Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connectivity after Combofix


  • This topic is locked This topic is locked
25 replies to this topic

#1 Jstyle

Jstyle

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 September 2012 - 10:42 AM

Two weeks ago i used combfix because of spyware. After using it, i don't have any internet connection. I use the netgear WLAN3100v2 'internet-dongle' USB to make a WIFI internet connection with from my router to my desktop. I uninstalled the drivers and installed it again. Unfortunaly, it didn't work.

I rode this topic: http://www.bleepingcomputer.com/forums/topic452709.html and did two test.

Test 1 MINITOOLBOX, result:

MiniToolBox by Farbar Version: 23-07-2012
Ran by ****** (administrator) on 03-09-2012 at 17:32:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP-configuratie



De DNS-omzettingscache is leeggemaakt.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394-netwerkkaart = 1394-verbinding (Connected)
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = LAN-verbinding (Media disconnected)
NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Draadloze netwerkverbinding 4 (Media disconnected)


# ----------------------------------
# IP-configuratie van interface
# ----------------------------------
pushd interface ip


# IP-configuratie van interface voor "LAN-verbinding"

set address name="LAN-verbinding" source=dhcp
set dns name="LAN-verbinding" source=dhcp register=PRIMARY
set wins name="LAN-verbinding" source=dhcp

# IP-configuratie van interface voor "Draadloze netwerkverbinding 4"

set address name="Draadloze netwerkverbinding 4" source=dhcp
set dns name="Draadloze netwerkverbinding 4" source=dhcp register=PRIMARY
set wins name="Draadloze netwerkverbinding 4" source=dhcp


popd
# Einde van IP-configuratie van interface




Windows IP-configuratie



Host-naam . . . . . . . . . . . .: *****

Primair DNS-achtervoegsel. . . . .:

Knooppunttype . . . . . . . . . . : broadcast

IP-routering ingeschakeld. . . . .: nee

WINS-proxy ingeschakeld . . . . . : nee



Ethernet-adapter LAN-verbinding:



Status van medium . . . . . . . . : medium ontkoppeld

Beschrijving . . . . . . . . . . .:

Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Fysiek adres. . . . . . . . . . . : 00-24-1D-2E-13-B5



Ethernet-adapter Draadloze netwerkverbinding 4:



Status van medium . . . . . . . . : medium ontkoppeld

Beschrijving . . . . . . . . . . .:

NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter

Fysiek adres. . . . . . . . . . . : E0-91-F5-51-2F-42

Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping-aanvraag kan host google.com niet vinden. Controleer de naam en probeer het

opnieuw.

Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping-aanvraag kan host yahoo.com niet vinden. Controleer de naam en probeer het

opnieuw.

Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping-aanvraag kan host bleepingcomputer.com niet vinden. Controleer de naam en probeer het

opnieuw.



Pingen naar 127.0.0.1 met 32 byte gegevens:



Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128

Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128



Ping-statistieken voor 127.0.0.1:

Pakketten: verzonden = 2, ontvangen = 2, verloren = 0

(0% verlies).De gemiddelde tijd voor het uitvoeren van āān bewerking in milliseconden:

Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

===========================================================================
Interfacelijst
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 1d 2e 13 b5 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Pakketplanner-minipoort
0x10004 ...e0 91 f5 51 2f 42 ...... NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter - Pakketplanner-minipoort
===========================================================================
===========================================================================
Actieve routes:
Netwerkadres Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 10004 1
===========================================================================
Permanente routes:
Geen

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/14/2012 07:49:33 PM) (Source: crypt32) (User: )
Description: Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze netwerkverbinding bestaat niet.

Error: (08/14/2012 07:49:33 PM) (Source: crypt32) (User: )
Description: Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze netwerkverbinding bestaat niet.

Error: (08/14/2012 07:49:33 PM) (Source: crypt32) (User: )
Description: Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: The connection with the server was terminated abnormally

Error: (08/14/2012 04:48:05 PM) (Source: ESENT) (User: )
Description: wuauclt (6836) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 8192 (0x0000000000002000) voor 57344 (0x0000e000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.

Error: (08/14/2012 04:48:04 PM) (Source: ESENT) (User: )
Description: wuauclt (6704) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 8192 (0x0000000000002000) voor 57344 (0x0000e000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.

Error: (08/14/2012 04:48:04 PM) (Source: ESENT) (User: )
Description: wuauclt (6620) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 8192 (0x0000000000002000) voor 57344 (0x0000e000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.

Error: (08/14/2012 04:48:03 PM) (Source: ESENT) (User: )
Description: wuauclt (6464) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 8192 (0x0000000000002000) voor 57344 (0x0000e000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.

Error: (08/14/2012 04:48:02 PM) (Source: ESENT) (User: )
Description: wuauclt (6364) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 8192 (0x0000000000002000) voor 57344 (0x0000e000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.

Error: (08/14/2012 04:48:02 PM) (Source: ESENT) (User: )
Description: wuauclt (6244) Kan geen schaduw-header schrijven voor bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Fout -1808.

Error: (08/14/2012 04:48:02 PM) (Source: ESENT) (User: )
Description: wuauclt (6244) Een poging te schrijven naar bestand C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb bij een verschuiving van 0 (0x0000000000000000) voor 8192 (0x00002000) bytes is mislukt. Systeemfout 112 (0x00000070): Onvoldoende schijfruimte beschikbaar. . Tijdens de leesbewerking treedt fout -1808 (0xfffff8f0) op. Als dit probleem zich blijft voordoen, wordt het bestand mogelijk beschadigd en moet het worden hersteld vanaf een vorige back-up.


System errors:
=============

Error: (09/02/2012 05:15:29 PM) (Source: Windows Update Agent) (User: )
Description: Kan geen verbinding maken: Windows kan geen verbinding met de service Automatische updates maken. Hierdoor kunnen updates niet volgens planning worden gedownload en geÔnstalleerd. Windows gaat door met pogingen om een verbinding tot stand te brengen.

Error: (08/30/2012 01:48:13 PM) (Source: Windows Update Agent) (User: )
Description: Kan geen verbinding maken: Windows kan geen verbinding met de service Automatische updates maken. Hierdoor kunnen updates niet volgens planning worden gedownload en geÔnstalleerd. Windows gaat door met pogingen om een verbinding tot stand te brengen.

Error: (08/20/2012 08:42:49 PM) (Source: Windows Update Agent) (User: )
Description: Kan geen verbinding maken: Windows kan geen verbinding met de service Automatische updates maken. Hierdoor kunnen updates niet volgens planning worden gedownload en geÔnstalleerd. Windows gaat door met pogingen om een verbinding tot stand te brengen.

Error: (08/14/2012 07:46:54 PM) (Source: 0) (User: )
Description: {B7B50F2C-1733-4870-8E32-E8424DD37DC3}

Error: (08/14/2012 07:42:50 PM) (Source: Service Control Manager) (User: )
Description: De Process Monitor-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error: (08/14/2012 07:18:25 PM) (Source: Service Control Manager) (User: )
Description: De Process Monitor-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error: (08/14/2012 05:13:22 PM) (Source: 0) (User: )
Description: 0xC000007Fannotation.dllHarddiskVolume1

Error: (08/14/2012 03:40:54 PM) (Source: 0) (User: )
Description: 0xC000007Fpaqcache.dllHarddiskVolume1

Error: (08/14/2012 03:28:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
om de server
{1BE1F766-5536-11D1-B726-00C04FB926AF} te starten


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3326.42 MB
Available physical RAM: 2455.04 MB
Total Pagefile: 5210.1 MB
Available Pagefile: 4307.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.14 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:97.65 GB) (Free:31.83 GB) NTFS
4 Drive e: () (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT
5 Drive f: () (Fixed) (Total:931.5 GB) (Free:6 GB) NTFS
7 Drive q: () (Fixed) (Total:368.1 GB) (Free:6.58 GB) NTFS

========================= Users: ========================================

Gebruikersaccounts voor \\****

Administrator ASPNET Gast
HelpAssistant ***** SUPPORT_388945a0
De opdracht is voltooid.


**** End of log ****


Test 2 DDS program, result:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by ****** at 17:36:07 on 2012-09-03
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3326.2437 [GMT 2:00]
.
AV: ESET Smart Security 5.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Persoonlijke firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\WinFLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\WinFLTray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\search & destroy\SDHelper.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D717F81-9148-4f12-8568-69135F087DB0} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences
uRun: [SpybotSD TeaTimer] c:\program files\search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WinFLTray] c:\windows\system32\WinFLTray.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\redirector.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\software\divx-progs\bsplayer\skins\partycasino\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\*******\application data\mozilla\firefox\profiles\jsoinkie.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-6-14 9096]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 67960]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2011-12-30 29584]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-6 22504]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144]
R2 FLService;FLService;c:\windows\system32\WinFLService.exe [2011-12-30 91736]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-19 54760]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2011-12-30 188176]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2011-12-30 228112]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-9-2 303360]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-9-2 1034240]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2012-2-22 45288]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 LMPC2;LMPC2;c:\windows\system32\drivers\lmpc2.sys [2009-11-5 4224]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
RUnknown mrxex;mrxex; [x]
RUnknown tdi2k;tdi2k; [x]
RUnknown tunmpnt;tunmpnt; [x]
S2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\ashampoo\ashampoo antispyware 2\antispywareservice.exe --> c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWareService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-27 136176]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-27 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-9-2 50704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-02 15:17:24 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2012-09-02 15:17:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2012-09-02 15:17:24 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2012-09-02 15:17:24 100880 ----a-w- c:\windows\system32\Packet.dll
2012-09-02 15:17:23 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-09-02 15:17:20 -------- d-----w- c:\program files\NETGEAR
2012-09-02 15:16:58 -------- d-----w- C:\WNDA3100v2 Software Version 2.0.0.1
2012-08-14 18:09:08 -------- d-----w- c:\windows\system32\xircom
2012-08-14 18:09:08 -------- d-----w- c:\windows\system32\wbem\snmp
2012-08-14 17:48:24 -------- d-sha-r- C:\cmdcons
2012-08-14 17:43:06 98816 ----a-w- c:\windows\sed.exe
2012-08-14 17:43:06 518144 ----a-w- c:\windows\SWREG.exe
2012-08-14 17:43:06 256000 ----a-w- c:\windows\PEV.exe
2012-08-14 17:43:06 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-06-25 14:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-24 19:20:13 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-13 13:55:52 1875200 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:48:29 1447936 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:48:29 1172480 ----a-w- c:\windows\system32\msxml3.dll
2011-09-23 14:25:30 37329920 ----a-w- c:\program files\activatieprogramma.exe
.
============= FINISH: 17:36:29,09 ===============





What do i have to do to solve this problem?
Thanks in advance

BC AdBot (Login to Remove)

 


#2 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 September 2012 - 12:20 PM

When i need to use another programma, please let me know!

#3 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 06 September 2012 - 01:08 PM

I have no idea to solve this problem.

Is there anyone who can help me and can see what the problem is? :busy:
I hope so! Thanks in advance!! :thumbsup:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 06 September 2012 - 08:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 06 September 2012 - 11:49 PM

Hello m0le. Thanks for helping me. I'm waiting :)

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 07 September 2012 - 01:57 PM

TDSS kills the internet connection sometimes after Combofix. For all these instructions you can substitute "download to desktop" for "download on a clean machine and transfer using a USB device"

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 08 September 2012 - 02:41 AM

I want to run TDSS killer due the start -> run. But when i enter the complete (including quote maks) "%userprofile%\Desktop\TDSSKiller.exe -l report.txt i'll get this warning (failure). I can't run TDSS killer.

Posted Image
The warning said: 'The C :/ documents refers to a location that is not accessible. .....'

What else can i do to make the program run?

Edited by Jstyle, 08 September 2012 - 02:42 AM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 08 September 2012 - 12:20 PM

This is ZeroAccess. It doesn't want you to run anything that can identify it.

Try TDSSKiller in safe mode
Posted Image
m0le is a proud member of UNITE

#9 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 08 September 2012 - 02:53 PM

This is ZeroAccess. It doesn't want you to run anything that can identify it.

Try TDSSKiller in safe mode


Hello m0le.
I ran the program in Safe mode. Got the same error / failure.
Is there another program i can try or start due a different way?

#10 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 09 September 2012 - 05:15 AM

I think i can run TDSSKiller , but not due the start -> run -> "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt.
Is that a option?

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 09 September 2012 - 06:00 AM

Yes, try running it like that. :)
Posted Image
m0le is a proud member of UNITE

#12 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 09 September 2012 - 06:35 AM

Thanks. I have ran the programm. The results are:

1: Photo:
Posted Image

2. Attached Log (report) from the scan.

I'm curious about the next steps to fix my internet-connection :)

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 09 September 2012 - 06:59 PM

I'm curious about the next steps to fix my internet-connection


If I'm happy that the machine is clean then we'll try to connect. There's no point trying if the infection is still there.

Can you see if you can locate the Combofix log that caused the internet disconnection

Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.
Posted Image
m0le is a proud member of UNITE

#14 Jstyle

Jstyle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 09 September 2012 - 11:57 PM

Allright! Hopefully you can see something in these log's :)
I attached both files (1 log Combofix and 1 log due cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt)

Attached Files



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 10 September 2012 - 12:16 PM

Please run Combofix again for me. Use a new version though so uninstall the current copy

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Then

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users