -H-- | M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINDOWS\$NtServicePackUninstall$\comres.dll
< MD5 for: MSGSVC.DLL >
[2004/08/04 00:56:43 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=95FD808E4AC22ABA025A7B3EAC0375D2 -- C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ERDNT\cache\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | -H-- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=986B1FF5814366D71E0AC5755C88F2D3 -- C:\WINDOWS\system32\msgsvc.dll
< MD5 for: TASKMGR.EXE >
[2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
[2008/04/13 17:12:37 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=2CD1C3506A85B38E2D17E61ADED175C4 -- C:\WINDOWS\system32\taskmgr.exe
[2004/08/04 00:56:57 | 000,135,680 | -H-- | M] (Microsoft Corporation) MD5=FC160ACE21C81837692B339D230DD4BE -- C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
< MD5 for: VSSVC.EXE >
[2004/08/04 00:56:57 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=3EE00364AE0FD8D604F46CBAF512838A -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
[2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
[2008/04/13 17:12:38 | 000,289,792 | -H-- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\system32\vssvc.exe
< End of report >
OK...
Here it goes again...
@#@$@#$ Mcfee is still around...
OK --- OK --- OK
Rootkit ditected
OK. ---
Need to reboot because of Rootkit activities.
OK---
ComboFix Running Now....
This may be a few hours again...
I will post as soon as I get the final report...
Thanks for all your help so far...
Here it goes again...
@#@$@#$ Mcfee is still around...
OK --- OK --- OK
Rootkit ditected
OK. ---
Need to reboot because of Rootkit activities.
OK---
ComboFix Running Now....
This may be a few hours again...
I will post as soon as I get the final report...
Thanks for all your help so far...
OK here is what happen when I used Safe Mode...
Again the laptop needed to reboot because of the rootkit and
when it came back in when right to normal mode...
ComboFix continued to work it magic and finally I have report to post:
Here it is
=========
ComboFix 12-05-05.06 - CadDog 05/05/2012 18:51:20.5.2 - x86
Running from: f:\! 01 a problem\5 steps\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-05 01:32 . 2012-03-06 23:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-05 01:32 . 2012-03-06 23:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-05 01:32 . 2012-03-06 23:0235672----a-w-c:\windows\system32\drivers\aswRdr.sys
2012-05-05 01:32 . 2012-03-06 23:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-05 01:32 . 2012-03-06 23:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-05 01:32 . 2012-03-06 23:0195704----a-w-c:\windows\system32\drivers\aswmon2.sys
2012-05-05 01:32 . 2012-03-06 23:0189048----a-w-c:\windows\system32\drivers\aswmon.sys
2012-05-05 01:32 . 2012-03-06 22:5824920----a-w-c:\windows\system32\drivers\aavmker4.sys
2012-05-05 01:32 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-05-05 01:32 . 2012-03-06 23:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\program files\AVAST Software
2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-04 00:00 . 2012-05-05 17:20--------d-----w-c:\windows\system32\NtmsData
2012-05-03 23:48 . 2012-05-06 01:50--------d-----w-c:\windows\system32\CatRoot2
2012-05-02 01:15 . 2012-05-02 01:15--------d-----w-c:\program files\My Company Name
2012-05-02 00:49 . 2012-05-02 00:49--------d-----w-c:\documents and settings\CadDog\Local Settings\Application Data\Toshiba
2012-05-02 00:47 . 2012-05-02 00:47--------d-----w-c:\documents and settings\CadDog\Application Data\TOSHIBA
2012-05-02 00:46 . 2007-04-23 23:39113920----a-w-c:\windows\system32\drivers\tosrfbd.sys
2012-05-02 00:46 . 2007-04-11 03:2941856----a-w-c:\windows\system32\drivers\tosrfusb.sys
2012-05-02 00:46 . 2006-10-05 23:0773600----a-w-c:\windows\system32\drivers\Tosrfhid.sys
2012-05-02 00:46 . 2006-11-21 00:5536480----a-w-c:\windows\system32\drivers\tosrfbnp.sys
2012-05-02 00:46 . 2005-01-06 20:4218612----a-w-c:\windows\system32\drivers\tosrfnds.sys
2012-05-02 00:46 . 2006-10-11 02:3341600----a-w-c:\windows\system32\drivers\tosporte.sys
2012-05-02 00:46 . 2005-08-01 23:4564896----a-w-c:\windows\system32\drivers\tosrfcom.sys
2012-05-02 00:46 . 2012-05-02 00:46--------d-----w-c:\program files\Toshiba
2012-05-02 00:44 . 2007-01-16 17:2231744----a-w-c:\windows\system32\drivers\csrbcxp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 01:55 . 2011-04-15 03:164766----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-04-04 22:56 . 2011-09-06 02:1022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-04 20:03 . 2002-09-03 16:27138496----a-w-c:\windows\system32\drivers\afd.sys
2012-04-01 17:57 . 2012-04-01 17:57418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-01 17:57 . 2011-05-16 00:3270304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 22:55 . 2012-02-25 22:5573728----a-w-c:\windows\system32\javacpl.cpl
2012-02-25 22:55 . 2010-04-29 01:27472808----a-w-c:\windows\system32\deployJava1.dll
2011-02-19 22:13 . 2011-02-19 22:138768200----a-w-c:\program files\Common Files\lpuninstall.exe
2012-03-27 05:46 . 2011-04-17 15:4097208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_00.07.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:0251008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0259728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0242832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0243344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0262800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0253568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0263296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0236688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0235648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-05-06 01:50 . 2012-05-06 01:5016384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2007-04-12 00:29 . 2008-04-14 00:1218944 c:\windows\system32\dllcache\qmgrprxy.dll
+ 2010-08-01 17:14 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx4.dll
+ 2007-04-12 00:29 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2007-04-12 00:29 . 2008-04-14 00:118192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2007-04-09 22:19 . 2012-05-03 23:59224024 c:\windows\system32\FNTCACHE.DAT
- 2007-04-09 22:19 . 2012-03-23 20:18224024 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-05 01:32 . 2012-05-05 01:32219648 c:\windows\Installer\477eb1.msi
+ 2009-07-12 07:02 . 2009-07-12 07:023780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:023765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-14 135168]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-14 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-14 163840]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^NeoPlanet.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\NeoPlanet.lnk
backup=c:\windows\pss\NeoPlanet.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^Seagate 2GE6D6WE Product Registration.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\Seagate 2GE6D6WE Product Registration.lnk
backup=c:\windows\pss\Seagate 2GE6D6WE Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-10-27 09:001015808----a-w-c:\progra~1\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08421160----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 22:56462408----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 18:24197928----a-w-c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"wuauserv"=2 (0x2)
"SamSs"=2 (0x2)
"wscsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FreeAgentGoNext Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"QuestBrowser Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"McShield"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mfevtp"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McProxy"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McNASvc"=2 (0x2)
"mfefire"=2 (0x2)
"McAWFwk"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/4/2012 6:32 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2012 6:32 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2012 6:32 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/26/2010 5:51 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 7:10 PM 22344]
S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:57 AM 253600]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
deventagent
cusrvc
BrPar
amdk8
btwhid
dphost
qbposdbextservices
avupdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:57]
.
2012-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-17 02:26]
.
2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{94AE8699-29C6-4632-8C9D-74C2EAB4B4EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7dpr75s8.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1958367476-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-05-05 18:59:15
ComboFix-quarantined-files.txt 2012-05-06 01:59
ComboFix2.txt 2012-05-05 22:18
ComboFix3.txt 2012-05-03 01:23
ComboFix4.txt 2012-05-03 00:11
.
Pre-Run: 46,308,421,632 bytes free
Post-Run: 46,243,753,984 bytes free
.
- - End Of File - - 53FD38939B6D0CA423C87E79ABA9882D
I hope this tells you all you need to know...
Again the laptop needed to reboot because of the rootkit and
when it came back in when right to normal mode...
ComboFix continued to work it magic and finally I have report to post:
Here it is
=========
ComboFix 12-05-05.06 - CadDog 05/05/2012 18:51:20.5.2 - x86
Running from: f:\! 01 a problem\5 steps\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-05 01:32 . 2012-03-06 23:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-05 01:32 . 2012-03-06 23:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-05 01:32 . 2012-03-06 23:0235672----a-w-c:\windows\system32\drivers\aswRdr.sys
2012-05-05 01:32 . 2012-03-06 23:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-05 01:32 . 2012-03-06 23:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-05 01:32 . 2012-03-06 23:0195704----a-w-c:\windows\system32\drivers\aswmon2.sys
2012-05-05 01:32 . 2012-03-06 23:0189048----a-w-c:\windows\system32\drivers\aswmon.sys
2012-05-05 01:32 . 2012-03-06 22:5824920----a-w-c:\windows\system32\drivers\aavmker4.sys
2012-05-05 01:32 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-05-05 01:32 . 2012-03-06 23:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\program files\AVAST Software
2012-05-05 01:31 . 2012-05-05 01:31--------d-----w-c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-04 00:00 . 2012-05-05 17:20--------d-----w-c:\windows\system32\NtmsData
2012-05-03 23:48 . 2012-05-06 01:50--------d-----w-c:\windows\system32\CatRoot2
2012-05-02 01:15 . 2012-05-02 01:15--------d-----w-c:\program files\My Company Name
2012-05-02 00:49 . 2012-05-02 00:49--------d-----w-c:\documents and settings\CadDog\Local Settings\Application Data\Toshiba
2012-05-02 00:47 . 2012-05-02 00:47--------d-----w-c:\documents and settings\CadDog\Application Data\TOSHIBA
2012-05-02 00:46 . 2007-04-23 23:39113920----a-w-c:\windows\system32\drivers\tosrfbd.sys
2012-05-02 00:46 . 2007-04-11 03:2941856----a-w-c:\windows\system32\drivers\tosrfusb.sys
2012-05-02 00:46 . 2006-10-05 23:0773600----a-w-c:\windows\system32\drivers\Tosrfhid.sys
2012-05-02 00:46 . 2006-11-21 00:5536480----a-w-c:\windows\system32\drivers\tosrfbnp.sys
2012-05-02 00:46 . 2005-01-06 20:4218612----a-w-c:\windows\system32\drivers\tosrfnds.sys
2012-05-02 00:46 . 2006-10-11 02:3341600----a-w-c:\windows\system32\drivers\tosporte.sys
2012-05-02 00:46 . 2005-08-01 23:4564896----a-w-c:\windows\system32\drivers\tosrfcom.sys
2012-05-02 00:46 . 2012-05-02 00:46--------d-----w-c:\program files\Toshiba
2012-05-02 00:44 . 2007-01-16 17:2231744----a-w-c:\windows\system32\drivers\csrbcxp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 01:55 . 2011-04-15 03:164766----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-04-04 22:56 . 2011-09-06 02:1022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-04 20:03 . 2002-09-03 16:27138496----a-w-c:\windows\system32\drivers\afd.sys
2012-04-01 17:57 . 2012-04-01 17:57418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-01 17:57 . 2011-05-16 00:3270304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 22:55 . 2012-02-25 22:5573728----a-w-c:\windows\system32\javacpl.cpl
2012-02-25 22:55 . 2010-04-29 01:27472808----a-w-c:\windows\system32\deployJava1.dll
2011-02-19 22:13 . 2011-02-19 22:138768200----a-w-c:\program files\Common Files\lpuninstall.exe
2012-03-27 05:46 . 2011-04-17 15:4097208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_00.07.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:0251008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0259728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0242832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0243344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0262800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0261776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0253568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0263296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0236688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:0235648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:0559904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-05-06 01:50 . 2012-05-06 01:5016384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2007-04-12 00:29 . 2008-04-14 00:1218944 c:\windows\system32\dllcache\qmgrprxy.dll
+ 2010-08-01 17:14 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx4.dll
+ 2007-04-12 00:29 . 2008-04-14 00:117168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2007-04-12 00:29 . 2008-04-14 00:118192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2007-04-09 22:19 . 2012-05-03 23:59224024 c:\windows\system32\FNTCACHE.DAT
- 2007-04-09 22:19 . 2012-03-23 20:18224024 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-05 01:32 . 2012-05-05 01:32219648 c:\windows\Installer\477eb1.msi
+ 2009-07-12 07:02 . 2009-07-12 07:023780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:023765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-14 135168]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-14 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-14 163840]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^NeoPlanet.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\NeoPlanet.lnk
backup=c:\windows\pss\NeoPlanet.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^Seagate 2GE6D6WE Product Registration.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\Seagate 2GE6D6WE Product Registration.lnk
backup=c:\windows\pss\Seagate 2GE6D6WE Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-10-27 09:001015808----a-w-c:\progra~1\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08421160----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 22:56462408----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 18:24197928----a-w-c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"wuauserv"=2 (0x2)
"SamSs"=2 (0x2)
"wscsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FreeAgentGoNext Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"QuestBrowser Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"McShield"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mfevtp"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McProxy"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McNASvc"=2 (0x2)
"mfefire"=2 (0x2)
"McAWFwk"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/4/2012 6:32 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2012 6:32 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2012 6:32 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/26/2010 5:51 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 7:10 PM 22344]
S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:57 AM 253600]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
deventagent
cusrvc
BrPar
amdk8
btwhid
dphost
qbposdbextservices
avupdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:57]
.
2012-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-17 02:26]
.
2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{94AE8699-29C6-4632-8C9D-74C2EAB4B4EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7dpr75s8.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1958367476-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-05-05 18:59:15
ComboFix-quarantined-files.txt 2012-05-06 01:59
ComboFix2.txt 2012-05-05 22:18
ComboFix3.txt 2012-05-03 01:23
ComboFix4.txt 2012-05-03 00:11
.
Pre-Run: 46,308,421,632 bytes free
Post-Run: 46,243,753,984 bytes free
.
- - End Of File - - 53FD38939B6D0CA423C87E79ABA9882D
I hope this tells you all you need to know...
Here you go:
FSS report:
=======
Farbar Service Scanner Version: 30-04-2012 01
Ran by CadDog (administrator) on 05-05-2012 at 20:19:22
Running from "F:\! 01 A Problem"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(7) RFCOMM(8) Tcpip(4) Tcpip6(10)
0x0D00000005000000010000000200000003000000040000000D000000090000000600000007000000080000000A0000000B0000000C000000
IpSec Tag value is correct.
**** End of log ****
FSS report:
=======
Farbar Service Scanner Version: 30-04-2012 01
Ran by CadDog (administrator) on 05-05-2012 at 20:19:22
Running from "F:\! 01 A Problem"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(11) NwlnkNb(12) PSched(7) RFCOMM(8) Tcpip(4) Tcpip6(10)
0x0D00000005000000010000000200000003000000040000000D000000090000000600000007000000080000000A0000000B0000000C000000
IpSec Tag value is correct.
**** End of log ****
Broni
Posts: 56,041 +517
At this point your computer seems to be clean.
I suggest you create new topic in Windows forum to deal with internet connection.
The access to this forum is very limited, just you and me.
In Windows forum you'll get more attention.
Once you have your internet connection back you can come back here and we'll finish up.
I suggest you create new topic in Windows forum to deal with internet connection.
The access to this forum is very limited, just you and me.
In Windows forum you'll get more attention.
Once you have your internet connection back you can come back here and we'll finish up.
