Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 imxelite

imxelite

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 03 November 2010 - 10:19 AM

Hi,

I was somehow infected by malware that is restricting my use of wifi network. Whenever I try to connect to the internet using this feature I receive a message asking me to enter my comcast account number. I've called comcast and they insisted this isn't a feature of their system. I have another laptop that connects to the same network using wifi without any programs. Every broswer I try to use forces me to the comcast activation screen asking for the account number. I am able to connect to the internet using a wired connection and don't receive the message. I have noticed that I see a pitch fork on my wifi indicator window now. I've tried searching for a virus or malware that causes this with no luck. I have reformated my computer and the problem still exists. Help please!


DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by IMXELITE at 17:14:47.97 on Wed 11/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2830 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\IMXELITE\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Windows\system32\taskhost.exe
C:\Users\IMXELITE\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\IMXELITE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCZ79N2G\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\coIEPlg.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://c3.prudential.com/dana-cached/sc/JuniperSetupClient.cab
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

============= SERVICES / DRIVERS ===============

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2009-2-9 333864]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0400000.07F\SymDS64.sys [2010-11-3 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0400000.07F\SymEFA64.sys [2010-11-3 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx64.sys [2010-11-3 668720]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0400000.07F\cchpx64.sys [2010-11-3 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2010-11-3 466992]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0400000.07F\Ironx64.sys [2010-11-3 148528]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0400000.07F\symtdiv.sys [2010-11-3 451120]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe [2010-11-3 126392]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

=============== Created Last 30 ================

2010-11-03 21:01:35 -------- d-----w- C:\Users\IMXELITE\AppData\Roaming\Juniper Networks
2010-11-03 21:00:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-03 20:59:26 -------- d-sh--w- C:\Windows\Installer
2010-11-03 20:54:56 -------- d-----w- C:\Windows\System32\drivers\N360x64\0400000.07F
2010-11-03 20:54:56 -------- d-----w- C:\Windows\System32\drivers\N360x64
2010-11-03 20:54:55 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2010-11-03 20:54:41 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-11-03 20:54:41 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-11-03 20:52:44 -------- d-----w- C:\PROGRA~3\Norton
2010-11-03 18:20:31 -------- d-----w- C:\Windows\Panther
2010-11-03 18:13:29 -------- d-----w- C:\Windows.old
2010-11-03 17:14:32 -------- d-sh--w- C:\Boot
2010-11-03 15:15:31 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-03 15:15:31 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-03 15:15:31 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-03 15:15:31 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-03 15:15:31 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-03 15:15:31 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-03 15:15:31 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-03 15:15:31 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-03 15:15:31 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-03 15:15:31 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-03 15:11:00 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B74881ED-A072-46CF-A385-1A88E76CD05B}\mpengine.dll
2010-11-03 15:11:00 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-03 15:08:38 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-03 15:08:38 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-11-03 15:08:08 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-03 15:08:08 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-03 15:03:04 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-03 14:59:08 -------- d-----w- C:\Users\IMXELITE\AppData\Local\Diagnostics
2010-11-03 14:50:50 -------- d-----w- C:\Users\IMXELITE\AppData\Local\SupportSoft
2010-11-03 14:50:50 -------- d-----w- C:\Program Files (x86)\support.com
2010-11-03 14:50:48 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2010-11-03 14:32:14 -------- d-sh--w- C:\Recovery

==================== Find3M ====================

2010-11-03 20:55:21 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 17:15:36.91 ===============

Attached Files


Edited by imxelite, 03 November 2010 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 imxelite

imxelite
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 03 November 2010 - 05:13 PM

Can you please close this topic I figured out the issue. It was a problem at the ISP level and it has been corrected.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 AM

Posted 04 November 2010 - 01:26 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users