Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware has affected my NICs?


  • This topic is locked This topic is locked
1 reply to this topic

#1 Up_d8

Up_d8

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 April 2010 - 05:53 PM

I probably posted in the wrong area but I was trying to fix a friend's laptop that had been afflicted with many types of malware. Once it looked like all had been removed, I was trying to get the computer online only to find that the network cards kept showing up with a yellow exclamation point in device manager under Unknown. My friend doesn't have the recovery discs so I'm trying to fix it without them, but if it turns out that it cannot be solved, I will order them for her. Also the computer is running windows xp with sp3. I'm including the dds and gmer log as well as a screenshot of device manager & ipconfig.


DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 14:08:32.32 on Sat 04/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.306 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-130\AirNCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mspaint.exe
F:\Antivirus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bellsouth.com/index.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N DWA-130] c:\program files\d-link\dwa-130\AirNCFG.exe
mRunOnce: [OOBEDDDemise] cmd /x /c erase c:\windows\system32\oobe\msoobe.exe
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nzChcxCVU
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-10 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-10 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-4-10 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-10 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-10 116784]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-4-9 143360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-4-10 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-9 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-8-8 200576]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100402.001\IDSXpx86.sys [2010-4-10 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100410.004\naveng.sys [2010-4-10 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100410.004\navex15.sys [2010-4-10 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 eWossUpdaterService;eWoss Toolbar Updater;c:\program files\ewoss toolbar\eWossToolbarUpdaterService.exe [2008-8-28 20480]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-8 30192]
S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [2010-4-9 439680]

=============== Created Last 30 ================

2010-04-10 16:54:03 0 d-sha-r- C:\cmdcons
2010-04-10 16:51:10 77312 ----a-w- c:\windows\MBR.exe
2010-04-10 16:51:10 261632 ----a-w- c:\windows\PEV.exe
2010-04-10 16:46:07 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-04-10 16:40:47 0 d-----w- c:\program files\CCleaner
2010-04-10 16:24:54 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-04-10 02:26:21 0 d-----w- c:\windows\network diagnostic
2010-04-10 02:24:07 19569 ----a-w- c:\windows\003043_.tmp
2010-04-10 02:20:49 0 d-----w- c:\windows\EHome
2010-04-10 01:44:26 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-04-10 01:40:09 0 dc-h--w- c:\windows\ie8
2010-04-09 14:49:12 98816 ----a-w- c:\windows\sed.exe
2010-04-09 14:49:12 161792 ----a-w- c:\windows\SWREG.exe
2010-04-09 09:16:50 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME
2010-04-09 08:08:32 143360 ----a-w- c:\windows\system32\ANIWConnService.exe
2010-04-09 08:08:11 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-04-09 08:08:10 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-04-09 08:08:10 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-04-09 08:08:09 262144 ----a-w- c:\windows\system32\wnicapi.dll
2010-04-09 08:08:09 262144 ----a-w- c:\windows\system32\wlanapp.dll
2010-04-09 08:08:09 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-04-09 08:08:09 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-04-09 08:08:08 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-04-09 08:07:45 28195 ----a-w- c:\windows\system32\ANIO.sys
2010-04-09 08:07:45 16997 ----a-w- c:\windows\system32\ANIO.VXD
2010-04-09 08:07:44 48128 ----a-w- c:\windows\system32\ANIO64.sys
2010-04-09 08:07:44 11904 ----a-w- c:\windows\system32\anio4.sys
2010-04-09 08:07:44 0 d-----w- c:\program files\ANI
2010-04-09 08:07:27 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-04-09 08:07:26 385024 ----a-w- c:\windows\system32\ANIOWPS.dll
2010-04-09 08:07:26 233472 ----a-w- c:\windows\system32\ANIWPS.exe
2010-04-09 08:07:26 1089536 ----a-w- c:\windows\system32\libeay32.dll
2010-04-09 08:07:25 303104 ----a-w- c:\windows\system32\ANIOApi.dll
2010-04-09 08:06:58 439680 ----a-w- c:\windows\system32\drivers\RTL8192u.sys
2010-04-09 08:06:57 0 d-----w- c:\program files\D-Link
2010-04-09 07:46:29 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-09 07:44:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-09 07:44:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-09 07:44:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-09 07:44:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-09 07:44:17 0 d-----w- c:\program files\Symantec
2010-04-09 07:44:17 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-09 07:43:33 0 d-----w- C:\BCM_REL_4_100_15_5_WHQL
2010-04-09 07:41:47 0 d-----w- c:\windows\system32\drivers\NIS
2010-04-09 07:41:18 0 d-----w- c:\program files\Norton Internet Security
2010-04-09 07:41:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-09 07:34:32 0 d-----w- c:\program files\NortonInstaller
2010-04-09 07:34:32 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-04-08 02:12:14 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-04-08 02:12:11 0 d-----w- c:\program files\IObit
2010-04-08 02:11:03 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-08 02:10:45 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-08 01:58:31 0 d-----w- C:\cabs
2010-04-01 10:21:16 0 ----a-w- c:\windows\Qjajofaxacu.bin
2010-04-01 10:21:15 120 ----a-w- c:\windows\Igodi.dat
2010-04-01 10:18:58 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SGPILD

==================== Find3M ====================

2010-04-10 04:02:38 23552 ----a-w- c:\windows\system32\drivers\ABP480N5.SYS
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 17:36:14 145367 ----a-w- c:\windows\hpoins21.dat
2010-02-08 00:18:30 39224 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2010-01-02 10:15:47 82944 --sha-w- c:\windows\system32\pujawume.exe
2010-01-01 10:15:24 201728 --sha-w- c:\windows\system32\vosemuji.exe

============= FINISH: 14:10:04.04 ===============

EDIT: Moved from XP to appropriate malware forum ~ Hamluis.

Attached Files


Edited by hamluis, 10 April 2010 - 06:21 PM.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:36 AM

Posted 10 April 2010 - 06:22 PM

I see that your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users