Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, Please Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gary.Simmons

Gary.Simmons

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 August 2010 - 10:13 PM

Windows 7
Dell Vostro 220
----------------------

I have run quite a few scans, both safe mode and not. Including Malwarebytes, kaspersky2011, TDSSKiller, and Avira. They've all had a little luck here and there, however none have actually given me internet again. Device manager shows no problems with drivers, have even uninstalled and reinstalled NIC drivers. Windows however shows absolutely nothing when I open "Network Adapters". When I open network and sharing center, it states that "The dependency service or group failed to start". I've tried going through admin tools, and starting "DHCP Client" service because it wasn't for some reason, but it wouldn't allow me to. I'm obviously not on this computer now, I'm on the laptop. I can however get you a Combofix, or HJT log as needed. Please let me know, I have school coming up in another week and all classes online. Don't want to be programming on the laptop for hours straight. Thanks ahead of time!

============= Here is my log ================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Simmons at 23:08:36.31 on Mon 08/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1383 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Users\Simmons\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-8-9 27648]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-9 167936]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 357096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-6-10 27192]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2010-8-9 35328]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-8-9 19968]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2010-8-9 35328]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-11 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-08-10 03:05:55 0 ----a-w- c:\users\simmons\defogger_reenable
2010-08-10 02:30:50 42 ----a-w- c:\windows\system32\scud.udf
2010-08-10 02:25:46 35328 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2010-08-10 02:25:46 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2010-08-10 02:25:46 19968 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2010-08-10 02:23:38 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-08-10 02:23:38 167936 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-08-10 02:23:38 0 d-----w- c:\program files\Realtek
2010-08-10 02:23:06 0 d-----w- C:\dell
2010-08-10 01:09:47 1890 ----a-w- c:\windows\diagwrn.xml
2010-08-10 01:09:47 1890 ----a-w- c:\windows\diagerr.xml
2010-08-10 01:07:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-10 01:07:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-10 01:06:46 0 d-----w- c:\program files\Kaspersky Lab
2010-08-10 01:02:44 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-10 00:36:13 0 d-----w- C:\SDFix
2010-08-10 00:34:56 0 d-----w- c:\programdata\Hitman Pro
2010-08-10 00:34:54 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-09 18:30:57 180224 ----a-w- c:\windows\Jxiria.exe
2010-08-09 18:30:31 0 d-----w- c:\users\simmons\appdata\roaming\1306BC4BFB3F584B4EDAD7282E40CFB5
2010-08-02 00:08:05 0 d-----w- C:\RemodelCOST Estimator
2010-08-02 00:07:32 0 d-----w- c:\windows\Downloaded Installations
2010-07-28 21:50:04 0 d-----w- c:\program files\StarCraft II
2010-07-24 01:09:47 0 d-----w- c:\users\simmons\dsc
2010-07-23 23:58:42 0 d-----w- c:\users\simmons\vw
2010-07-23 23:58:42 0 d-----w- c:\users\simmons\eMailTrackerPro
2010-07-23 23:58:39 37 ----a-w- c:\users\simmons\eMailTrackerPro-Path
2010-07-23 23:58:36 0 d-----w- c:\program files\eMailTrackerPro 2009
2010-07-23 23:34:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-12 20:38:16 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-12 01:33:24 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-12 01:23:18 0 d-----w- c:\programdata\Blizzard
2010-07-11 21:32:27 0 d-----w- c:\users\simmons\StarCraft II Beta enUS 13891 Installer
2010-07-11 21:32:16 0 d-----w- c:\program files\common files\Blizzard Entertainment

==================== Find3M ====================

2010-08-09 20:23:19 16896 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2010-07-30 22:06:32 87608 ----a-w- c:\users\simmons\appdata\roaming\inst.exe
2010-07-30 22:06:32 47360 ----a-w- c:\users\simmons\appdata\roaming\pcouffin.sys
2010-07-02 01:35:12 228024 ----a-w- c:\windows\system32\klogon.dll
2010-06-14 15:48:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-12 17:56:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-12 03:18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-12 02:30:00 1594558 ----a-w- c:\windows\WANEUninstaller.exe
2010-05-27 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:09:04.67 ===============


BC AdBot (Login to Remove)

 


#2 Gary.Simmons

Gary.Simmons
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 August 2010 - 03:12 PM

Don't bother, couldn't sit around waiting in hopes that someone will see my request. I've seen at least 10 posts after mine that have gotten at least 5 replies from you guys, so I've taken into consideration that I've simply been overlooked at this point because I've had not the slightest of responses from anyone. I've since done a complete system restore, and found what the problems were; I however don't feel I should enlighten you as to what they were because... well... you were no help to me. Thanks nonetheless. Hope if I have future problems that they might be taken into consideration a bit more hastily.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 10 August 2010 - 04:28 PM

At present there are over 400 unanswered topics in this forum stretching back well over a week, whereas you could not even wait 24 hours. Remember that the people who assist here are all volunteers.

Topic closed.

Edited by Budapest, 10 August 2010 - 04:54 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users