
no internet after ComboFix
#1
Posted 21 November 2011 - 02:19 PM
Register to Remove
#2
Posted 23 November 2011 - 11:37 AM

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
COMBOFIX-Script
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File:: c:\program files\Bandoo\BndHook.dll Folder:: c:\users\Adge Pro\AppData\Roaming\UivD3onF4m6W7E9 c:\users\Adge Pro\AppData\Roaming\aZ9hTXwjUeItPyA c:\users\Adge Pro\AppData\Roaming\P8gTZqjYCkx0v2b c:\users\Adge Pro\AppData\Roaming\mD2onF4am5 c:\users\Adge Pro\AppData\Roaming\pRL9gTXqj c:\users\Adge Pro\AppData\Roaming\CCekIBrzPyAuDo c:\users\Adge Pro\AppData\Roaming\uqjYCwkIVzNx c:\users\Adge Pro\AppData\Roaming\mwjUCelIBzNc1v2 c:\users\Adge Pro\AppData\Roaming\x0ucS2ibDpG c:\users\Adge Pro\AppData\Roaming\cD3onG4aQ c:\users\Adge Pro\AppData\Roaming\n9hTXqjUClBzNc1 c:\users\Adge Pro\AppData\Roaming\u0ucS1ibDpGaHdK c:\users\Adge Pro\AppData\Roaming\qXwkUVrlOtPuSiD c:\users\Adge Pro\AppData\Roaming\VEK8gRZqh c:\users\Adge Pro\AppData\Roaming\jZYkrNPci3G6KRh c:\users\Adge Pro\AppData\Roaming\IVOPci3GQs7qeBN c:\users\Adge Pro\AppData\Roaming\TXI1FWTzupdXwUe c:\users\Adge Pro\AppData\Roaming\iwwkUUeS49PbECN c:\users\Adge Pro\AppData\Roaming\Zn66ssfjzupdYlB c:\users\Adge Pro\AppData\Roaming\YBxxP00ucS1bDpn Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Firefox:: FF - ProfilePath - c:\users\Adge Pro\AppData\Roaming\Mozilla\Firefox\Profiles\jb6npyyz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2956077&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 59939 FF - prefs.js: network.proxy.type - 0 DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:59939
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
Posted 23 November 2011 - 05:30 PM
Thanks for the help. Here is the log requested.
ComboFix 11-11-19.04 - Adge Pro 11/23/2011 18:04:45.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.1480 [GMT -5:00]
Running from: c:\users\Adge Pro\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Adge Pro\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Bandoo\BndHook.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Bandoo\BndHook.dll
c:\users\Adge Pro\AppData\Roaming\aZ9hTXwjUeItPyA
c:\users\Adge Pro\AppData\Roaming\CCekIBrzPyAuDo
c:\users\Adge Pro\AppData\Roaming\CCekIBrzPyAuDo\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\cD3onG4aQ
c:\users\Adge Pro\AppData\Roaming\IVOPci3GQs7qeBN
c:\users\Adge Pro\AppData\Roaming\iwwkUUeS49PbECN
c:\users\Adge Pro\AppData\Roaming\jZYkrNPci3G6KRh
c:\users\Adge Pro\AppData\Roaming\jZYkrNPci3G6KRh\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\mD2onF4am5
c:\users\Adge Pro\AppData\Roaming\mwjUCelIBzNc1v2
c:\users\Adge Pro\AppData\Roaming\n9hTXqjUClBzNc1
c:\users\Adge Pro\AppData\Roaming\n9hTXqjUClBzNc1\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\P8gTZqjYCkx0v2b
c:\users\Adge Pro\AppData\Roaming\P8gTZqjYCkx0v2b\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\pRL9gTXqj
c:\users\Adge Pro\AppData\Roaming\qXwkUVrlOtPuSiD
c:\users\Adge Pro\AppData\Roaming\qXwkUVrlOtPuSiD\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\TXI1FWTzupdXwUe
c:\users\Adge Pro\AppData\Roaming\TXI1FWTzupdXwUe\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\u0ucS1ibDpGaHdK
c:\users\Adge Pro\AppData\Roaming\UivD3onF4m6W7E9
c:\users\Adge Pro\AppData\Roaming\UivD3onF4m6W7E9\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\uqjYCwkIVzNx
c:\users\Adge Pro\AppData\Roaming\uqjYCwkIVzNx\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\VEK8gRZqh
c:\users\Adge Pro\AppData\Roaming\x0ucS2ibDpG
c:\users\Adge Pro\AppData\Roaming\x0ucS2ibDpG\AV Security 2012.ico
c:\users\Adge Pro\AppData\Roaming\YBxxP00ucS1bDpn
c:\users\Adge Pro\AppData\Roaming\Zn66ssfjzupdYlB
c:\windows\system\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 23:13 . 2011-11-23 23:16 -------- d-----w- c:\users\Adge Pro\AppData\Local\temp
2011-11-23 23:13 . 2011-11-23 23:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 21:19 . 2011-11-23 21:19 -------- d-----w- c:\program files\Antares Audio Technologies
2011-11-23 21:15 . 2003-06-20 18:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-15 03:15 . 2011-11-15 03:15 -------- d-----w- c:\users\Public\Waves Audio
2011-11-15 03:15 . 2011-11-15 03:20 -------- d-----w- c:\programdata\Waves Audio
2011-11-15 03:07 . 2011-11-23 20:34 -------- d-----w- c:\program files\WinPcap
2011-11-14 23:44 . 2011-11-15 03:17 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\Waves Audio
2011-11-14 21:38 . 2011-11-16 19:10 -------- d-----w- c:\users\Adge Pro\riotsGamesLogs
2011-11-14 21:38 . 2011-11-14 21:38 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\LolClient
2011-11-14 21:28 . 2011-11-14 21:28 162304 ----a-w- c:\windows\system32\ncusbw32.dll
2011-11-14 06:59 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-11-14 06:59 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-11-14 06:59 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-11-13 21:43 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 21:25 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-13 21:25 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-13 21:25 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-13 21:25 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-13 21:15 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-13 21:02 . 2011-11-13 21:02 -------- d-----w- c:\programdata\WindowsSearch
2011-11-13 20:46 . 2011-11-20 08:11 -------- d-----w- c:\users\Adge Pro\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 05:37 . 2009-10-19 19:32 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-11-13 20:43 . 2011-11-13 20:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\offreg.dll
2011-09-12 23:14 . 2011-09-28 04:45 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\mpengine.dll
2011-06-28 08:47 . 2011-03-24 21:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Akamai NetSession Interface"="c:\users\Adge Pro\AppData\Local\Akamai\netsession_win.exe" [2011-11-15 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn4x4.dll
"midi3"=KORGUMDD.DRV
"wave10"=Digi32.dll
"MIDI10"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2853530515-3039482369-3993899090-1000]
"EnableNotificationsRef"=dword:0000001f
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca52f2ba36a898;Google Update Service (gupdate1ca52f2ba36a898);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2009-10-15 22232]
R3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\DRIVERS\MRVW24B.sys [2007-10-29 310016]
R3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;c:\windows\system32\drivers\usb44ldr.sys [2009-11-07 16416]
R3 USBMN4X4;M-Audio USB MidiSport 4x4;c:\windows\system32\drivers\usbmn4x4.sys [2009-11-07 22304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2009-12-19 16400]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520]
S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2009-12-19 85008]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2009-12-19 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-19 21904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
necusb3 REG_MULTI_SZ necusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-22 c:\windows\Tasks\Norton Security Scan for Adge Pro.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-24 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adge Pro\AppData\Roaming\Mozilla\Firefox\Profiles\jb6npyyz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 18:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3224)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\AstSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system\svchost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-23 18:22:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 23:22
ComboFix2.txt 2011-11-21 07:09
ComboFix3.txt 2011-11-20 23:59
ComboFix4.txt 2011-11-20 22:56
.
Pre-Run: 32,173,502,464 bytes free
Post-Run: 32,121,303,040 bytes free
.
- - End Of File - - 72E45090A4AB4E73475D1D9E486D055D
#4
Posted 23 November 2011 - 07:48 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
#5
Posted 23 November 2011 - 08:09 PM

#6
Posted 23 November 2011 - 08:28 PM
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

And
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
------------------------------------------------------------
Microsoft MVP 2010-2014
#7
Posted 23 November 2011 - 10:15 PM
#8
Posted 23 November 2011 - 10:51 PM
Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
- Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
- Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
- Consider what other private information could possibly have been taken from your computer and take appropriate steps
If you wish to reformat then please let me know in your next response, I'll now continue with instructions.
Let's get and online scan:
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
------------------------------------------------------------
Microsoft MVP 2010-2014
#9
Posted 23 November 2011 - 11:09 PM
#10
Posted 24 November 2011 - 08:23 AM
Duh! Sorry about that. You are correct that you won't be able to do that.Can I do this scan on the infected computer using FF or IE as it still has no internet?
Please do this:
Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
Copy and Paste everything from the Quote box into Notepad:
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0 - Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:
- Double click fix.bat.
Your computer will reboot.
Let me know if you can connect to the internet now.
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#11
Posted 25 November 2011 - 01:46 AM
#12
Posted 25 November 2011 - 09:39 AM
------------------------------------------------------------
Microsoft MVP 2010-2014
#13
Posted 25 November 2011 - 03:34 PM
#14
Posted 25 November 2011 - 06:33 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
#15
Posted 25 November 2011 - 08:34 PM
ComboFix 11-11-19.04 - Adge Pro 11/25/2011 20:41:41.5.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.1484 [GMT -5:00]
Running from: c:\users\Adge Pro\Desktop\Combo-Fix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 01:43 . 2011-11-26 01:43 -------- d-----w- c:\users\Adge Pro\AppData\Local\temp
2011-11-26 01:43 . 2011-11-26 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 21:02 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 03:55 . 2011-11-24 03:55 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\Malwarebytes
2011-11-24 03:54 . 2011-11-24 03:54 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 23:03 . 2011-11-23 23:22 -------- d-----w- C:\Combo-Fix
2011-11-23 21:19 . 2011-11-23 21:19 -------- d-----w- c:\program files\Antares Audio Technologies
2011-11-23 21:15 . 2003-06-20 18:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-15 03:15 . 2011-11-15 03:15 -------- d-----w- c:\users\Public\Waves Audio
2011-11-15 03:15 . 2011-11-15 03:20 -------- d-----w- c:\programdata\Waves Audio
2011-11-15 03:07 . 2011-11-23 20:34 -------- d-----w- c:\program files\WinPcap
2011-11-14 23:44 . 2011-11-15 03:17 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\Waves Audio
2011-11-14 21:38 . 2011-11-16 19:10 -------- d-----w- c:\users\Adge Pro\riotsGamesLogs
2011-11-14 21:38 . 2011-11-14 21:38 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\LolClient
2011-11-14 21:28 . 2011-11-14 21:28 162304 ----a-w- c:\windows\system32\ncusbw32.dll
2011-11-14 06:59 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-11-14 06:59 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-11-14 06:59 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-11-13 21:43 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 21:25 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-13 21:25 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-13 21:25 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-13 21:25 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-13 21:15 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-13 21:02 . 2011-11-13 21:02 -------- d-----w- c:\programdata\WindowsSearch
2011-11-13 20:46 . 2011-11-20 08:11 -------- d-----w- c:\users\Adge Pro\AppData\Local\Akamai
2011-11-13 20:43 . 2011-11-13 20:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\offreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 05:37 . 2009-10-19 19:32 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-09-12 23:14 . 2011-09-28 04:45 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\mpengine.dll
2011-06-28 08:47 . 2011-03-24 21:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Akamai NetSession Interface"="c:\users\Adge Pro\AppData\Local\Akamai\netsession_win.exe" [2011-11-15 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn4x4.dll
"midi3"=KORGUMDD.DRV
"wave10"=Digi32.dll
"MIDI10"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2853530515-3039482369-3993899090-1000]
"EnableNotificationsRef"=dword:0000001f
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca52f2ba36a898;Google Update Service (gupdate1ca52f2ba36a898);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R2 MBAMService;MBAMService;h:\malwarebytes' anti-malware\mbamservice.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2009-10-15 22232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\DRIVERS\MRVW24B.sys [2007-10-29 310016]
R3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;c:\windows\system32\drivers\usb44ldr.sys [2009-11-07 16416]
R3 USBMN4X4;M-Audio USB MidiSport 4x4;c:\windows\system32\drivers\usbmn4x4.sys [2009-11-07 22304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2009-12-19 16400]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520]
S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2009-12-19 85008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2009-12-19 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-19 21904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
necusb3 REG_MULTI_SZ necusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-26 c:\windows\Tasks\Norton Security Scan for Adge Pro.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-24 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adge Pro\AppData\Roaming\Mozilla\Firefox\Profiles\jb6npyyz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware - h:\malwarebytes' anti-malware\mbamgui.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - h:\malwarebytes' anti-malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 20:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\ADGEPR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
Completion time: 2011-11-25 20:46:48
ComboFix-quarantined-files.txt 2011-11-26 01:45
ComboFix2.txt 2011-11-23 23:22
ComboFix3.txt 2011-11-21 07:09
ComboFix4.txt 2011-11-20 23:59
ComboFix5.txt 2011-11-26 01:40
.
Pre-Run: 28,964,532,224 bytes free
Post-Run: 28,926,943,232 bytes free
.
- - End Of File - - A68606D8671576718A7E7F7ACC430219
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users