Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet not working after malware removal. Please help, I'm desperate!


  • This topic is locked This topic is locked
2 replies to this topic

#1 AStruppa

AStruppa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 04 September 2009 - 11:47 PM

Hi all, let me first introduce myself. My name is Andrew.

Here is my current situation: The other day while on my computer, I started receiving messages I've never received before. I kept receiving popups on my desktop saying that threats had been detected and then proceeded to perform a fake system scan. The "dialog box" said something like 'PC AntiSpyware 2010'. I also had the little red circle with the white X in my system tray. Anytime you'd mouse over it, a warning balloon would pop up.

After doing a little research around these forums, I decided the best bet would be to download, update and run MalwareBytes' remover tool. I did a scan, checked all the objects that came up (all 44 of them! OUCH!) and had the program delete them. I then restarted my PC and voila! No sign of the malware at all. Awesome.

Except now my internet doesn't work. Both my wireless adapter tray icon (D-Link DWL-G122) and my wireless network icon are shown as being connected and having excellent signal strength. I even did a ping of google.com using the CMD prompt and it showed no errors in either direction! Weird. It doesn't appear to have anything to do with my network either, as every other computer connected to this network also connects to the internet with no problems at all.

So my question is wtf is going on here!? lol

I'm running out of ideas and would really like to get this resolved ASAP. Any help/advice at all will be greatly appreciated!

Thanks!



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 0:17:03.04 on Sat 09/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1525 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link\airplusg dwl-g122\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199560522828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.47.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\qxdu1pu8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.thepiratebay.org
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\qxdu1pu8.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {450E1A10-86C0-4564-A80D-A93E98B92244} - c:\documents and settings\hp_administrator\local settings\application data\{450E1A10-86C0-4564-A80D-A93E98B92244}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-1-6 14976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-13 24652]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-31 80384]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NAVENG.Sys [2005-5-31 73728]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050309.032\NavEx15.Sys [2005-5-31 631040]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
R3 USB55N51;D-Link AirPlus G DWL-G122 Wireless Driver for Windows XP;c:\windows\system32\drivers\USB55N51.sys [2005-7-28 236928]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 hfsd;Flight Stick driver;c:\windows\system32\drivers\hfsd.sys [2007-12-22 24064]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

============== File Associations ===============

inffile=c:\windows\system32\NOTEPAD.EXE "%1"

=============== Created Last 30 ================

2009-09-02 22:39 450 a------- c:\windows\wininit.ini
2009-09-02 22:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-02 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-01 21:24 <DIR> --d----- c:\program files\Trend Micro
2009-09-01 20:46 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-01 20:45 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-09-01 20:45 <DIR> --ds---- C:\Combo-Fix
2009-09-01 20:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ableton
2009-09-01 20:34 <DIR> --d----- C:\ERDNT(2)
2009-09-01 18:54 <DIR> --d----- C:\Winsock Fix REG Backup
2009-09-01 18:16 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-09-01 18:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-01 18:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-01 18:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 17:50 120 a------- c:\windows\Dcedeteriwed.dat
2009-09-01 17:03 229,376 a------- c:\windows\PEV.exe
2009-09-01 17:03 161,792 a------- c:\windows\SWREG.exe
2009-09-01 17:03 98,816 a------- c:\windows\sed.exe
2009-09-01 16:56 19,975 a------- c:\program files\common files\yrynal.dat
2009-09-01 16:56 18,535 a------- c:\windows\ryni.lib
2009-09-01 16:56 16,518 a------- c:\windows\system32\qysifybu.com
2009-09-01 16:48 29,216 a------- c:\windows\system32\sys32_nov.exe
2009-09-01 16:48 29,216 a------- c:\documents and settings\hp_administrator\sys32_nov.exe
2009-08-30 22:15 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Ableton
2009-08-23 10:29 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-20 13:41 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-20 13:39 <DIR> --d--r-- c:\program files\Skype
2009-08-20 11:07 <DIR> --d----- c:\program files\Fotosizer
2009-08-20 09:45 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\ZoomBrowser EX
2009-08-20 09:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-08-20 09:32 <DIR> --d----- c:\program files\Canon
2009-08-20 09:31 <DIR> --d----- C:\canon_downloads
2009-08-20 09:28 <DIR> --d----- c:\program files\common files\Canon

==================== Find3M ====================

2009-09-01 16:56 18,897 a------- c:\program files\common files\vebovyqab.db
2009-09-01 16:56 16,178 a------- c:\program files\common files\akuvo.db
2009-08-05 17:38 5,874,176 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-08-04 15:01 18,702,336 a------- c:\windows\RTHDCPL.EXE
2009-08-04 14:31 2,170,880 a------- c:\windows\MicCal.exe
2009-06-24 10:43 831,488 a------- c:\windows\RtlExUpd.dll
2009-06-22 17:39 1,482,752 a------- c:\windows\RtlUpd.exe
2009-06-13 12:59 256 a------- c:\documents and settings\hp_administrator\pool.bin
2008-12-28 21:14 40,352 a------- c:\windows\inf\Usbkey.sys
2008-02-20 23:23 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2005-07-28 20:19 236,928 a------- c:\windows\inf\dwl-g122\USB55N51.sys
2005-07-28 20:19 237,056 a------- c:\windows\inf\dwl-g122\USB55N50.sys
2007-12-19 22:18 61 ---sh--- c:\windows\cnerolf.dat
2008-09-14 14:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 0:17:44.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 AStruppa

AStruppa
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 07 September 2009 - 12:08 AM

Mods, please close this thread as I am already receiving help elsewhere.

Thank you and I apologize for the inconvenience.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 September 2009 - 05:26 PM

Thank you for letting us know AStruppa. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users