Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I recently ran combofix to remove malware from my laptop. It appears to have done that successfully but now my touchpad is unresponsive and I cannot connect to the internet. Thanks for any help/ insight. I wasnt able to post the entire combofix log because of the character limit so i cut out the lines beginning with S1 (like this one S1 c462d252.sys;c462d252.sys;\??\c:\windows\System32\drivers\c462d252.sys --> c:\windows\System32\drivers\c462d252.sys [?])

ComboFix 09-08-08.02 - Brooks 08/08/2009 23:39.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.287 [GMT -7:00]
Running from: c:\documents and settings\Brooks\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gjkmp.bak2
c:\windows\system32\gjkmp.tmp
.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\postgres\Local Settings\Application Data\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\postgres\AppData\Local\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\NetworkService\AppData\Local\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\LocalService\AppData\Local\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\Brooks\Local Settings\Application Data\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\Brooks\AppData\Local\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\temp
2009-08-09 06:51 . 2009-08-09 06:51 -------- d-----w- c:\documents and settings\Administrator\AppData\Local\temp
2009-08-09 05:35 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\postgres\AppData
2009-08-09 05:35 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\NetworkService\AppData
2009-08-09 05:35 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\LocalService\AppData
2009-08-09 05:35 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\Brooks\AppData
2009-08-09 05:35 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\Administrator\AppData
2009-08-09 03:18 . 2009-08-09 03:18 16 ----a-w- c:\windows\system32\drivers\US0.sys
2009-08-09 03:15 . 2009-08-09 03:15 16 ----a-w- c:\windows\system32\drivers\????????????????.sys
2009-08-09 03:04 . 2009-08-09 03:53 16 ----a-w- c:\windows\system32\drivers\?????????????????.sys
2009-08-09 03:02 . 2009-08-09 03:02 16 ----a-w- c:\windows\system32\drivers\assets.espn.go.c.sys
2009-08-09 02:58 . 2009-08-09 03:45 16 ----a-w- c:\windows\system32\drivers\.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 04:41 . 2005-09-15 15:28 5792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-08-09 04:39 . 2005-09-15 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-08-09 04:34 . 2005-09-15 16:04 -------- d-----w- c:\program files\McAfee.com
2009-08-09 04:02 . 2008-07-27 21:06 -------- d-----w- c:\program files\Google
2009-08-08 20:25 . 2006-07-07 17:26 -------- d-----w- c:\program files\Full Tilt Poker
2009-08-06 07:13 . 2005-09-25 20:50 42606 ----a-w- c:\documents and settings\Brooks\Application Data\wklnhst.dat
2009-07-31 06:56 . 2009-02-26 03:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 09:10 . 2008-08-14 23:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 01:48 . 2005-09-15 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 18:52 . 2009-06-22 18:52 1878984 ----a-w- c:\documents and settings\Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-19 03:44 . 2006-07-07 08:03 -------- d-----w- c:\program files\PokerStars
2009-06-16 14:36 . 2008-08-09 01:07 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-08-09 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-08-09 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll
2006-10-04 06:48 . 2006-10-04 06:48 534112 ----a-w- c:\program files\psa30se_ytb612_a708_DLM_en_us.exe
2005-09-27 19:35 . 2005-09-27 19:35 251 ----a-w- c:\program files\wt3d.ini
2009-03-12 04:20 . 2006-02-13 20:18 56 --sh--r- c:\windows\system32\444EE46A4D.sys
2009-03-12 04:20 . 2006-03-20 00:57 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 03:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[7] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 3E81C4B57E1A1FB18B82ACA9AC6EBD3C c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((( [email protected]_05.20.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 05:51 . 2009-08-09 05:51 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2005-09-15 15:34 . 2005-09-15 15:34 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-30 67128]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-11 1481968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"POEngine"="c:\program files\PokerOffice\POEngine.exe" [2007-02-22 475136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-06 180269]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"UMonit"="c:\windows\system32\umonit.exe" [2003-08-21 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 148888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-15 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-15 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-4-30 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 21:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147662868\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147662868\\ee\\aim6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
S1 00250e15.sys;00250e15.sys;\??\c:\windows\System32\drivers\00250e15.sys --> c:\windows\System32\drivers\00250e15.sys [?]
S1 00510e41.sys;00510e41.sys;\??\c:\windows\System32\drivers\00510e41.sys --> c:\windows\System32\drivers\00510e41.sys [?]
S1 00570e47.sys;00570e47.sys;\??\c:\windows\System32\drivers\00570e47.sys --> c:\windows\System32\drivers\00570e47.sys [?]

S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [8/16/2006 9:19 PM 6016]
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [9/24/2005 8:42 AM 1438080]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = 198.83.124.250:8080
IE: { - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Brooks\Application Data\Mozilla\Firefox\Profiles\ge6tjkd8.default\
FF - prefs.js: browser.startup.homepage - google.com/ig
FF - prefs.js: network.proxy.http - 198.83.125.250
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 23:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?413c&Pid_8?????3a11&M??????3?C?USB\RO8???UB?0???????????????????????????w????????????tq ?l??????|p??|????m??|C??w??????????3?B$?|???w???w*?,???3????????????????????????????????w????????????tq ?????T????? ?????tq ???????&????
scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-08-09 23:56
ComboFix-quarantined-files.txt 2009-08-09 06:55
ComboFix2.txt 2009-08-09 05:34
Pre-Run: 74,180,698,112 bytes free
Post-Run: 74,126,864,384 bytes free
2089 --- E O F --- 2009-07-31 06:56
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
quick update. I was able to fix the touchpad by uninstalling and then reinstalling the alps touchpad device. Everything appears to be back to normal with the exception of the wireless connection which is constantly searching for wireless networks, connecting, and then searching again. When I try to find an ip address via ipconfig command prompt it reads 0.0.0.0 and the media state is listed as media disconnected
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top