PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Cannot find server or DNS Error - please help!
Have something to say? Contribute New Article Reply to this Article My apologies - I got Moral Terror's last post when I got back to town, but in the meantime I forgot all about downloading Firefox. I will try to do that sometime today or tomorrow.
When I first called IBM tech support, they had me attempt a system restore. It did not work on my computer. I attempted to restore my computer to about 20 different check points, all the way back in to January - and none of them worked.
I'll let you know what happens with Firefox.
Please also tell us if you have a LAN, DSL, cable or dial-up connection
Do you have a router?
Cable, and yes I have a router. I've attempted to plug directly into the router, and have been unsuccessful connecting that way as well.
Thanks!
I am posting...from my own computer!!
Words cannot express how happy I am right now. I downloaded Firefox, and I'm able to connect that way.
h
Does that mean that the problem is only with internet explorer and not with my computer?
Once again, a million thank yous to both of you for all of your help...
(Off to install my Windows updates.)
-ERE
I just tried to install SP1a, per MoralTerror's instruction. I got the following error message:
"Setup has detected that the Service Pack version of the system installed is newer than the update you are applying to it.
You can only install this update on Service Pack 1."
I know you said I should only install SP2 on a completely clean machine...how should I proceed?
Thank you!
-ERE
Hi ere
Sorry for the late reply real life has been a bit hectic.
I'm at work just now but if you skip those updates for now and post the new ComboFix.txt, HijackThis log and the Jotti results. I will have to review the previous logs and the new logs to jog my old mind. I will review them when I get home (unless Phil can beforehand)
Hi again,
No worries! Your real life should always take priority over my computer - not that I don't deeply appreciate the help and all.
I haven't yet used Jotti during this process. Is this what you're talking about? I would appreciate further instruction on what to do with it. It looks like I'm supposed to upload and scan a file...but what file?
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:47 PM, on 3/6/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\AEIWLSTA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rachel\My Documents\Save My Computer\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://harpo-notes1.harpo.com/iNotes6W.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8908 bytes
And here is the Combofix log:
ComboFix 08-03-06.2 - Rachel 2008-03-06 21:40:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -6:00]
Running from: C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\uninsticn.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
2008-03-06 21:41 . 2008-03-06 21:41 616,448 --ah----- C:\CD Burning Stash File.bin
2008-03-06 18:52 . 2008-03-06 18:52 d-------- C:\Documents and Settings\Rachel\Application Data\Talkback
2008-03-04 22:11 . 2008-03-04 22:11 d-------- C:\HostsXpert
2008-02-23 18:41 . 2008-02-23 18:41 d-------- C:\WINDOWS\system32\temp
2008-02-23 18:36 . 2008-02-23 18:36 d-------- C:\Program Files\Burn4Free Toolbar
2008-02-23 18:36 . 2008-02-24 18:42 d-------- C:\Program Files\Burn4Free
2008-02-23 18:36 . 2008-02-23 18:36 232,046 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6249.exe
2008-02-23 16:42 . 2008-02-23 16:42 d-------- C:\Documents and Settings\Rachel\Application Data\Grisoft
2008-02-23 16:41 . 2008-02-23 16:41 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-23 16:41 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-09 22:08 . 2008-02-09 22:08 d-------- C:\Program Files\eMusic Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 00:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 04:24 --------- d-----w C:\Documents and Settings\Rachel\Application Data\OpenOffice.org2
2008-03-05 04:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 19:06 --------- d-----w C:\Documents and Settings\Rachel\Application Data\MSN6
2008-01-24 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 02:38 --------- d-----w C:\Program Files\Lavasoft
2008-01-24 02:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 02:11 --------- d-----w C:\Program Files\Java
2008-01-24 02:09 --------- d-----w C:\Program Files\Common Files\Java
2007-12-19 01:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
------- Sigcheck -------
6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
-c----w 585,216 2004-01-08 23:23:38 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 593,920 2001-08-18 13:00:00 C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
----a-w 656,384 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-02-23 18:36 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-02-23 18:36 806912]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-02-23 18:36 806912]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 09:14 1077277]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08 67160]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTSMMSG"="LTSMMSG.exe" [2001-08-02 17:28 45056 C:\WINDOWS\LTSMMSG.exe]
"S3TRAY2"="S3Tray2.exe" [2001-11-12 04:31 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2001-09-14 05:03 176128 C:\WINDOWS\system32\tp4serv.exe]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2001-09-03 03:22 46592]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2001-09-03 03:22 56320]
"TP4EX"="tp4ex.exe" [2001-07-05 03:02 40960 C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2001-07-09 18:19 69632]
"UC_SMB"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-11-08 17:58 323216]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2007-12-19 15:18 4345856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AEIWLSTA.EXE"="AEIWLSTA.EXE" [2001-09-28 10:47 213376 C:\WINDOWS\system32\AEIWLSTA.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 19:01:20 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys [2007-05-16 11:42]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2001-07-30 03:05]
R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys [2001-09-03 03:22]
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-09 20:24]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;C:\WINDOWS\System32\DRIVERS\AEIWLNDS.sys [2001-09-28 10:36]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-02 17:28]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\System32\DRIVERS\tp4track.sys [2001-09-14 05:03]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 14:11]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 03:26:06 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
"2008-02-23 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rachel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 21:44:29
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-06 21:45:57
ComboFix-quarantined-files.txt 2008-03-07 03:45:39
ComboFix2.txt 2008-02-26 02:33:29
ComboFix3.txt 2008-02-24 21:25:50
.
2008-02-15 00:56:09 --- E O F ---
Thanks so much!!
- ERE
I am posting...from my own computer!!
Does that mean that the problem is only with internet explorer and not with my computer?
Once again, a million thank yous to both of you for all of your help...
Great! Now we're cookin' with gas . . .as they say :)
-- Definitely looks like a problem with IE. It is not playing well with the machine.
I imagine that, once we get you updated properly, we'll give IE7 a look and remove IE6.
I am tied up with work right now and can't look at the new logs - Just wanted to congratulate you on the progress!
Will check back and have a look tomorrow if MT doesn't beat me to it.
PP :)EDIT: At really quick glance, the logs look OK. Nothing jumping out there. Still, better to wait until one of us has a chance to give a closer look.
PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
Yes upload this file C:\WINDOWS\system32\wininet.dll to http://virusscan.jotti.org/ and submit it. Wait for the analysis then copy/paste the results here
This is what I got back from Jotti. Here you go!
Service
Service load:
0% 100%
File: wininet.dll
Status:
OK
MD5: 6626545292428ae1ed5b4237404b346a
Packers detected:
-
Bit9 reports: No threat detected, but known vulnerabilities exist (more info)
Scanner results
Scan taken on 08 Mar 2008 03:24:59 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Hi ere
Logs look fine, let's troubleshoot those updates.
Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here.
Here you go:
3ivx MPEG-4 5.0 Decoder (remove only)
Access ThinkPad
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
ALOT eMusic Toolbar
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
Burn4Free CD and DVD
Burn4Free Toolbar
ccCommon
DVDExpress
eMusic Download Manager 3.0
Finale NotePad 2006
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
IBM Access Connections
IBM RecordNow
IBM ThinkPad Access Support
IBM ThinkPad Power Management Driver
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Icons
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) PRO Ethernet Adapter and Software
Internet Worm Protection
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 3
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lucent Technologies Soft Modem AMR
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.12)
MSN Music Assistant
My Web Search (My Fun Cards)
Napster
Napster Burn Engine
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NoteBurner 2.11
OLYMPUS Master
OpenOffice.org 2.0
QuickTime
S3Display
S3Gamma2
S3Info2
SPBBC
SuperSavage and Utilities
Symantec
ThinkPad Configuration
ThinkPad Software Installer
Uninstall PC-Doctor
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB888162
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Service Pack 2
Hi ere
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.
----------------------------
From Control Panel > Add/Remove Progams uninstall the following
ALOT eMusic Toolbar
My Web Search (My Fun Cards)
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Service Pack 2
Reboot the PC for changes to take effect then visit Windows Update and try updating to SP1a again. Let us know how that goes.
Hello!
I did everything you laid out in your last post, and all seemed to go relatively smoothly. I did get the following error message when I tried to uninstall My Web Search (My Fun Cards), so I was unable to install it:
Error Loading C:\PROGRA~\MYWEBS~1\bar\1.bin\mwsbar.dll
The specified module could not be found.
Also, when I first restarted the computer after installing SP1a I got an error message concerning Norton Antivirus, that said something to the effect of "this program isn't working and your computer is unprotected, restart your computer now". (I restarted, and didn't get the error message again. Presumably it's fine now?)
Those were the only two hiccups.
Thanks again, and I'll await further instructions!
- ERE
PS - Perhaps it's worth noting that IE is still non-functional. (But I'm learning to love Firefox.)
Hi Ere
Firefox is a good browser. Most exploits are crafted to take advantage of an IE weakness so it's a good idea to use Firefox for your normal browsing and IE only when required.
Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager, highlight MyWebSearch and click delete
Install IE Tab for Firefox.
Go to Kaspersky Online Scanner . Right-click anywhere on that page and select View in IE Tab and perform a scan.
Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended
Scan Options:Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.
Post the Kaspersky report along with a new HijackThis log
I got the following error message when I tried to install IE Tab:
IE Tab 1.5.20080310 could not be installed because it is not compatible with Firefox 2.0.0.12. (IE Tab 1.5.20080310 will only work with Firefox version from 3.0b3 to 3.0b5pre)
I found Firefox 3.0b4 online - should I go ahead and download that version and then try to install IE Tab?
Thanks!
I downloaded IE Tab, but I'm running into a problem with the Kaspersky online scanner. When I click on the link you included in your previous post, it takes me right to the license agreement. When I try to click "agree", nothing happens. I've tried it over and over, but I can't get past the license agreement. I also tried googling "Kaspersky Online Scanner", and the google result takes me to the same page with the license agreement. (I can't right click on the license agreement page, so I can't open that page in IE Tab.)
ok sorry about that, here's the link to the page before the agreement http://www.kaspersky.com/virusscanner
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
