Jump to content

Windows 7 - Can ping IPs, not domain names


Cronyx
 Share

Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Fixing this computer for someone else. It was an absolute mess, been working on it for hours. Had a rootkit but that's gone, and some other stuff, also gone. To save time, here's what I've already run through:

Combofix

TDSSkiller

Tweaking.com AIO

Hitman

Emsisoft Emergency Kit

MBAM

MSSE

Super

ESET

Now for manual things I've done, I did the 0xA0 to 0X80 trick in nettcpip.inf to invalidate the driver signing on the IPv4 protocol in the TCP/IP stack and let me uninstall/reinstall it. Deleted the following reg keys before reinstalling:

HKLM/system/CurrentControlSet/services/tcpip

HKLM/system/CurrentControlSet/services/dhcp

HKLM/system/CurrentControlSet/services/dnscache

HKLM/system/CurrentControlSet/services/ipsec

HKLM/system/CurrentControlSet/services/policyagent

HKLM/system/CurrentControlSet/services/atmarpc

HKLM/system/CurrentControlSet/services/nla

HKLM/system/CurrentControlSet/services/winsock

HKLM/system/CurrentControlSet/services/winsock2

That got me a little closer, but was still having problems. Wasn't able to get an IP address with DHCP leasing from the router, had to manually assign one, with gateway, subnet, DNS, etc. But I could browse if I did that. Wasn't fixed *right* though so I kept going.

Did an sfc /verifyonly, took the log file and ran it through a "findstr" looking for the "[sR]" string and dumped that to an other file to make it more manageable. Found some files it was hanging on, replaced afd.sys, netbt.sys, and tcpip.sys.

RPC service wasn't available. Turns out DHCP wasn't turning on, threw a file not found error with net start dhcp. Tracked that down, and DNScache, using FSS (Fubar Service Scanner) to missing reg keys. Copied them from a working Win 7 machine and imported them over here with a flash drive.

Ran FSS again, and this time no errors, but the odd thing is, it reports that google and yahoo are both accessible by IP and by name. Well, it got the IP part right.

So where am I right now...

DHCP is working again. I am being issued a leased IP address, gateway and subnet are autodetecting. However even though FSS says google.com and yahoo.com are accessable, they aren't. Can't ping them, nslookup or tracert. Can load pages just fine through any browser if I load the IP address, but clicking on any links (obviously) fails unless those links are IP based.

I wish I had saved any of the logs *during* all this, sorry. All the logs now are clean, including sfc /verifyonly's CBS.log, hijackthis, combofix, and all malware tools I run now also come up clean (though I can't update any of them anymore).

I've tried different NICs, and even easytether to my android. The same symptoms are across all adapters. Even uninstalled and reinstalled IPv4 again. (Oh, I also set the 0x08 back to 0xa8, so the certificate is back)

Also tried the obvious things like ipconfig /release, /flushdns, /registerdns, /renew, etc, and have tried google's 8.8.8.8 and 8.8.4.4. Nothing. I'm convinced it isn't anything viral related anymore; that dragon is dead, it's just a matter of cleaning up its corpse. I think I'm just tired and missing a setting some where.

Anyway, here's this.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:06:57 PM, on 9/6/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

O4 - HKLM\..\Run: [util] C:\Windows\system32\Util.exe

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe

O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CD93B23-33FF-4B59-A25D-0DD6812478B1} (Manheim Media Player) - https://simulcast.manheim.com/simulcast_docs/av/ManheimAVPlugin2-win-ie.cab

O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll

O16 - DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} (Simulcast Plugin (ActiveX) v1) - https://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.ove.com/plugin_assets/aurigma/ImageUploader5.cab

O16 - DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} (laiExcuter Class) - http://adus1.liveblockauctions.com/container_repository/laiexec.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7037A3-5F8E-4486-B561-71302F272547}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: U2VSvr - Unknown owner - C:\Windows\system32\U2VSvr.exe

--

End of file - 5976 bytes

Farbar Service Scanner Version: 06-08-2012

Ran by Owner (administrator) on 06-09-2012 at 21:09:09

Running from "E:\Triage\Farbar Service Scanner"

Microsoft Windows 7 Professional Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

And here's this too.

ComboFix 12-09-06.02 - Owner 09/06/2012 22:09:45.3.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1394 [GMT -5:00]

Running from: c:\temp\triage\Armoury\ComboFix\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))

.

.

2012-09-07 03:13 . 2012-09-07 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-07 03:06 . 2012-09-07 03:06 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-07 03:06 . 2012-09-07 03:06 -------- d-----w- c:\program files\Trend Micro

2012-09-07 00:03 . 2012-09-07 00:31 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-09-06 17:38 . 2012-09-06 17:38 302592 ----a-w- C:\0uodmh5o.exe

2012-09-06 16:29 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9EE9AE63-0285-46B2-AB02-BC8B4B329D58}\mpengine.dll

2012-09-06 16:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-09-06 16:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-06 14:22 . 2012-09-06 14:22 -------- d-----w- c:\program files\ESET

2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\program files\Combined Community Codec Pack

2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\windows\system32\Adobe

2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\program files\Common Files\Java

2012-09-06 14:18 . 2012-09-06 14:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-06 14:17 . 2012-09-06 14:17 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-09-06 14:14 . 2012-09-06 14:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-06 14:14 . 2012-09-06 14:17 -------- d-----w- c:\program files\Java

2012-09-06 14:11 . 2012-09-06 14:11 -------- d-----w- c:\programdata\McAfee

2012-09-05 21:59 . 2012-09-05 21:59 -------- d-----w- c:\programdata\Dell

2012-09-05 21:48 . 2012-09-05 21:49 -------- d-----w- c:\programdata\HitmanPro

2012-09-05 21:48 . 2012-09-05 21:48 -------- d-----w- c:\programdata\Hitman Pro

2012-09-05 21:30 . 2011-02-18 04:47 66112 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-09-05 21:30 . 2010-12-21 05:55 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2012-09-05 21:30 . 2010-12-21 05:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-09-05 21:26 . 2012-09-05 21:26 -------- d-----w- c:\programdata\Samsung

2012-09-05 21:25 . 2012-09-06 16:12 -------- dc----w- c:\windows\system32\DRVSTORE

2012-09-05 20:39 . 2008-05-08 03:03 303616 ----a-w- C:\SetACL.exe

2012-09-05 20:29 . 2004-06-11 21:33 290304 ----a-w- C:\subinacl.exe

2012-09-05 20:28 . 2012-09-07 00:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-09-05 20:19 . 2012-09-07 03:15 -------- d-----w- c:\users\Owner\AppData\Local\temp

2012-09-05 15:45 . 2012-09-05 15:45 -------- d-----w- c:\programdata\PC-Doctor for Windows

2012-08-29 16:02 . 2012-08-29 16:02 3993600 ----a-w- c:\program files\GUT8102.tmp

2012-08-29 15:52 . 2012-08-29 15:55 -------- d-----w- c:\users\Owner\AppData\Local\Google

2012-08-29 15:52 . 2012-08-29 15:59 -------- d-----w- c:\program files\Google

2012-08-22 21:01 . 2012-08-22 21:01 63120 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}\ARPPRODUCTICON.exe

2012-08-22 21:01 . 2012-09-05 21:44 -------- d-----w- c:\users\Owner\AppData\Local\DIRECTV Player

2012-08-22 20:58 . 2012-09-06 14:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-16 03:11 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 03:11 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 03:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 03:11 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 03:11 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 03:11 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-16 03:11 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-06 14:17 . 2010-12-23 17:40 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-06 14:17 . 2011-06-04 18:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCShowServer"="c:\users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-08-16 524976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"Util"="c:\windows\system32\Util.exe" [2009-08-26 189816]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]

"Whitney2_S2P"="c:\program files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe" [2006-12-12 274432]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-02 520192]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 T1PExGrp;T1PExGrp;c:\windows\system32\DRIVERS\T1PExGrp.sys [x]

R3 T1PMrGrp;T1PMrGrp;c:\windows\system32\DRIVERS\T1PMrGrp.sys [x]

R3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\temp\triage\Armoury\Emsisoft Emergency Kit\Run\a2ddax86.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]

S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 U2VSvr;U2VSvr;c:\windows\system32\U2VSvr.exe [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 14:17]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DA7037A3-5F8E-4486-B561-71302F272547}: NameServer = 8.8.8.8,8.8.4.4

DPF: {0CD93B23-33FF-4B59-A25D-0DD6812478B1} - hxxps://simulcast.manheim.com/simulcast_docs/av/ManheimAVPlugin2-win-ie.cab

DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab

DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveblockauctions.com/container_repository/laiexec.cab

.

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\MTri1+.exe

c:\users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

c:\windows\system32\conhost.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-09-06 22:19:28 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-07 03:19

ComboFix2.txt 2012-09-06 19:37

ComboFix3.txt 2012-09-05 20:19

.

Pre-Run: 128,856,731,648 bytes free

Post-Run: 128,431,730,688 bytes free

.

- - End Of File - - 0228F139191D524823274EC48F195D69

Goin to bed, will check back tomorrow. Thanks guys. o/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.