infections causing porblems

Computing.Net > Forums > Security and Virus > infections causing porblems

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

infections causing porblems

Name: jennielk
Date: November 8, 2007 at 12:36:24 Pacific
OS: WinXP SP2
CPU/Ram: Pentium 4, 2.8 GHz
Product: dell dimension e310

Comment:

I am now unable to open the internet through IE. I had Firefox on my computer and that is now gone. Outlook will open the inbox if I open in a new window, My Computer will not open any of the directories now. I previously was using Active Virus Shield, then started having problems with internet and ordered Norton. In the meantime downloaded the free version of AVG. I ran Spybot, Ad Aware, Spy Dr and found a lot of malware. I was able to open links from web pages only if I opened them in a new window and cannot do anything that is through a submit button, hence am doing this from my home computer. Many things were removed and SpyDr showed vundomonde. I downloaded vundofix and no files showed up. Now I am afraid to turn the computer on. I have run several different programs that I downloaded from download.net and the last thing I did was run ComboFix and save the log and then Hijack This and save that log and emailed them to myself at my home computer. If you can assist me it would be greatly appreciated. Anything from the internet I will have to burn to a cd here I think and take it to my studio computer at another location. Thank you in advance for any help you might be able to offer.
Jennie

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: November 8, 2007 at 12:54:33 Pacific

Reply:

Post the Hijack This and Combofix logs please.

Response Number 2

Name: jennieklk
Date: November 8, 2007 at 13:42:12 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:34:53 AM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu14\AOL_security_toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8043 bytes

ComboFix 07-11-08.1 - Owner 2007-11-08 9:21:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.523 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-08 09:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 09:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-08 09:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-08 09:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-08 09:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 09:11 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 09:26 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-11-06 09:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2007-11-06 09:10 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-06 08:47 <DIR> d-------- C:\VundoFix Backups
2007-11-05 17:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-05 17:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-11-05 17:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-05 17:15 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-05 17:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-05 17:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-05 17:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-05 17:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-05 16:10 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-05 14:19 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-11-05 14:18 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-11-05 14:16 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 14:16 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-05 13:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-05 11:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-11-05 11:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-05 10:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-05 09:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-05 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-05 08:58 <DIR> d-------- C:\Program Files\Adaware
2007-11-05 08:43 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-05 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 14:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-05 20:00 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 20:00 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 20:00 --------- d-----w C:\Program Files\Symantec
2007-11-05 19:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2007-10-05 15:32 --------- d-----w C:\Program Files\Summitsoft
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-29 19:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-23 23:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-05 14:19 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]
[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]
[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-04-05 14:22]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-04-05 14:19]
"Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2005-04-05 14:23]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 13:36]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-06 09:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Sonic RecordNow!"="" []
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-07-06 12:07:48]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-31 15:23:40]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-04-19 21:26:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S1 UdfReadr;UdfReadr;C:\WINDOWS\system32\drivers\UdfReadr.sys
S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 19:33:15 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 09:24:52
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 9:26:09
.
--- E O F ---

Response Number 3

Name: jabuck
Date: November 9, 2007 at 06:20:12 Pacific

Reply:

Sorry for the delay, I don't see any baddies in the logs.
The following iis the microsoft procedure for reseting the winsocks and the Internet Protocol.
You should be able to restart the computer for thew second time after step #5
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
4. When you are prompted to confirm the deletion, click Yes.
Note Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.
Step 2: Install TCP/IP
1. Right-click the network connection, and then click Properties.
2. Click Install.
3. Click Protocol, and then click Add.
4. Click Have Disk.
5. Type C:\Windows\inf, and then click OK.
6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.
If Internet Protocol (TCP/IP) does not appear, follow these steps:a. Click Start, and then click Search.
b. In the Search Companion pane, click More advanced options.
c. Click to select the following three check boxes:• Search system folders
• Search hidden files and folders
• Search subfolders

d. In the All or part of the file name box, type nettcpip.inf, and then click Search.
e. In the results pane, right-click Nettcpip.inf, and then click Install.

7. Restart the computer.

Response Number 4

Name: jennielk
Date: November 9, 2007 at 07:46:41 Pacific

Reply:

Thanks for your reply. Before I do that I should tell you that I did some research (in my panic last night)and used Castlecops web site to look at some of the HJT log. I had HJT fix the below items and things seem to be running fine now. I also downloaded and ran Kaspersky scan which didn't find anything in critical areas and is now running on the whole computer. I thought it best to let you know what I did before I proceed....
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
(from castelecops--Malware, detected as Troj/BHO-DC - NOTE: The CLSID in question is ALSO used by the Google Toolbar, although NOT for the BHO but for the Toolbar itself, see here)

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu14\AOL_security_toolbar.dll (because I don't use AOL or anything related to it)

Jennie

Response Number 5

Name: jabuck
Date: November 9, 2007 at 08:20:43 Pacific

Reply:

Thanks for the follow up. No need to reset the winsocks.

powerreg scheduler Andrea ST Filters Service Windows Sidebar	quickbooks 2004 restore symantec network security intermediate filter driver symantec network security intermediate filter driver
See More

Response Number 6

Name: jennielk
Date: November 9, 2007 at 10:13:21 Pacific

Reply:

Thank you so much, this web site has proven to be invaluable to me!
Jennie

Sponsored Link

Ads by Google

mgg.exe virus

computer chaos

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: infections causing porblems

Close Ports

Summary

www.computing.net/answers/security/close-ports/4583.html

Losing faith in every AV!

Summary

www.computing.net/answers/security/losing-faith-in-every-av/3795.html

Trojan Clicker?

Summary

www.computing.net/answers/security/trojan-clicker/19979.html

From the Geek Dictionary
Noob - Anyone who has to read a geek dictionary to know what a term means..

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Using wireless card

Monitor turnoff

disappearing Spider rummy

Links won't open

cut question

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE