Jump to content

Trojan (?) Added Virtual Network Adapters That Won't Delete


Recommended Posts

A drive-by from an unsavory site left this mess.

hardware.jpg

I can't delete any of these "virtual network adapters." I don't know if the computer is still infected or what. HELP!

Here is the dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Run by tree at 10:04:18 on 2012-04-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1400 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?complete=0

uWindow Title = Windows Internet Explorer provided by Comcast

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system\Userinit.exe,

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [systemTray] SysTray.Exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBIAEMANgBWAC0ATQBSADAAWABEAC0ARQA0ADQANwBSAC0ATQBWADQAQgAwAC0AUABUAFAASgBaAA"&"inst=NwA2AC0AOAA4ADAAMgAyADEAMwAzADQALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFgATwAzADYAKwAxAC0AVABCADkAKwAyAC0ATgAxAEQAKwAxAC0AUABMACsAOQAtAFIARQA0ADUAKwAxADEALQBEAEQAVAArADQANwA4ADQALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBVADkANQArADEALQBUAEIAKwAxAC0ARgBVAEkAKwAyAC0AUAA5ADAAVABCACsAMgA"&"prod=94"&"ver=9.0.894

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

uPolicies-explorer: <NO NAME> = 00000000

uPolicies-explorer: NoCustomizeWebView = 1 (0x1)

uPolicies-explorer: EditLevel = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

Trusted Zone: turbotax.com

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab

DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/event/ieatgpc.cab

TCP: Interfaces\{5DD2785C-C00C-423C-B3DA-8057934EBCE5} : DhcpNameServer = 68.87.77.130 68.87.72.130

TCP: Interfaces\{65C1EC92-6DBE-4C58-B40E-52C9C6025A9B} : DhcpNameServer = 68.87.77.130 68.87.72.130

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msimn.inf,User.Install

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msimn.inf,user.install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

.

============= SERVICES / DRIVERS ===============

.

R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2008-3-24 102912]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-9-16 8576]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-5-13 12672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-29 652360]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-29 20464]

S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v2.6.53\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v2.6.53\ati tray tools\atitray.sys [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-26 30312]

S3 cpuz134;cpuz134;\??\c:\docume~1\tree\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\tree\locals~1\temp\cpuz134\cpuz134_x32.sys [?]

S3 SamsonLLDriver;Samson LL Driver;c:\windows\system32\drivers\SamsonLLDriver.sys [2006-12-12 56832]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-26 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-26 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-26 121576]

S3 SWWDM_multi;Samson Audio (WDM);c:\windows\system32\drivers\SWAudWDM.sys [2006-12-12 25088]

S4 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\pci latency tool 3\LtcyCfgSvc.exe [2005-12-26 5120]

.

=============== Created Last 30 ================

.

2012-03-19 12:16:56 -------- d-----w- c:\program files\VideoLAN

2012-03-11 12:07:22 -------- d-sh--w- c:\documents and settings\tree\IECompatCache

.

==================== Find3M ====================

.

.

============= FINISH: 10:05:22.35 ===============

attach.txt

Link to post
Share on other sites

  • 1 month later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.