Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netgear modem router wireless network renamed after thumb drive infection


  • Please log in to reply
5 replies to this topic

#1 rwilles

rwilles

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 22 August 2012 - 11:13 AM

Nasdaq suggested I start a new thread here regarding my Network changes. I was infected by a thumbdrive from a vendor (his system was rebuilt) and have been trying to get back to square one since. The first evidence that there was something wrong, My network was renamed a random 'netgear******' none of my wireless devices could get to the network. I had changed all the default username and passwords before so not sure how an outsider got access. I am 1000 feet from my closest neighbor, so i don't think they had anything to do with it. In the 4 months since the wireless network was renamed there is a new hub between the computer and router that I'm 90% sure wasn't there before and isn't there physically. Instead of being called 'network' as before it is now 'network 3'. Stinger showed I had a 2 MBR files, i tried system restore and Nasdaq has been sheparding since at this topic: http://www.bleepingcomputer.com/forums/topic464272.html

I don't use IE for anything every time I open IE to check the security settings I get the message that 'a program has corrupted the IE search settings, bing will be installed'. The registry changes that changed the network and internet security setting (that show both in minitoolbox and Comodo system cleaner) have me in paranoid mode. I changed the Intranet settings to 'high' and unchecked the 'Automatically detect intranet network' to close off any back-doors (IDK, just tired of this!).

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 22-08-2012 at 10:10:34
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-D7-FB-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6999:31f7:56e9:6086%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2012 8:49:19 AM
Lease Expires . . . . . . . . . . : Thursday, August 23, 2012 8:49:18 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2A-BB-89-B8-AC-6F-D7-FB-24
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{01A25DFA-BF34-4D15-BE9C-4A843556C8F3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1a:939:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::1a:939:3f57:fffd%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 2a00:1450:4013:c00::64
173.194.69.113
173.194.69.139
173.194.69.102
173.194.69.101
173.194.69.138
173.194.69.100


Pinging google.com [74.125.225.33] with 32 bytes of data:
Reply from 74.125.225.33: bytes=32 time=68ms TTL=57
Reply from 74.125.225.33: bytes=32 time=67ms TTL=57

Ping statistics for 74.125.225.33:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 68ms, Average = 67ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=91ms TTL=53
Reply from 98.138.253.109: bytes=32 time=96ms TTL=53

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 96ms, Average = 93ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f d7 fb 24 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:1a:939:3f57:fffd/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1a:939:3f57:fffd/128
On-link
10 276 fe80::6999:31f7:56e9:6086/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/22/2012 03:19:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/21/2012 00:05:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5596598

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5596598

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5586536

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5586536

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 03:18:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5576536

Error: (08/21/2012 03:18:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5576536


System errors:
=============
Error: (08/22/2012 08:46:11 AM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (08/21/2012 00:30:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/21/2012 02:15:32 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/20/2012 09:26:08 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/20/2012 06:28:08 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/20/2012 06:28:08 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/20/2012 06:28:08 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/20/2012 06:23:15 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/20/2012 06:22:51 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/20/2012 06:22:51 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (08/22/2012 03:19:14 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/21/2012 00:05:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5596598

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5596598

Error: (08/21/2012 03:18:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5586536

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5586536

Error: (08/21/2012 03:18:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 03:18:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5576536

Error: (08/21/2012 03:18:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5576536


=========================== Installed Programs ============================

Adobe Reader X (10.1.4) (Version: 10.1.4)
DolbyFiles (Version: 0.1)
Google SketchUp Pro 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.115)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4060.98 MB
Available physical RAM: 2472.98 MB
Total Pagefile: 10149.18 MB
Available Pagefile: 7983.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.76 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:243.25 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

17-08-2012 13:54:07 ComboFix created restore point
19-08-2012 12:23:53 Removed Sophos Virus Removal Tool.
19-08-2012 12:48:59 Revo Uninstaller's restore point - Advertising Center
19-08-2012 12:49:10 Removed Advertising Center
19-08-2012 12:51:37 Revo Uninstaller's restore point - Nero Express Help
19-08-2012 12:51:48 Removed Nero Express Help
19-08-2012 12:53:29 Revo Uninstaller's restore point - Nero StartSmart
19-08-2012 12:53:40 Removed Nero StartSmart
19-08-2012 12:54:52 Revo Uninstaller's restore point - NeroExpress
19-08-2012 12:55:06 Removed NeroExpress
19-08-2012 12:56:24 Revo Uninstaller's restore point - Nero InfoTool
19-08-2012 12:56:35 Removed Nero InfoTool
19-08-2012 12:57:28 Revo Uninstaller's restore point - neroxml
19-08-2012 12:57:48 Removed neroxml
19-08-2012 12:58:41 Revo Uninstaller's restore point - Nero Online Upgrade
19-08-2012 12:58:52 Removed Nero Online Upgrade
19-08-2012 12:59:58 Revo Uninstaller's restore point - Nero StartSmart Help
19-08-2012 13:00:13 Removed Nero StartSmart Help
19-08-2012 13:01:07 Revo Uninstaller's restore point - Nero InfoTool Help
19-08-2012 13:01:19 Removed Nero InfoTool Help
20-08-2012 01:00:10 Windows Backup
20-08-2012 12:04:03 Revo Uninstaller's restore point - Dell DataSafe Local Backup - Support Software
20-08-2012 12:04:50 Revo Uninstaller's restore point - Dell DataSafe Local Backup
20-08-2012 12:09:18 Revo Uninstaller's restore point - Dell DataSafe Local Backup - Support Software
20-08-2012 15:23:02 Revo Uninstaller's restore point - magicJack
21-08-2012 18:40:53 Removed Bonjour
21-08-2012 18:41:59 Revo Uninstaller's restore point - GoToMeeting 5.1.0.880

**** End of log ****

BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 23 August 2012 - 09:46 PM

Have you tried hitting the Reset option on your IE internet options, Advanced tab? This link is for IE8 only -> http://support.microsoft.com/kb/2171141
I think you should stop or remove comodo system cleaner as it is tagged as a registry cleaner which is not likely helpful in resolving your problem. For the Network default -> http://www.makeuseof.com/answers/change-default-network/

Tekken
 


#3 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 24 August 2012 - 02:16 PM

IE restore worked nicely. comodo is an amateur way of documenting the random changes that are being done to the system. I will have 20 registry changes happen in an afternoon, no reboot is necessary. AVG thumbdrive rescue scan found 13 password protected files, in the AVG directory. Renamed and removed remove the definition files, returned immediately. AVG says there is no way to recover with certainty. I have ordered a system dvd set from Dell.

Does anything jump out at you above?

#4 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 24 August 2012 - 08:35 PM

I am a confused with the real problem since you were infected from a flash drive going to AVG directory/password protected files, system restore and comodo registry cleaning. Have you tried scanning with Free Mbam? I have stopped using AVG years ago and am not familiar with this comodo cleaner as its not a recommended software for any purpose. If this is a stand alone computer connecting to a home network with an antivirus, usually nowadays, the autorun virus is detected by your current antivirus since you have Avast previously(?). You might need to do a clean install if you were given a clean bill of health on the Virus and Spyware section and still having numerous registry issues.

Tekken
 


#5 rwilles

rwilles
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 August 2012 - 10:22 PM

Was previously using Avast and moved 6 weeks ago to the paid version of AVG2012 as there are 8 modules that are all interconnected for heuristic detection. Before I posted with Nasdaq I had ran Stinger and Aswmbr scans that showed 2 boot sectors, and had tried to repair the boot sector with windows system restore. I can say that the 30 second pause that used to happen on the Dell splash screen is down to 3 seconds now. So there is some positive progress.

AVG said on phone support that there should be no AVG password protected files when a rescue disk scan is preformed. I renamed and quarantined the files. That process required a reinstall of AVG as some files were required for AVG and the password protected files returned within 12 hours. Avg indicated that there are infections that take control of the malware definition files, and even worse, rogue copies that people pay a subscription for to the malware controller. My copy is certified as 'real'.

No scan, AVG, AVast, Superantispyware, Malwarebytes, Eset online, showed infected past mid July, except for cookies. I have no idea what is wrong and am willing to work on figuring it out, but believe I have a compromised hard drive now and am not sure if it can reliably be healed.

Thoughts?

Edited by rwilles, 25 August 2012 - 10:34 PM.


#6 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 26 August 2012 - 09:11 PM

You can wipe or clean install the drive as already suggested by Nasdaq. I would suggest use Mbam in place of comodo cleaner for an on-demand scanner.

Tekken
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users