Jump to content

Cannot connect to any websites when connecting wirelessly after virus issues


Recommended Posts

Having issues with connecting to websites when my laptop connects to a wireless network. Issue seems to have started after a virus had infected my anti-virus program and others on the laptop. Have done mutltiple virus scans with ESET EndPoint Anti-Virus and they have found nothing, tried to run MalWare Bytes to see if there was anything that would be picked up and nothing either. I am at a loss, this is the only laptop that can connect to the DAP 1360 wireless extender without being able to navigate to any websites. I have attached the DDS and attach files to this post.attach.txtdds.txt

Link to post
Share on other sites

Hello bensonit and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

I have completed the scan and here is the result, first is the dds log:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Dan Martell at 15:07:45 on 2013-01-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2438 [GMT -5:00]

.

AV: Advanced Antispyware Solution *Enabled/Updated* {92FF9ED9-4796-4037-A93D-E8AE9F61EDF1}

AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Advanced Antispyware Solution *Enabled*

.

============== Running Processes ================

.

C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Teamviewer\Version6\TeamViewer_Service.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Teamviewer\Version6\TeamViewer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Skype\Phone\Skype.exe

c:\program files\teamviewer\version6\TeamViewer_Desktop.exe

C:\Program Files\Teamviewer\Version6\tv_w32.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.apkgroup.com/webshare/ApexSites/Apex Internet Sites.htm

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\dan martell\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [bginfo] c:\windows\system32\bginfo\bginfo.exe c:\windows\system32\bginfo\logon.bgi /timer:0 /nolicprompt /silent

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: DisallowRun = dword:1

uPolicies-DisallowRun: 0 = msseces.exe

uPolicies-DisallowRun: 1 = MSASCui.exe

uPolicies-DisallowRun: 4 = avgnt.exe

uPolicies-DisallowRun: 5 = avcenter.exe

uPolicies-DisallowRun: 6 = avscan.exe

uPolicies-DisallowRun: 7 = avgfrw.exe

uPolicies-DisallowRun: 8 = avgui.exe

uPolicies-DisallowRun: 9 = avgtray.exe

uPolicies-DisallowRun: 10 = avgscanx.exe

uPolicies-DisallowRun: 11 = avgcfgex.exe

uPolicies-DisallowRun: 12 = avgemc.exe

uPolicies-DisallowRun: 13 = avgchsvx.exe

uPolicies-DisallowRun: 14 = avgcmgr.exe

uPolicies-DisallowRun: 15 = avgwdsvc.exe

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globemar.webex.com/client/T27LC/webex/ieatgpc.cab

TCP: NameServer = 216.129.193.16 206.191.0.210 209.87.239.20

TCP: Interfaces\{6AEEBE7C-94E1-4ACA-A141-FC002F041692} : DHCPNameServer = 216.129.193.16 206.191.0.210 209.87.239.20

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: AlphaAV - svchost.exe

IFEO: AlphaAV.exe - svchost.exe

IFEO: Anti-Virus Professional.exe - svchost.exe

IFEO: AntispywarXP2009.exe - svchost.exe

IFEO: AntivirusPro_2010.exe - svchost.exe

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-29 123760]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-29 107280]

R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-2 217088]

R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2012-7-4 999704]

R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-2 112696]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2367360]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-10-16 9472]

R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2010-2-2 36188]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2012-7-4 183944]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]

S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]

S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 174592]

S3 ucgnm;BUFFALO WLI-UC-GNM Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnm.sys [2010-7-6 826752]

S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-29 81192]

.

=============== Created Last 30 ================

.

2013-01-04 19:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-04 19:28:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-04 19:28:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-03 20:23:14 -------- d-----w- C:\Virus

2013-01-03 16:29:58 -------- d-----w- C:\Drivers

2013-01-03 15:32:56 -------- d-----w- c:\program files\ESET

2013-01-03 15:24:38 353707 ----a-w- C:\MonthlyCD.exe

2013-01-03 14:22:42 -------- d-----w- c:\windows\system32\driver

2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-03 14:06:15 -------- d-----w- c:\program files\SonicWALL

2013-01-03 14:06:15 -------- d-----w- c:\program files\common files\Deterministic Networks

2013-01-03 14:05:17 -------- d-sh--w- c:\documents and settings\dan martell\application data\Advanced Antispyware Solution

2013-01-03 14:05:17 -------- d-----w- c:\windows\system32\URTTEMP

2013-01-03 14:05:16 -------- d-----w- c:\windows\LastGood(2)

2013-01-02 21:22:37 -------- d-----w- C:\RECYCLER(2)

2012-12-21 19:22:50 -------- d-----w- c:\program files\BUFFALO

2012-12-21 16:54:09 -------- d-----w- c:\documents and settings\dan martell\local settings\application data\Mozilla

2012-12-21 16:54:01 -------- d-----w- c:\program files\Mozilla Firefox(2)

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 15:08:33.92 ===============

Next is the MBAM Log file:

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

1/4/2013 2:55:40 PM

mbam-log-2013-01-04 (14-55-40).txt

Scan type: Quick Scan

Objects scanned: 99594

Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

I have MBAM 3 times and each time came back with the same 2 files. They related to the ESET anti-virus on the PC, but the anti-virus is still working. Not sure if those files are related to the system restore that was done as of yesterday to fix another issue.

Link to post
Share on other sites

The malware set restrictions every time. There is something that MBAM missed.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.