Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware Shutting Down Network


  • This topic is locked This topic is locked
2 replies to this topic

#1 FashionZombie

FashionZombie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 June 2011 - 09:10 PM

Hello! My name is Jasmine, and I'm posting here to get some help with what I am pretty sure is malware, causing problems with my wireless network. I am using a D-Link card with a Netgear router, and I have had no trouble with it in the last three years, up until the last few days.

Now, whenever the upstairs computer (my personal computer) attempts to connect to the network, the network appears and disappears from the list of available networks every few seconds. For the short time it is connected, everything works fine, but there isn't much I can do in a few seconds, other than load a web page or two. The downstairs computer is directly connected to the router, but it still connects and disconnects from the network whenever I have the wireless connection enabled on the upstairs computer. The same happens with all three personal laptops in the house.

I had noticed that just before the real problem started, my signal in on the upstairs computer was either low or very low- and this is particularly bad signal for a computer about ten feet away, separated only by one wall and a set of stairs. It had previously been at my boyfriend's house, connected to his network connection, and working fine. This was about three weeks prior to the problem I am describing now.

Also, I went through and deleted a lot of old, unused files and programs while I was going through my computer, looking for the culprit file. I didn't find anything that I thought for sure was the cause, but I did delete approximately 70GB of data from my hard drive. I don't know if this information is relevant in any way, but I thought I would provide it just in case.

Thanks in advance for looking over my problem! Please let me know if there is anything I can do to make the process easier or provide extra information. :)
-Jasmine (FashionZombie)

DDS file:


.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jasmine at 19:24:08 on 2011-06-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1625 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\jasmine\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SystemUpdate] c:\documents and settings\jasmine\my documents\system32\updater.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [EADM] "c:\program files\electronic arts\eadm\eadmui\EADMUI.exe"
uRun: [{5368EE8B-B67E-3DE7-D4B1-D0633A42693F}] "c:\documents and settings\jasmine\application data\imze\igypo.exe"
mRun: [GEST]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
mRun: [DriverCD] D:\Run.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WService] WService.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260031763218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-14 71720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-11 165456]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-12-5 68136]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-1 58600]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2010-4-30 4224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\jasmine\application data\nvidia\hwaccess.sys --> c:\documents and settings\jasmine\application data\nvidia\HWAccess.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva295;XDva295;\??\c:\windows\system32\xdva295.sys --> c:\windows\system32\XDva295.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
.
=============== Created Last 30 ================
.
2011-06-07 15:42:53 -------- d-----w- c:\documents and settings\all users\AdobeTemp
2011-05-26 02:52:42 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-26 02:52:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-26 02:52:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-26 02:52:41 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-09 22:34:33 -------- d-sh--w- c:\documents and settings\all users\application data\DSS
2011-05-09 22:32:47 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-05-09 22:32:47 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-05-09 22:32:47 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-05-09 22:32:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-05-09 22:32:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-05-09 22:32:46 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-05-09 22:32:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-05-09 22:32:45 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
==================== Find3M ====================
.
2011-06-07 23:23:10 16608 ----a-w- c:\windows\gdrv.sys
.
============= FINISH: 19:24:46.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 FashionZombie

FashionZombie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 15 June 2011 - 12:16 AM

I have decided to format my hard drive. The computer was causing problems for not just me but everyone on the wireless connection, so I needed to do something about it as soon as possible. I wanted to let it be known that this thread can be closed.

Thanks, anyway.
-Jasmine

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:27 PM

Posted 15 June 2011 - 05:09 PM

Thanks for posting back to inform us of your decision to reformat and re-install your operating system.

Please take care.

This thread will now be closed.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users