The log of what MBAM deleted is here:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/11/2011 9:24:10 AM
mbam-log-2011-02-11 (09-24-10).txt
Scan type: Full scan (C:\|)
Objects scanned: 806672
Time elapsed: 10 hour(s), 58 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VRZJ8K91NT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{0ede882f-f77c-471a-87a1-8bcdc29f3a36}\RP487\A0073155.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
I checked to make sure that I wasn't set to connect to a proxy server, and I tried some other things that I have basic knowledge of to repair the problem but to no avail. I also tried to repair the problem with a system restore, but no such luck in re-establishing a fully-functional internet connection. I then ran a Windows XP Networks Diagnostics check, but didn't save the first log. So I just ran another one and copied the log. The log is here:
Last diagnostic run time: 02/14/11 12:26:20 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12002 connecting to www.hotmail.com: The operation timed out
warn HTTPS: Error 12002 connecting to www.passport.net: The operation timed out
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
info Redirecting user to support call
DNS Client Diagnostic
DNS - Not a home user scenario
info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers
DNS failure
Gateway Diagnostic
Gateway
info The following proxy configuration is being used by IE: Automatically Detect Settings:Enabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info Could not get proxy settings via the Automatic Proxy Configuration mechanism
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.100
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
warn The default gateway address could not be resolved via ARP
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.100
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 65.55.12.249 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK
IP Layer Diagnostic
Corrupted IP routing table
info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries
action The ARP cache has been flushed
IP Configuration Diagnostic
Invalid IP address
info Valid IP address detected: 192.168.1.100
Wireless Diagnostic
Wireless - Service disabled
Wireless - User SSID
Wireless - First time setup
Wireless - Radio off
Wireless - Out of range
Wireless - Hardware issue
Wireless - Novice user
Wireless - Ad-hoc network
Wireless - Less preferred
Wireless - 802.1x enabled
Wireless - Configuration mismatch
Wireless - Low SNR
WinSock Diagnostic
WinSock status
info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.
Network Adapter Diagnostic
Network location detection
info Using home Internet connection
Network adapter identification
info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status
info Network connection status: Connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
I also took a screen shot of the Network Diagnostics window at the completion of the scan as it stated things of which I have no understanding of. Picture here:
I then tried ComboFix at the recommendation of a friend and that log is here:
ComboFix 11-02-13.04 - Jamie 02/14/2011 10:36:45.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.261 [GMT -5:00]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.
2011-02-11 16:38 . 2011-02-11 16:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-11 16:35 . 2011-02-11 16:35 -------- d-----w- c:\program files\Security Task Manager
2011-01-25 18:45 . 2011-01-25 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2011-01-25 18:40 . 2011-01-25 18:41 -------- d-----w- c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\Temp
2011-01-25 18:40 . 2011-01-25 18:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 12:55 . 2009-04-23 22:33 385024 ----a-w- c:\windows\system32\html.iec
2010-11-18 18:12 . 2009-04-20 21:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-02-28 23:39 . 2010-02-28 23:14 1228288 -c--a-w- c:\program files\ADBEILSTCS4_LS1.exe
2009-05-13 00:08 . 2009-05-13 00:07 7526856 -c--a-w- c:\program files\Firefox Setup 3.0.10.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-12-27_06.19.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_74c.dat
+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_648.dat
+ 2010-08-13 16:33 . 2010-12-27 06:31 97859 c:\windows\system32\drivers\klick.dat
+ 2011-01-25 18:40 . 2011-01-25 18:40 21504 c:\windows\Installer\4174b6c3.msi
+ 2011-01-25 18:42 . 2011-01-25 18:42 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-01-12 11:46 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2002-08-29 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet(3).dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 438272 c:\windows\system32\shimgvw(2).dll
+ 2010-01-26 05:05 . 2011-02-11 16:40 651052 c:\windows\system32\Restore\rstrlog.dat
- 2002-08-29 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2002-08-29 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
+ 2002-08-29 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos(3).dll
+ 2010-08-13 16:33 . 2010-12-27 06:31 114243 c:\windows\system32\drivers\klin.dat
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2009-04-14 22:07 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2002-08-29 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd(3).dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-12 11:46 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-12 11:46 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2002-08-29 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon(3).dll
+ 2002-08-29 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32(3).dll
+ 2009-04-20 16:38 . 2011-02-11 16:41 2010696 c:\windows\system32\FNTCACHE.DAT
- 2009-04-20 16:38 . 2010-12-15 08:41 2010696 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-05 15:50 . 2011-01-12 11:46 37403080 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-09 340520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-29 07:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 1:40 PM 136176]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/21/2009 3:34 PM 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &SHOUTcast Search - c:\documents and settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: sprint.com\mysprint
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-11994.cab
FF - ProfilePath - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Application Data\Mozilla\Firefox\Profiles\swpg81rz.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {12AF9789-BCF4-4495-BAA6-26AC23D076E0} - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\{12AF9789-BCF4-4495-BAA6-26AC23D076E0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 10:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-02-14 10:54:18
ComboFix-quarantined-files.txt 2011-02-14 15:54
ComboFix2.txt 2010-12-27 06:22
ComboFix3.txt 2010-12-13 22:08
ComboFix4.txt 2010-11-29 20:48
ComboFix5.txt 2011-02-14 15:31
Pre-Run: 1,536,020,480 bytes free
Post-Run: 1,756,291,072 bytes free
- - End Of File - - 63948A44CA2889B94621C999E450895B
After that I ran ComboFix again with this;
FCopy::
C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
I saved it as CFScript.txt and dragged it into ComboFix which caused CF to reboot again. That log is here:
ComboFix 11-02-13.04 - Jamie 02/14/2011 11:17:38.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.209 [GMT -5:00]
Running from: c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.
2011-02-11 16:38 . 2011-02-11 16:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-11 16:35 . 2011-02-11 16:35 -------- d-----w- c:\program files\Security Task Manager
2011-01-25 18:45 . 2011-01-25 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2011-01-25 18:40 . 2011-01-25 18:41 -------- d-----w- c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\Temp
2011-01-25 18:40 . 2011-01-25 18:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 12:55 . 2009-04-23 22:33 385024 ----a-w- c:\windows\system32\html.iec
2010-11-18 18:12 . 2009-04-20 21:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-02-28 23:39 . 2010-02-28 23:14 1228288 -c--a-w- c:\program files\ADBEILSTCS4_LS1.exe
2009-05-13 00:08 . 2009-05-13 00:07 7526856 -c--a-w- c:\program files\Firefox Setup 3.0.10.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-12-27_06.19.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_74c.dat
+ 2011-02-11 17:14 . 2011-02-11 17:14 16384 c:\windows\temp\Perflib_Perfdata_648.dat
+ 2010-08-13 16:33 . 2010-12-27 06:31 97859 c:\windows\system32\drivers\klick.dat
+ 2011-01-25 18:40 . 2011-01-25 18:40 21504 c:\windows\Installer\4174b6c3.msi
+ 2011-01-25 18:42 . 2011-01-25 18:42 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-01-12 11:46 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2002-08-29 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet(3).dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 438272 c:\windows\system32\shimgvw(2).dll
+ 2010-01-26 05:05 . 2011-02-11 16:40 651052 c:\windows\system32\Restore\rstrlog.dat
- 2002-08-29 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2002-08-29 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
+ 2002-08-29 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos(3).dll
+ 2010-08-13 16:33 . 2010-12-27 06:31 114243 c:\windows\system32\drivers\klin.dat
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2002-08-29 12:00 . 2008-04-13 19:21 162816 c:\windows\system32\dllcache\netbt.sys
+ 2009-04-14 22:07 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2009-04-14 22:07 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-04-14 22:07 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2009-04-14 22:07 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2002-08-29 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd(3).dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-12 11:46 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-12 11:46 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-12 11:46 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 11:46 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 11:46 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2002-08-29 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon(3).dll
+ 2002-08-29 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32(3).dll
+ 2009-04-20 16:38 . 2011-02-11 16:41 2010696 c:\windows\system32\FNTCACHE.DAT
- 2009-04-20 16:38 . 2010-12-15 08:41 2010696 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-05 15:50 . 2011-01-12 11:46 37403080 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-09 340520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-29 07:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2011 1:40 PM 136176]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/21/2009 3:34 PM 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &SHOUTcast Search - c:\documents and settings\All Users.WINDOWS\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: sprint.com\mysprint
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-11994.cab
FF - ProfilePath - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Application Data\Mozilla\Firefox\Profiles\swpg81rz.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {12AF9789-BCF4-4495-BAA6-26AC23D076E0} - c:\documents and settings\Jamie.JAMIE-J7B6FZLLT\Local Settings\Application Data\{12AF9789-BCF4-4495-BAA6-26AC23D076E0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 11:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2011-02-14 11:33:40
ComboFix-quarantined-files.txt 2011-02-14 16:33
ComboFix2.txt 2011-02-14 15:54
ComboFix3.txt 2010-12-27 06:22
ComboFix4.txt 2010-12-13 22:08
ComboFix5.txt 2011-02-14 16:16
Pre-Run: 1,759,457,280 bytes free
Post-Run: 1,748,299,776 bytes free
- - End Of File - - C6E7FB35EA683E6FC73CACF3EC9BD27B
After that I ran an IPCONFIG, log is here:
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Jamie.JAMIE-J7B6FZLLT>IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : jamie-j7b6fzllt
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.ct.comcast.net.
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-07-E9-71-AD-89
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.71.230
68.87.73.246
Lease Obtained. . . . . . . . . . : Monday, February 14, 2011 11:40:33 A
M
Lease Expires . . . . . . . . . . : Tuesday, February 15, 2011 11:40:33
AM
And finally I pinged Google.com and the log of that is here:
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Jamie.JAMIE-J7B6FZLLT>ping google.com
Pinging google.com [74.125.226.113] with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 74.125.226.113: bytes=32 time=25ms TTL=52
Reply from 74.125.226.113: bytes=32 time=25ms TTL=52
Ping statistics for 74.125.226.113:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms
I also just ran WinsockxpFix, but that didn't help either.
On certain forums I was on trying to find info on repairing my problem, all these different steps were recommended which is why I did all these scans and such. I figured the more info I had available to someone helping me with this dilemna, the better off I'd be. I am by no means a computer whiz, and don't understand 3/4 of what is contained in all these logs. But hopefully someone here can help me out...
Thank you very much for any assistance,
Jamie