bensonit
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bensonit
-
-
Having issues with connecting to websites when my laptop connects to a wireless network. Issue seems to have started after a virus had infected my anti-virus program and others on the laptop. Have done mutltiple virus scans with ESET EndPoint Anti-Virus and they have found nothing, tried to run MalWare Bytes to see if there was anything that would be picked up and nothing either. I am at a loss, this is the only laptop that can connect to the DAP 1360 wireless extender without being able to navigate to any websites. I have attached the DDS and attach files to this post.attach.txtdds.txt
Cannot connect to any websites when connecting wirelessly after virus issues
in Resolved Malware Removal Logs
Posted
I have completed the scan and here is the result, first is the dds log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dan Martell at 15:07:45 on 2013-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2438 [GMT -5:00]
.
AV: Advanced Antispyware Solution *Enabled/Updated* {92FF9ED9-4796-4037-A93D-E8AE9F61EDF1}
AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Advanced Antispyware Solution *Enabled*
.
============== Running Processes ================
.
C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Teamviewer\Version6\TeamViewer_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Teamviewer\Version6\TeamViewer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\Teamviewer\Version6\tv_w32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.apkgroup.com/webshare/ApexSites/Apex Internet Sites.htm
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\dan martell\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [bginfo] c:\windows\system32\bginfo\bginfo.exe c:\windows\system32\bginfo\logon.bgi /timer:0 /nolicprompt /silent
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-DisallowRun: 0 = msseces.exe
uPolicies-DisallowRun: 1 = MSASCui.exe
uPolicies-DisallowRun: 4 = avgnt.exe
uPolicies-DisallowRun: 5 = avcenter.exe
uPolicies-DisallowRun: 6 = avscan.exe
uPolicies-DisallowRun: 7 = avgfrw.exe
uPolicies-DisallowRun: 8 = avgui.exe
uPolicies-DisallowRun: 9 = avgtray.exe
uPolicies-DisallowRun: 10 = avgscanx.exe
uPolicies-DisallowRun: 11 = avgcfgex.exe
uPolicies-DisallowRun: 12 = avgemc.exe
uPolicies-DisallowRun: 13 = avgchsvx.exe
uPolicies-DisallowRun: 14 = avgcmgr.exe
uPolicies-DisallowRun: 15 = avgwdsvc.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globemar.webex.com/client/T27LC/webex/ieatgpc.cab
TCP: NameServer = 216.129.193.16 206.191.0.210 209.87.239.20
TCP: Interfaces\{6AEEBE7C-94E1-4ACA-A141-FC002F041692} : DHCPNameServer = 216.129.193.16 206.191.0.210 209.87.239.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-29 123760]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-29 107280]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-2 217088]
R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2012-7-4 999704]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-2 112696]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2367360]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-10-16 9472]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2010-2-2 36188]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2012-7-4 183944]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 174592]
S3 ucgnm;BUFFALO WLI-UC-GNM Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnm.sys [2010-7-6 826752]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-29 81192]
.
=============== Created Last 30 ================
.
2013-01-04 19:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-04 19:28:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 19:28:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-03 20:23:14 -------- d-----w- C:\Virus
2013-01-03 16:29:58 -------- d-----w- C:\Drivers
2013-01-03 15:32:56 -------- d-----w- c:\program files\ESET
2013-01-03 15:24:38 353707 ----a-w- C:\MonthlyCD.exe
2013-01-03 14:22:42 -------- d-----w- c:\windows\system32\driver
2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-03 14:06:15 -------- d-----w- c:\program files\SonicWALL
2013-01-03 14:06:15 -------- d-----w- c:\program files\common files\Deterministic Networks
2013-01-03 14:05:17 -------- d-sh--w- c:\documents and settings\dan martell\application data\Advanced Antispyware Solution
2013-01-03 14:05:17 -------- d-----w- c:\windows\system32\URTTEMP
2013-01-03 14:05:16 -------- d-----w- c:\windows\LastGood(2)
2013-01-02 21:22:37 -------- d-----w- C:\RECYCLER(2)
2012-12-21 19:22:50 -------- d-----w- c:\program files\BUFFALO
2012-12-21 16:54:09 -------- d-----w- c:\documents and settings\dan martell\local settings\application data\Mozilla
2012-12-21 16:54:01 -------- d-----w- c:\program files\Mozilla Firefox(2)
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:08:33.92 ===============
Next is the MBAM Log file:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
1/4/2013 2:55:40 PM
mbam-log-2013-01-04 (14-55-40).txt
Scan type: Quick Scan
Objects scanned: 99594
Time elapsed: 5 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
I have MBAM 3 times and each time came back with the same 2 files. They related to the ESET anti-virus on the PC, but the anti-virus is still working. Not sure if those files are related to the system restore that was done as of yesterday to fix another issue.