SteveC63

Honorary Members
  • Content count

    56
  • Joined

  • Last visited

About SteveC63

  • Rank
    Regular Member
  1. Woot! First post from my own computer! Malwarebytes full version installed just fine, now I'm slogging through all the updates and whatnot to get back to 'normal.' Thanks again for all your help!
  2. I couldn't have done it without you, thanks for all your help. I'll perform all the follow-up steps you list. I updated Malwarebytes, first thing. I tried to activate the free trial, but got an error message. (I'm at work right now, and I don't remember exactly what the message said.) I plan on buying the full version, so maybe this isn't an issue? Again, thanks for all your help.
  3. Performed a system recovery with my shin new discs. Connectivity is back! I'm getting all the updates installed. Anything else I need to do as follow-up?
  4. I tried the command listed, but I got an error message at the last one: "Essential parameters were not entered" and something about incorrect syntax. It's apparently looking for something along the lines of "reset reset.log" rather than the command as it is above. I also tried the file check. At the end of its scan, it asked for the Windows CD, and it wouldn't take the CD I have. Pro vs Home. I do have the folder you mentioned. I'm making recovery discs now.
  5. I'll try that when I get home. The XP CD that I have is for a different computer. Will it still work for the system file checker?
  6. Actually, about Safe mode with networking - I did try that, but not after the most recent CF scan.
  7. Ok. What's involved in that? I've looked up how to create recovery discs at the HP website. They stash the needed files in a hidden folder. Is it safe to create recovery discs from this data, or could it have been corrupted also? Should I order CD's instead, or go ahead and create my own?
  8. It's an HP Pavilion A1620N.
  9. Yep. Same.
  10. It didn't appear to find anything bad. No "xxx was infected" lines, or anything like that. Still no connectivity.
  11. CF ran fine, but the log results are monstrously huge. The text editor here tells me it's too big and to shorten it. I'm not sure what I can cut out. Should I put it on as an attachment instead? Also, when CF started to scan, I got an error message saying the PEV.EXE encountered a problem and needed to shut down. I just left it alone and let CF finish.
  12. I ran CF again in regular Windows mode. It ran fine, didn't seem to find any more bad stuff. Let me know if you want me to post those results also. Still no connectivity, in either standard or in 'safe with networking' modes.
  13. Got ComboFix to run in safe mode. Looks like it was able to do its thing this time. Scan results: ComboFix 11-10-16.02 - HP_Administrator 10/16/2011 21:10:59.20.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3156 [GMT -7:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\WINDOWS c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe c:\windows\kb913800.exe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\d3d9caps.dat D:\Autorun.inf . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!! c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe . . . is infected!! c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe . . . is infected!! c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe . . . was deleted!! You should re-install the program it pertains to . Infected copy of c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE was found and disinfected Restored copy from - c:\windows\system32\spool\drivers\w32x86\3\E_S40RP7.EXE . c:\windows\system32\FsUsbExService.Exe . . . is infected!! c:\windows\system32\FsUsbExService.Exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe . . . is infected!! c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\iPod\bin\iPodService.exe . . . is infected!! c:\program files\iPod\bin\iPodService.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Java\jre6\bin\jqs.exe . . . is infected!! c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!! c:\program files\Common Files\LightScribe\LSSrvc.exe . . . was deleted!! You should re-install the program it pertains to . c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe . . . is infected!! c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe . . . was deleted!! You should re-install the program it pertains to . . ((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 ))))))))))))))))))))))))))))))) . . 2072-08-01 01:44 . 2004-08-24 22:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll 2011-10-14 19:29 . 2008-06-24 15:52 32384 ----a-r- c:\windows\system32\drivers\ax88772.sys 2011-10-14 19:08 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-10-14 19:08 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-10-14 02:09 . 2011-10-14 02:10 -------- dc-h--w- c:\windows\ie8 2011-10-12 02:16 . 2011-06-29 17:51 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe 2011-10-10 03:54 . 2011-10-10 03:54 -------- d-----w- c:\program files\Support Tools 2011-10-08 19:47 . 2011-10-17 04:10 -------- d-----w- c:\windows\system32\CatRoot2 2011-10-01 04:49 . 2011-10-01 04:49 -------- d-----w- c:\program files\XP TCPIP Repair 2011-10-01 04:49 . 2008-11-13 17:26 616024 ----a-w- c:\windows\system32\COMCTL32.OCX 2011-10-01 02:33 . 2011-10-01 02:33 -------- d-----w- C:\OEMSettings 2011-10-01 02:33 . 2011-10-01 02:33 -------- d-----w- c:\program files\NETGEAR 2011-09-30 05:20 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-30 02:07 . 2011-09-30 02:07 -------- d-----w- c:\program files\CCleaner 2011-09-30 02:00 . 2011-09-30 02:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-09-30 02:00 . 2011-09-30 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-30 02:00 . 2011-10-01 22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-29 22:41 . 2011-09-29 22:41 48016 --sha-w- c:\windows\system32\c_47915.nl_ 2011-09-27 03:28 . 2011-09-27 03:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-09-21 03:41 . 2011-09-03 06:01 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-09-21 03:41 . 2011-09-03 06:01 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-09-21 03:41 . 2011-09-03 06:01 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-09-21 03:41 . 2011-09-03 06:01 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-09-21 03:41 . 2011-09-03 06:01 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-09-21 03:41 . 2011-09-03 06:01 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-09-21 03:41 . 2011-09-02 23:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-09-21 03:41 . 2011-09-02 23:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-25 21:58 . 2011-08-06 02:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-09 09:12 . 2004-08-09 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-04 22:51 . 2009-11-01 21:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-09-03 06:01 . 2011-09-21 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-06-01 143360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] . c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Freecom Personal Media Suite.lnk - c:\program files\Freecom Personal Media Suite\FCPMS.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-6 111376] NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-6 51984] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-12 36903] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-12 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-12 27136] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= . R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [10/11/2011 7:16 PM 112800] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 11:36 AM 133104] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Bots\GameGuard\dump_wmimmc.sys --> c:\program files\Bots\GameGuard\dump_wmimmc.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/12/2009 1:40 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/12/2009 1:40 PM 8456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1/16/2011 11:38 AM 36608] S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 10:59 AM 206072] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 11:36 AM 133104] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [1/27/2011 9:47 PM 163840] . Contents of the 'Scheduled Tasks' folder . 2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 18:36] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 18:36] . 2011-10-17 c:\windows\Tasks\User_Feed_Synchronization-{83B79092-1BCA-4C86-8B4E-AFB0C53E7217}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: hp.com\wimpro2.cce DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\i6290glg.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/guppy/ws/redir?qcat=web&qkw= . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-NPSStartup - (no file) HKLM-Run-PCDrProfiler - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-16 21:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\437a4220] "imagepath"="\??\c:\windows\TEMP\5E18.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1641569665-1972677299-149907755-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFC6EBA8-0FD4-3D59-AC2F-5464E5BF1E30}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oakbfehkijfdlaegbbcnddioihnldj"=hex:64,61,6a,64,61,6f,62,70,00,85 "oaocmbdegmknffhadmekecggddahfa"=hex:6a,61,6b,64,67,6f,69,69,61,65,6c,67,6f,6f, 66,70,61,6c,70,67,00,0f "naibddmlogbnjcanfokladmiofjg"=hex:6a,61,6b,64,67,6f,69,69,61,65,6c,67,6f,6f, 66,70,61,6c,70,67,00,0f . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\MrvGINA.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'Explorer.exe'(2696) c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\hp\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2011-10-16 21:30:58 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-17 04:30 . Pre-Run: 73,466,458,112 bytes free Post-Run: 69,874,794,496 bytes free . - - End Of File - - 7A88BF58EE796A4AF0A6B5E2A93D9812
  14. Correction to my last post. I used an incorrect IP address when pinging my PC. I can ping my wife's Mac from my PC, but I can't ping the PC from the Mac. I can ping the outside world from the Mac, but not the PC.
  15. Home again. Still can't connect to the internet, but I can ping my wife's Mac from my PC, and ping my PC from her Mac. I can't ping from my PC to anything outside my home network.