Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 No Internet in Normal Mode.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rethgif

Rethgif

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 01 February 2011 - 11:45 AM

Possible System Tool 2011 malware infection.
Neither MalwareBytes nor Superantispyware are able to detect nor remove anything.
Tdsskiller also comes up clean.

DDS log below:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Patrick at 9:02:40.69 on Tue 02/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.7042 [GMT -7:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Patrick\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/index.php?lh=03c67207ff667b46ccbc4fd9f70c9970&eu=W_Kz9wlWfSKYy3A8q5aOaA
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-1-28 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-1-28 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-1-28 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys [2010-2-19 466992]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2009-12-26 26624]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-1-28 56880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\System32\drivers\AGUx64.sys [2009-12-26 1077760]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2011-1-31 954368]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2011-02-01 05:47:02 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-01 05:34:30 98816 ----a-w- C:\Windows\sed.exe
2011-02-01 05:34:30 89088 ----a-w- C:\Windows\MBR.exe
2011-02-01 05:34:30 256512 ----a-w- C:\Windows\PEV.exe
2011-02-01 05:34:30 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-01 03:52:46 -------- d-----w- C:\Users\Patrick\DoctorWeb
2011-01-31 16:10:37 692224 ----a-w- C:\Windows\SysWow64\ANIWZCS2.dll
2011-01-31 16:10:37 49152 ----a-w- C:\Windows\SysWow64\JJAKEn.dll
2011-01-31 16:10:37 49152 ----a-w- C:\Windows\SysWow64\AQCKGen.dll
2011-01-31 16:10:37 45115 ----a-w- C:\Windows\SysWow64\ANICtl.dll
2011-01-31 16:10:37 266240 ----a-w- C:\Windows\SysWow64\wnicapi.dll
2011-01-31 16:10:37 262144 ----a-w- C:\Windows\SysWow64\wlanapp.dll
2011-01-31 16:10:37 204800 ----a-w- C:\Windows\SysWow64\aIPH.dll
2011-01-31 16:10:37 1327189 ----a-w- C:\Windows\SysWow64\odSupp_M.dll
2011-01-31 16:10:37 -------- d-----w- C:\Program Files (x86)\ANI
2011-01-31 16:10:11 36864 ----a-w- C:\Windows\SysWow64\ANIOApi.dll
2011-01-31 16:10:11 -------- d-----w- C:\Program Files (x86)\D-Link
2011-01-30 22:41:11 0 ---ha-w- C:\Users\Patrick\BITA29D.tmp
2011-01-30 20:15:41 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Malwarebytes
2011-01-30 20:15:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-30 20:15:34 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-30 20:15:32 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-30 20:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-28 00:04:36 1140850688 --sha-w- C:\NRTPage.sys
2011-01-27 22:29:46 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-01-27 22:29:41 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-01-27 22:24:07 -------- d-----w- C:\PROGRA~3\PCSettings
2011-01-27 22:01:25 -------- d-----w- C:\PROGRA~3\kElNdEf01821
2011-01-26 01:06:53 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2809E914-1EC0-4280-A970-43B64D8753B5}\mpengine.dll
2011-01-11 22:10:55 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 22:10:55 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-11 22:10:55 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-11 22:10:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-11 22:10:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-11 22:10:55 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 22:10:55 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 22:10:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-11 22:10:55 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 22:10:55 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 9:03:01.11 ===============


Thank you for any and all assistance.

Attached Files



BC AdBot (Login to Remove)

 


#2 Rethgif

Rethgif
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 02 February 2011 - 12:09 AM

Computer owner has decided to reformat via recovery partition.

Thank you for your assistance.

Moderator may close this thread.

Regards,
Rethgif

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 02 February 2011 - 04:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users