Jump to content

bensonit

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by bensonit

  1. I have completed the scan and here is the result, first is the dds log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Dan Martell at 15:07:45 on 2013-01-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2438 [GMT -5:00] . AV: Advanced Antispyware Solution *Enabled/Updated* {92FF9ED9-4796-4037-A93D-E8AE9F61EDF1} AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Advanced Antispyware Solution *Enabled* . ============== Running Processes ================ . C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Teamviewer\Version6\TeamViewer_Service.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Teamviewer\Version6\TeamViewer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Skype\Phone\Skype.exe c:\program files\teamviewer\version6\TeamViewer_Desktop.exe C:\Program Files\Teamviewer\Version6\tv_w32.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.apkgroup.com/webshare/ApexSites/Apex Internet Sites.htm BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [cdloader] "c:\documents and settings\dan martell\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [bginfo] c:\windows\system32\bginfo\bginfo.exe c:\windows\system32\bginfo\logon.bgi /timer:0 /nolicprompt /silent mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisallowRun = dword:1 uPolicies-DisallowRun: 0 = msseces.exe uPolicies-DisallowRun: 1 = MSASCui.exe uPolicies-DisallowRun: 4 = avgnt.exe uPolicies-DisallowRun: 5 = avcenter.exe uPolicies-DisallowRun: 6 = avscan.exe uPolicies-DisallowRun: 7 = avgfrw.exe uPolicies-DisallowRun: 8 = avgui.exe uPolicies-DisallowRun: 9 = avgtray.exe uPolicies-DisallowRun: 10 = avgscanx.exe uPolicies-DisallowRun: 11 = avgcfgex.exe uPolicies-DisallowRun: 12 = avgemc.exe uPolicies-DisallowRun: 13 = avgchsvx.exe uPolicies-DisallowRun: 14 = avgcmgr.exe uPolicies-DisallowRun: 15 = avgwdsvc.exe mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globemar.webex.com/client/T27LC/webex/ieatgpc.cab TCP: NameServer = 216.129.193.16 206.191.0.210 209.87.239.20 TCP: Interfaces\{6AEEBE7C-94E1-4ACA-A141-FC002F041692} : DHCPNameServer = 216.129.193.16 206.191.0.210 209.87.239.20 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: AlphaAV - svchost.exe IFEO: AlphaAV.exe - svchost.exe IFEO: Anti-Virus Professional.exe - svchost.exe IFEO: AntispywarXP2009.exe - svchost.exe IFEO: AntivirusPro_2010.exe - svchost.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-29 123760] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-29 107280] R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-2 217088] R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2012-7-4 999704] R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-2 112696] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2367360] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-10-16 9472] R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2010-2-2 36188] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?] S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2012-7-4 183944] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 174592] S3 ucgnm;BUFFALO WLI-UC-GNM Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnm.sys [2010-7-6 826752] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-29 81192] . =============== Created Last 30 ================ . 2013-01-04 19:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-04 19:28:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 19:28:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 20:23:14 -------- d-----w- C:\Virus 2013-01-03 16:29:58 -------- d-----w- C:\Drivers 2013-01-03 15:32:56 -------- d-----w- c:\program files\ESET 2013-01-03 15:24:38 353707 ----a-w- C:\MonthlyCD.exe 2013-01-03 14:22:42 -------- d-----w- c:\windows\system32\driver 2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\Repository 2013-01-03 14:06:15 -------- d-----w- c:\program files\SonicWALL 2013-01-03 14:06:15 -------- d-----w- c:\program files\common files\Deterministic Networks 2013-01-03 14:05:17 -------- d-sh--w- c:\documents and settings\dan martell\application data\Advanced Antispyware Solution 2013-01-03 14:05:17 -------- d-----w- c:\windows\system32\URTTEMP 2013-01-03 14:05:16 -------- d-----w- c:\windows\LastGood(2) 2013-01-02 21:22:37 -------- d-----w- C:\RECYCLER(2) 2012-12-21 19:22:50 -------- d-----w- c:\program files\BUFFALO 2012-12-21 16:54:09 -------- d-----w- c:\documents and settings\dan martell\local settings\application data\Mozilla 2012-12-21 16:54:01 -------- d-----w- c:\program files\Mozilla Firefox(2) . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 15:08:33.92 =============== Next is the MBAM Log file: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 1/4/2013 2:55:40 PM mbam-log-2013-01-04 (14-55-40).txt Scan type: Quick Scan Objects scanned: 99594 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) I have MBAM 3 times and each time came back with the same 2 files. They related to the ESET anti-virus on the PC, but the anti-virus is still working. Not sure if those files are related to the system restore that was done as of yesterday to fix another issue.
  2. Having issues with connecting to websites when my laptop connects to a wireless network. Issue seems to have started after a virus had infected my anti-virus program and others on the laptop. Have done mutltiple virus scans with ESET EndPoint Anti-Virus and they have found nothing, tried to run MalWare Bytes to see if there was anything that would be picked up and nothing either. I am at a loss, this is the only laptop that can connect to the DAP 1360 wireless extender without being able to navigate to any websites. I have attached the DDS and attach files to this post.attach.txtdds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.