Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't access internet and system infected?

Started by rjhorn , Sep 26 2009 01:19 PM

  • Please log in to reply

#1
rjhorn
Posted 26 September 2009 - 01:19 PM

rjhorn

    Member

  • Member
  • PipPip
  • 63 posts
I was working online on my desktop...all of a sudden could not browse anything "cannot connect to yahoo...blah blah" then lost connection entirely...will not connect ...cannot download any fixes...on my notebook now..I have a jump drive though...

Edited by rjhorn, 26 September 2009 - 01:21 PM.

  • 0

Advertisements

#2
rjhorn
Posted 26 September 2009 - 01:43 PM

rjhorn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I should also add that I was getting browser redirects before this but was able to fix using other tools...but a little while after doing this I lost the connection...I am also getting errors that read pev.exe and pev.cfxxe errors
  • 0

#3
rjhorn
Posted 26 September 2009 - 02:12 PM

rjhorn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
ComboFix 09-09-25.01 - Nancy 09/26/2009 14:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.239 [GMT -5:00]
Running from: c:\documents and settings\Nancy\Desktop\kahdah.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nancy\Favorites\games.url
c:\windows\Installer\70146.msp
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004264_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_006404_.tmp.dll
c:\windows\system32\_006405_.tmp.dll
c:\windows\system32\_006406_.tmp.dll
c:\windows\system32\_006407_.tmp.dll
c:\windows\system32\_006414_.tmp.dll
c:\windows\system32\_006415_.tmp.dll
c:\windows\system32\_006416_.tmp.dll
c:\windows\system32\_006417_.tmp.dll
c:\windows\system32\_006419_.tmp.dll
c:\windows\system32\_006420_.tmp.dll
c:\windows\system32\_006423_.tmp.dll
c:\windows\system32\_006424_.tmp.dll
c:\windows\system32\_006426_.tmp.dll
c:\windows\system32\_006427_.tmp.dll
c:\windows\system32\_006428_.tmp.dll
c:\windows\system32\_006430_.tmp.dll
c:\windows\system32\_006431_.tmp.dll
c:\windows\system32\_006433_.tmp.dll
c:\windows\system32\_006434_.tmp.dll
c:\windows\system32\_006438_.tmp.dll
c:\windows\system32\_006439_.tmp.dll
c:\windows\system32\_006441_.tmp.dll
c:\windows\system32\_006444_.tmp.dll
c:\windows\system32\_006447_.tmp.dll
c:\windows\system32\_006448_.tmp.dll
c:\windows\system32\_006449_.tmp.dll
c:\windows\system32\_006450_.tmp.dll
c:\windows\system32\_006451_.tmp.dll
c:\windows\system32\_006454_.tmp.dll
c:\windows\system32\_006455_.tmp.dll
c:\windows\system32\_006456_.tmp.dll
c:\windows\system32\_006457_.tmp.dll
c:\windows\system32\_006458_.tmp.dll
c:\windows\system32\_006463_.tmp.dll
c:\windows\system32\_006465_.tmp.dll
c:\windows\system32\_006466_.tmp.dll
c:\windows\system32\drivers\fad.sys

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_MSDIRECTX
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_RDRIV
-------\Legacy_WINDOWS_CONFIGURATION_LOADER
-------\Service_Windows Configuration Loader


((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-26 19:39 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-26 19:39 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-19 02:16 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-19 02:15 . 2009-09-19 02:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-19 02:14 . 2009-09-19 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-16 12:08 . 2009-09-16 12:08 139264 ----a-w- c:\windows\system32\csrss8.dll
2009-08-28 16:05 . 2009-09-17 11:05 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 14:33 . 2004-04-21 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:40 . 2004-04-21 00:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 02:14 . 2004-08-03 01:08 -------- d-----w- c:\program files\Lavasoft
2009-09-17 13:17 . 2009-05-08 23:24 -------- d-----w- c:\program files\Google
2009-09-17 12:54 . 2005-10-22 16:44 -------- d-----w- c:\program files\Yahoo!
2009-09-15 13:21 . 2003-06-15 15:06 90640 -c--a-w- c:\documents and settings\Nancy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 00:54 . 2008-09-11 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 19:54 . 2008-09-11 01:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-09-11 01:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 00:48 . 2005-06-02 01:48 -------- d-----w- c:\program files\Picasa2
2009-08-25 22:13 . 2009-07-18 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 5600-6600 Series
2009-08-09 08:15 . 2009-08-09 08:15 -------- d-----w- c:\program files\MSBuild
2009-08-09 08:15 . 2009-08-09 08:15 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 01:47 . 2009-08-08 01:46 -------- d-----w- c:\documents and settings\Nancy\Application Data\DivX
2009-08-08 00:34 . 2009-08-08 00:31 -------- d-----w- c:\program files\DivX
2009-08-08 00:32 . 2009-08-08 00:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-05 09:01 . 2005-10-05 06:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 12:29 . 2009-07-18 12:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2005-10-05 06:43 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-04 07:56 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2005-08-22 00:38 . 2005-08-22 00:38 2337 -c--a-w- c:\program files\draxx7fo.gif
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-08-04 07:56 . 2007-05-14 00:05 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-05-16 151597]
"MPSExe"="c:\program files\McAfee.com\MPS\mscifapp.exe" [2002-06-12 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-29 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-29 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-29 311976]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-5-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxducoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/18/2009 9:16 PM 64160]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxduserv.exe [4/17/2009 7:43 PM 98984]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [7/18/2009 7:13 AM 410976]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [6/16/2003 9:13 PM 15576]
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: &Search
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
LSP: c:\windows\system32\mclsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nancy\Application Data\Mozilla\Firefox\Profiles\default.8nz\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - sas.ce1.attbb.net
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.gopher - sas.ce1.attbb.net
FF - prefs.js: network.proxy.gopher_port - 8000
FF - prefs.js: network.proxy.http - sas.ce1.attbb.net
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - sas.ce1.attbb.net
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - sas.ce1.attbb.net
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AIM - c:\program files\AIM95\aim.exe
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-mediamotor - c:\windows\unstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 14:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??h???x???????X??? ??? ???????P???? ?w? ?w)??p????????(???m????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\mclsp.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxducoms.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\SYSTEM32\lxducoms.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Lexmark 5600-6600 Series\lxdumsdmon.exe
.
**************************************************************************
.
Completion time: 2009-09-26 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 19:48

Pre-Run: 37,650,223,104 bytes free
Post-Run: 37,555,740,672 bytes free

259 --- E O F --- 2009-09-10 08:08
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP