Computer Hope
Software => Computer viruses and spyware => Topic started by: Batronus on September 23, 2010, 05:16:16 PM
-
Hello, all.
My problem is this: I have not been able to access the internet using any browser, or perform any functions requiring net access (i.e. access the iTunes Store) for approximately 60 days. I have already posted in the networking section of Computer Hope, and with the help of Mastermind Broni, it was determined that my network connection is functioning properly, and that the likely culprit is an infection of some sort. Broni explained that I should repost here after following the steps in the Virus and Spyware Section Guidelines.
All steps within the guidelines were followed, in order, though I cannot access the internet. Thus, all applications were downloaded on another laptop and then moved to my laptop via flash drive and installed from my desktop.
Note: I did not use the registry feature of CCleaner, as I am not familiar enough with the registry to be comfortable.
I have included the logs from each of the disinfectants in my post. (Do you ask for these just so you can poke fun at us for the porn we surf?) :)
Following are the logs:
SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/22/2010 at 04:08 PM
Application Version : 4.43.1000
Core Rules Database Version : 5506
Trace Rules Database Version: 3318
Scan type : Complete Scan
Total Scan Time : 01:58:35
Memory items scanned : 604
Memory threats detected : 0
Registry items scanned : 7009
Registry threats detected : 2
File items scanned : 133603
File threats detected : 102
Unclassified.Unknown Origin
HKU\S-1-5-21-4048087957-2194321304-3991422104-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKCR\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
Adware.Tracking Cookie
12bigpenis.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
advprotraffic.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
allpornflicks.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
alotporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
bannerfarm.ace.advertising.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
banners.securedataimages.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
bc.youporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
bigcockteenaddiction.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
bigporntube.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
cdn-www.pornhub.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
cdn.euroclick.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
cdn1.eyewonder.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
cdn4.specificclick.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
content3.pornkolt.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
core.insightexpressai.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
crackle.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
dev.pornmix.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
dlr1.wdpromedia.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
ec.atdmt.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
files.adbrite.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
flvplayer2.hardsextube.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
*censored*.ucoz.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
googleads.g.doubleclick.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
host-d.oddcast.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
ia.media-imdb.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
interclick.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
m1.2mdn.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
macromedia.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.heavy.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.jambocast.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.mtvnservices.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.noob.us [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.resulthost.org [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.scanscout.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media.tattomedia.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media01.kyte.tv [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
media1.break.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
mediaforgews.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
msnbcmedia.msn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
naiadsystems.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
objects.tremormedia.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
oddcast.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
pornoprinzen.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
pornotube.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
porntubes.us [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
promo.8teensworld.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
s-sec.slutload-media.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
s0.2mdn.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
secure-us.imrworldwide.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
sex.healthguru.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
spe.atdmt.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
static.2mdn.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
static.sexsearch.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
static.xxxmatch.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
static.youporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
track.trackads.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
trackads.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
udn.specificclick.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
video.unrulymedia.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
videos.allelitepass.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
vidii.hardsextube.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
vmixmedia-0.vo.llnwd.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.crackle.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.freexxx-movie.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.fuckahole.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.homesexdaily.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.hotsexyscenes.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.maxporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.mofosex.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.moviesexplace.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.naiadsystems.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.oneclicktube.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.onetwoporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.oosex.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.porn8.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornari.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornative.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornbase.org [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.porncor.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornergy.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornhost.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornhub.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornojig.tv [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornpussyclips.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.pornslotz.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.realgfporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.realhomemadesexmovies.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexbases.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexbigcock.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexblonde.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexfacials.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexfucks.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexsucking.info [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sextube.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexualise.net [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.sexxxtube.org [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.shotsexy.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.viralporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
www.ziporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
wwwstatic.megaporn.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
xpornbar.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
xxxbunker.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
9/22/2010 4:58:52 PM
mbam-log-2010-09-22 (16-58-52).txt
Scan type: Quick scan
Objects scanned: 113258
Time elapsed: 5 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:52 PM, on 9/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Trace\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - AppInit_DLLs: C:\Windows\WIDEST~1\FREEQU~1\QUICKA~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7519 bytes
After performing all steps, I attempted to acccess the internet, both wired and wirelessly, using various website addresses (Google, Yahoo!, IMDB, etc.), and still could not get out. I pinged Google and Yahoo! (wirelessly), and the ping tests follow:
C:\Users\Trace>ping google.com
Pinging google.com [74.125.155.105] with 32 bytes of data:
Reply from 74.125.155.105: bytes=32 time=58ms TTL=52
Reply from 74.125.155.105: bytes=32 time=58ms TTL=52
Reply from 74.125.155.105: bytes=32 time=58ms TTL=52
Reply from 74.125.155.105: bytes=32 time=60ms TTL=52
Ping statistics for 74.125.155.105:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 60ms, Average = 58ms
C:\Users\Trace>ping yahoo.com
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=94ms TTL=52
Reply from 209.191.122.70: bytes=32 time=100ms TTL=52
Reply from 209.191.122.70: bytes=32 time=94ms TTL=52
Reply from 209.191.122.70: bytes=32 time=97ms TTL=52
Ping statistics for 209.191.122.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 94ms, Maximum = 100ms, Average = 96ms
As you can see, the connection is fine.
Included here is the laptop information requested for all posts:
Acer Aspire 5610Z; MS Windows Vista Home Premium; Service Pack 2; Intel T2080 1.73 GHz; 2.0 GB of RAM.
-I am currently connected to my provider's device via a wireless connection, with a status of local and internet.
-I have tried both Google Chrome and Microsoft IE 7, with the same result for both.
-Chrome shows: This webpage is not available.
-IE 7 shows: Internet Explorer cannot display the webpage.
-When using the option to "Diagnose Connection Problems" through IE 7, the response is, "Windows did not find any problems with this computer's network connection."
-There is one other laptop within the home, as well as two android phones, all of which perform all wireless internet functions without error.
-I have connected to other wireless networks, as well as hardwiring from other connections, but still receive the same error.
If there is anything missing from the information I have provided, please let me know what else I can do to help you help me. Thank you so much for your time; I truly appreciate everything you do!
Humbly,
-Trace
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.
-
@ Batronus
do not do anything in the above post until a malware expert sees your logs and gives you help
-
Funny...I was just going to post the log from the ComboFix run I just completed. Perhaps I am naive, but is there a way to tell whom I am supposed to be taking direction from? I don't know who is an authorized Computer Hope admin versus who is just a poster trying to help...
That said, the damage is done; I suppose I might as well post the log:
ComboFix 10-09-23.01 - Trace 09/24/2010 14:28:51.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1547 [GMT -6:00]
Running from: c:\users\Trace\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 20:39 . 2010-09-24 20:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 20:39 . 2010-09-24 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 20:27 . 2010-09-24 20:27 -------- d-----w- C:\32788R22FWJFW
2010-09-24 18:22 . 2010-09-24 20:39 -------- d-----w- c:\users\Trace\AppData\Local\temp
2010-09-22 23:49 . 2010-09-22 23:49 388096 ----a-r- c:\users\Trace\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 23:49 . 2010-09-22 23:49 -------- d-----w- c:\program files\Trend Micro
2010-09-22 23:33 . 2010-09-22 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\users\Trace\AppData\Roaming\Malwarebytes
2010-09-22 22:52 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 22:52 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 20:05 . 2010-09-22 20:05 63488 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 20:05 . 2010-09-22 20:05 52224 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 20:05 . 2010-09-22 20:05 117760 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 20:04 . 2010-09-22 20:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:04 -------- d-----w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 20:00 . 2010-09-22 20:00 -------- d-----w- c:\program files\CCleaner
2010-09-22 15:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-22 15:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-22 15:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-22 15:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-22 15:07 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-22 15:06 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-22 15:06 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-22 15:06 . 2010-09-22 15:06 -------- d-----w- c:\programdata\Alwil Software
2010-09-22 15:06 . 2010-09-22 15:06 -------- d-----w- c:\program files\Alwil Software
2010-09-20 19:58 . 2010-09-20 19:58 -------- d-----w- c:\users\Trace\MSYNC
2010-09-15 17:51 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:50 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:50 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 20:38 . 2008-02-26 01:55 1356 ----a-w- c:\users\Trace\AppData\Local\d3d9caps.dat
2010-09-24 20:16 . 2008-07-28 18:04 -------- d-----w- c:\programdata\Microsoft Help
2010-09-22 23:25 . 2010-06-27 16:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 23:25 . 2008-02-13 20:23 -------- d-----w- c:\program files\Java
2010-09-21 23:35 . 2007-12-18 03:54 110816 ----a-w- c:\users\Trace\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-21 23:21 . 2009-03-15 22:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-21 23:15 . 2007-04-10 09:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-21 22:56 . 2008-03-22 02:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-21 22:50 . 2009-03-15 22:34 -------- d-----w- c:\programdata\Lavasoft
2010-09-21 22:10 . 2008-01-29 23:10 -------- d-----w- c:\program files\Google
2010-09-16 09:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-30 16:36 . 2010-07-30 16:36 -------- d-----w- c:\users\Trace\AppData\Roaming\Alien Skin
2010-07-29 20:38 . 2010-07-29 20:32 -------- d-----w- c:\program files\Office Convert
2010-06-29 15:47 . 2010-08-12 13:46 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 13:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 10:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2003-08-01 21:54 . 2009-09-06 18:23 25852 ----a-w- c:\program files\TURNBB__.TTF
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys
R1 aswSP;aswSP;
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswFsBlk;aswFsBlk;
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-31 37936]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-06 717296]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-02-02 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-01-28 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 14:39
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-09-24 14:44:03
ComboFix-quarantined-files.txt 2010-09-24 20:44
ComboFix2.txt 2010-09-24 18:22
Pre-Run: 18,886,893,568 bytes free
Post-Run: 18,674,450,432 bytes free
- - End Of File - - 06B232A4B7866EEF292A8E5645257706
I hope this helps whoever is looking at the issue. Thanks to everyone taking part.
-Trace
-
you will see above that computer cpr's comment has been removed so superdave should be back to help you
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Do you ask for these just so you can poke fun at us for the porn we surf?)
We are non-judgemental. We need to know what type of infections were on your computer and to ensure the tools you used were up-to-date.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
*********************************************
I don't know who is an authorized Computer Hope admin versus who is just a poster trying to help...
On these malware forums you should only accept advice from accepted helpers. They are the only ones approved to help with malware removal. First of all, we'll try to get the internet working.
********************************
Download the Fix IE Utility (http://www.majorgeeks.com/Fix_IE_Utility_d6256.html) to your desktop.
Before running the utility, make sure that all your Internet Explorer windows are closed!
* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.
-
Hello, SD.
Thank you for any and all help; I really appreciate it!
As to my quote about porn, I was just trying to joke around and am not worried that I will be judged.
It seems I have rid myself of the things you asked me to fix using HiJackThis. Following is my most recent HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:51:26 AM, on 9/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Trace\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4169 bytes
Additionally, I downloaded and ran the Fix IE Utility and still my IE delivers "Internet Explorer cannot display the webpage." The connection still looks just fine this morning. Ping results to follow:
C:\Windows\system32>ping google.com
Pinging google.com [74.125.155.103] with 32 bytes of data:
Reply from 74.125.155.103: bytes=32 time=59ms TTL=52
Reply from 74.125.155.103: bytes=32 time=57ms TTL=52
Reply from 74.125.155.103: bytes=32 time=56ms TTL=52
Reply from 74.125.155.103: bytes=32 time=56ms TTL=52
Ping statistics for 74.125.155.103:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 59ms, Average = 57ms
C:\Windows\system32>ping yahoo.com
Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=116ms TTL=53
Reply from 67.195.160.76: bytes=32 time=117ms TTL=53
Reply from 67.195.160.76: bytes=32 time=114ms TTL=53
Reply from 67.195.160.76: bytes=32 time=118ms TTL=53
Ping statistics for 67.195.160.76:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 114ms, Maximum = 118ms, Average = 116ms
Any other ideas?
Thanks, again, for all of your help!
-Trace
-
Please try these to see if we can get the internet working.
Open Internet Explorer, click the Tools menu, select Internet Options, Programs
Click "Reset Web Settings". Click Apply/OK to exit the internet options and verify if the desktop shortcuts work now (to be sure everything is in place, restart your browser after changing the settings).
****************************************
Please navigate to Start>Run and type cmd
In the window that pops up type ipconfig /flushdns
-
Good morning, SD.
I have followed your instructions, but still no change. See attached image of IE.
DNS Flush:
C:\Windows\system32>ipconfig/flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Any other thoughts?
Thank you, again, for your help!
-Trace
[recovering disk space - old attachment deleted by admin]
-
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
Please download LSPFix (http://cexx.org/LSPFix.exe) © 2002-2006 Cexx.org.
Save it to your desktop. Alternate download site available here (http://download.bleepingcomputer.com/spyware/lspfix.zip)
Run LSPFix - Repair LSP Chain
Do not execute LSPFix at this time. Run instructions will be provided later, if needed.
*/ USE after New.Net or NewDotNet removal (or other Winsock Hijackers) and can't access the Internet...
the LSP chain may have been broken. We can use LSPFix to repair the chain */
============================== IMPORTANT! ==============================
This LSPFix step should only be run if your Internet access is no longer working!!
============================== IMPORTANT! ==============================
PRINT these instructions... then disconnect from the Internet and close all browser windows.
- Double click the LSPFix.exe icon on your desktop.
- If you had to use the alternate download...double click the "lspfix.zip" file on your desktop.
- Use XPs Compressed File Extraction Wizard or your own 3rd party zip file program.
- Extract the "LSPFix.exe" file to your desktop... double click to start the program.
- Press the "Finish... button.
- Now...Reboot your computer, normally, to complete the process.
***********************************
*/ Use WinSockXPFix ONLY when Internet access is still a problem AFTER running LSPFix */
Download WinSockXPFix (http://www.spychecker.com/download/download_winsockxpfix.htmll) to fix broken LSP chain for XP (if needed).
- Double click on WinsockXPFix.
- Click Fix.
-
SD,
I have downloaded and executed LSPFix, but it found no problems with the machine (see attached file: LSPFix Results 1). In addition, I attempted several times to download WinSockXPFix, but each time I got a "Page Cannot Be Found" error (see attached file: Page Cannot Be Found).
Also, I noticed that WinSockXPFix has XP in the title, but my machine runs Vista. Does that matter?
I am sorry this problem is not going away easily and that it requires so much effort on your part. I truly do appreciate your help!
Let me know what else you need me to do.
-Trace
[recovering disk space - old attachment deleted by admin]
-
Also, I noticed that WinSockXPFix has XP in the title, but my machine runs Vista. Does that matter?
Please try this.
This applies on whether or not you have turned off UAC!
click Start
In the Start Search box type cmd then hold CRTL-SHIFT keys down and tap the Enter key, UAC should, if enabled. pop up. Click Ok, then you're at an elevated CMD ( Command Prompt ) and type the netsh winsock reset and hit Enter.
-
SD:
I've been following this thread since I referred the OP to you from a different CH Sub-forum.
http://www.computerhope.com/forum/index.php/topic,110461.0.html
I may have found a solution: I think it's the Norton Internet Security. Norton Removal Tool fixed it for someone else (on DSL Reports) with the same issues with Vista, it seems like a DNS problem, but is not.
http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
I leave it in your hands to follow up on this or not.
CC
-
Thanks CC. I give it a try. I'm running out of options anyway.
Batronus. Please try this also.
Norton/Symantec Removal Tool - Norton Removal Tool (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/)
-
SD and CC,
I attempted the reset through the Command Prompt window, to no avail.
I then downloaded the Norton Removal Tool and used it, and I am now SURFING!
I did run HiJackThis one more time after using the Norton Removal Tool, just to see if there was anything from Symantec/Norton left on the machine, but nothing was listed, so it looks as if it is gone.
I really appreciate the help of the staff here on Computer Hope. You guys/gals are great! Special thanks go out to SuperDave, Computer_Commando, and Broni! Thank you all so very much!
SD, are there any follow up steps you would like me to perform?
Let me know.
-Trace
-
Well, that is good news. I just want to make sure that your computer is clean. Please run these scans and post the logs.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Okay, SD, following are the logs for SuperAntiSpyware, Malware Bytes, and Security Check:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/29/2010 at 09:33 AM
Application Version : 4.43.1000
Core Rules Database Version : 5601
Trace Rules Database Version: 3413
Scan type : Complete Scan
Total Scan Time : 02:24:45
Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 7722
Registry threats detected : 0
File items scanned : 149764
File threats detected : 36
Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
sales.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Trace\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cdn.eyewonder.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
ia.media-imdb.com [ C:\Users\Trace\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ABB52LBL ]
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\trace@atdmt[1].txt
C:\Users\Trace\AppData\Roaming\Microsoft\Windows\Cookies\Low\trace@doubleclick[1].txt
And next:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4716
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
9/29/2010 12:17:22 PM
mbam-log-2010-09-29 (12-17-22).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 260921
Time elapsed: 1 hour(s), 30 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And next:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
What do you think, SD? Am I fixed?
Let me know.
-Trace
-
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I too was having the same problem and was getting nowhere fast in getting this fixed. I have an Aspire 3690 running MSXPMCE that worked fine when hard-wired but would not when using wireless. I think some one mentioned registry errors and winsock issues. I believe they are correct since my laptop is now working via wireless. Today, I did the following to correct the prroblem:
First, I downloaded the Norton Internet security removal tool and removed Norton (latest version). This was to see if Norton was causing the issue. After removal, I tried connecting via wireless but no go.
Second, I connected via hard-wire and downloaded the Winsockfix program and ran it on the laptop. It ran maybe for 3 seconds.
Third, I disconnected the hard-wire connection to go wireless and it worked. Everything worked like it should.
Fourth, I reinstalled the Norton Internet security to see if it would affect the wireless but it did not. The wireless connection is still working fine.
Prior to this I also ran Registry Mechanic by PCTools which did fix over 300 registry errors but the wireless still would not work. Maybe it is a problem with the winsock file registry? I think you guys will know better about this than me though. Without you guys I'd be still messing around without a clue.
Great job and many kudos.
-
Hey, SD.
My log from Combofix follows:
ComboFix 10-10-01.01 - Trace 10/01/2010 19:39:39.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1195 [GMT -6:00]
Running from: c:\users\Trace\Desktop\Commy.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 01:50 . 2010-10-02 01:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-02 01:50 . 2010-10-02 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-02 01:02 . 2010-10-02 01:12 -------- d-----w- C:\Commy11548C
2010-10-01 16:33 . 2010-10-01 16:46 -------- d-----w- C:\Commy
2010-09-29 12:49 . 2010-09-29 12:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-29 12:48 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-29 06:08 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 02:17 . 2010-09-28 02:17 -------- d-----w- c:\program files\iPod
2010-09-28 02:17 . 2010-09-28 02:18 -------- d-----w- c:\program files\iTunes
2010-09-28 02:15 . 2010-09-28 02:16 -------- d-----w- c:\program files\QuickTime
2010-09-28 02:15 . 2010-09-28 02:15 -------- d-----w- c:\program files\Apple Software Update
2010-09-28 02:13 . 2010-09-28 02:13 -------- d-----w- c:\program files\Bonjour
2010-09-28 02:13 . 2010-09-28 02:17 -------- d-----w- c:\program files\Common Files\Apple
2010-09-25 14:12 . 2010-09-25 14:12 -------- d-----w- c:\program files\Feedback Tool
2010-09-24 18:22 . 2010-10-02 01:50 -------- d-----w- c:\users\Trace\AppData\Local\temp
2010-09-24 08:51 . 2010-09-24 08:51 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 23:49 . 2010-09-22 23:49 388096 ----a-r- c:\users\Trace\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 23:49 . 2010-09-22 23:49 -------- d-----w- c:\program files\Trend Micro
2010-09-22 23:33 . 2010-09-22 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\users\Trace\AppData\Roaming\Malwarebytes
2010-09-22 22:52 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 22:52 . 2010-09-22 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 22:52 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 20:05 . 2010-09-29 13:06 63488 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 20:05 . 2010-09-22 20:05 52224 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 20:05 . 2010-09-29 13:06 117760 ----a-w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 20:04 . 2010-09-22 20:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:04 -------- d-----w- c:\users\Trace\AppData\Roaming\SUPERAntiSpyware.com
2010-09-22 20:04 . 2010-09-22 20:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 20:00 . 2010-09-22 20:00 -------- d-----w- c:\program files\CCleaner
2010-09-22 15:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-22 15:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-22 15:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-22 15:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-22 15:07 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-22 15:06 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-22 15:06 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-22 15:06 . 2010-09-22 15:06 -------- d-----w- c:\programdata\Alwil Software
2010-09-22 15:06 . 2010-09-22 15:06 -------- d-----w- c:\program files\Alwil Software
2010-09-20 19:58 . 2010-09-20 19:58 -------- d-----w- c:\users\Trace\MSYNC
2010-09-15 17:51 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:50 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:50 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 15:43 . 2007-12-18 03:54 112376 ----a-w- c:\users\Trace\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-29 12:49 . 2008-03-22 02:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-29 12:49 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-29 12:49 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-29 12:49 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-28 00:46 . 2007-04-10 10:02 -------- d-----w- c:\programdata\Symantec
2010-09-24 20:54 . 2008-02-26 01:55 1356 ----a-w- c:\users\Trace\AppData\Local\d3d9caps.dat
2010-09-24 20:16 . 2008-07-28 18:04 -------- d-----w- c:\programdata\Microsoft Help
2010-09-22 23:25 . 2010-06-27 16:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 23:25 . 2008-02-13 20:23 -------- d-----w- c:\program files\Java
2010-09-21 23:21 . 2009-03-15 22:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-21 23:15 . 2007-04-10 09:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-21 22:50 . 2009-03-15 22:34 -------- d-----w- c:\programdata\Lavasoft
2010-09-21 22:10 . 2008-01-29 23:10 -------- d-----w- c:\program files\Google
2010-09-16 09:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 00:44 . 2010-07-28 00:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 00:44 . 2010-07-28 00:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 00:44 . 2010-07-28 00:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 00:44 . 2010-07-28 00:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2003-08-01 21:54 . 2009-09-06 18:23 25852 ----a-w- c:\program files\TURNBB__.TTF
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-28 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-06 717296]
S1 aswSP;aswSP;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000Core.job
- c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048087957-2194321304-3991422104-1000UA.job
- c:\users\Trace\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 02:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 19:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-01 19:52:29
ComboFix-quarantined-files.txt 2010-10-02 01:52
ComboFix2.txt 2010-10-02 01:12
ComboFix3.txt 2010-10-01 16:46
ComboFix4.txt 2010-09-24 20:44
ComboFix5.txt 2010-10-02 01:38
Pre-Run: 15,775,641,600 bytes free
Post-Run: 15,740,796,928 bytes free
- - End Of File - - C403EDB12089BB9E312013C59EAF5EE0
Let me know what to do next.
Thanks!
-Trace
-
Only a couple more scans to go.
Please download 7-Zip (http://www.7-zip.org) and install it. If you already have it, no need to reinstall.
Then, download RootkitUnhooker (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar) and save the setup to your Desktop.
- Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
- Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
- Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
- It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
- Once inside the interface, do not fix anything. Click on the Report tab.
- Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
- It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
- When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.